PBR Failure or something I don't understand

Started by NugentS, May 26, 2023, 02:50:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 26, 2023, 02:50:03 PM Last Edit: May 26, 2023, 02:52:35 PM by NugentS
Hi All,
This used to work. I upgraded the firewall to 23.1.7_3 and have since noticed that my PBR isn't working any longer. Note that I cannot say it was working just before I upgraded the firewall - its just that I now noticed it no longer works.

Some details:

  • LAN: 192.168.38.0
  • WAN: Is a PPoE Interface with a fixed IP
  • VPN: I have 3 OpenVPN connection to a VPN Provider. These are up and working
                The 3 VPN Gateways are grouped into VPN_GW_Grp which prioritises each GW into different tiers
                So in practise I only use 1GW, with the others only if the first fails.
                A little overkill - but I was playing
  • Rules: LAN: I have a rule under LAN: * * * * VPN_GW_Grp * which should force all traffic from the LAN to the VPN Gateway (PBR)
                  This has a Local Tag of "VPN Only"
                  This was (subject to testing) set to a source of set of hosts on my LAN
                  Floating: A Kill Switch Rule set to block Tag matched traffic from exiting the default gateway
                  LAN: A PBR bypass rule: "LAN Net" * 192.168.38.0/24 * * * - this is to solve a TrueNAS Scale routing issue

The PBR isn't working, and neither is the Kill Switch.
I was flailing around changing the VPN Gateway to a specific gateway (for testing) - and it briefly worked - but very shortly stopped working again.

I don't see whats going on - anyone have any ideas? I will provide what information I can on request



Print
Go Up Pages1
User actions