PFsense at home - WFH VPN, No internet

Hello everyone, I’ve been struggling with a specific issue at home that has something to do with PFsense but I cannot figure it out. Having watched Tom and his show, I was hoping that maybe I would find something here that would lead me to resolving this problem.

What’s occurring:
When I have PFsense installed in my home (instead of my TPLink Router) my wife, when she connects to her Citrix Gateway VPN connection for work, everything establishes at it should but her local internet drops and says “Not Connected”. This results in certain web based traffic not working for her job.

Before PFsense:
I had a TPLink Archer C3200 router installed and everything worked perfectly fine. Our setup is as basic as it gets. Modem → Router → users. No VLANs, no additional policies.

Her work laptop connects to the home network via wireless.

With PFsense:
I repurposed an old Sophos SG135 and installed PFsense on it. I have PFsense doing DHCP and acting as the DNS resolver.

I have no other firewall rules or policy changes, nothing additional done to the software or configuration aside from the DHCP scope and DNS resolver IPs.

When she connects to Citrix Gateway she is handed the following VPN IP.
Local wireless IP is in the 192.168.1.0/24 range.
Her work VPN hands her a 10.0.0.0/20,

I have recently looked at route print when she is connected via the TP Link router and after with PFsense but the route table looks the same.

I have tried to look at PFsense to see if I can identify what is happening but I haven’t been able to identify it.

One suggestion that I was told was to look at setting PFsense to Hybrid outbound NAT with a rule for for the laptop IP so that the ports don’t randomize, but it doesn’t seem to help. I have tried one static rule for the laptop local IP 192.168.1.90 and then I tried a static rule for the 10.0.0.0/20 network, which didn’t work.

From what I understand is that PFsense randomizes outgoing ports, different than what TP Link device would do but trying to set the outbound static port rule didn’t seem to help (Unless I did it wrong).

I realize what the employer has setup is split tunneling for the VPN Client. I cannot make any modifications to the network settings on the work laptop so I’m trying to figure out why PFsense would be causing this.

As a separate test, I removed PFsense and setup my Ubiquiti USG firewall to see if her connection would work but unfortunate its the same thing.

I realize that these firewalls are more secure than the basic TPLink router but I just can’t narrow this down and not sure what to look at.

That is odd, could try tuning on UPNP in pfsense.

Thank you, I tried it but didn’t seem to help.

Thank you, I just tried this and what we found was that upon establishing the VPN tunnel with citrix, the internet dropped but my wife noticed that it re-connected shortly after and it has stayed up longer than our previous tests.

We will continue to do some tests and I will check to see how PFsense logging looks.

What packages do you have installed in your pfsense? Also when you perform the traceroute going to a network of your wife’s work and a network going to public internet. Did the traffic took the same route or did it route differently? When connected to Citrix VPN when pinging a public website name vs public website IP address which one fails or both fails?