I applied the 2.5.1 update for pfSense this morning. It looks like the port forwarding on 80 and 443 aren’t working properly anymore. Those are pointed at Nginx for proxying to different services. Those services are reachable from LAN but not WAN. So I’m assuming the Nginx box isn’t the issue. Firewall logs say they are passing the 443 traffic when I try to hit something from WAN, but the page never loads. Plex is reachable from WAN on its port. So the problem doesn’t seem to be NAT as a whole. I’m at a loss as to where the issue is and how to find it. Does anyone have an idea?
Looks like I’m not the only one having the issue. The 10 or so most recent posts in the NAT section are having similar issues. I haven’t found a solution yet. I’m debating on trying to downgrade to 2.5.0.
I found the solution. It seems like a bug that was introduced with 21.02 that I didn’t have in 2.5.0 was now pushed out to CE with 2.5.1, at least that’s the way I’m reading it.
The solution was to go into the OpenVPN client config and check this box. 
Now NAT is working properly as the outbound replies are being routed to WAN where they came in instead of getting pushed out the VPN tunnel.
This is the post that helped me of anyone wants the broader context.
Edit: the regression introduced in 2.5.1 is #11805
2 Likes
Had the same issues after upgrading from 2.4.5_1 to 2.5.1
Thanks for point this out and posting a fix
1 Like
Did an upgrade from 2.4.5 to 2.5.1 with OpenVPN clients and servers, all performing as before, no problems after 24 hours.