As I understand it that used to be the case, no way to kill the states that selectively, and that's why it behaves as it does. However I believe current versions of pf can in fact do that so it may be possible to do exactly that now.

I have this issue myself. My backup WAN is data limited so I can't have connections using it continually after my main WAN glitches. Most traffic will fail back naturally as TCP connections close it's only really persistent UDP traffic that gets 'stuck', so VoIP and VPNs. My own WAN is good enough that I just don't failover that traffic but I understand that for many those are the most important connections.
That said if it did just kill everything on the backup WAN when the main WAN comes bacl up it would needlessly interrupt that traffic. A cron-job that kills traffic on the backup WAN that runs at some off-peak time might be better.

Steve

You should probably open a ticket with us here for that if you have not already: https://go.netgate.com

Steve

The hand made querier work perfectly.
We have the same comportment and the same result with the querier implemented in the L3 switch: All the multicast traffic is sended to the querier (so the implementation written by netgear for his own switches).

When I created the topic I did not know that.

It's been years since we've been working like this before going to a pfsense firewall and pointing that out, our previous firewall did not have such advanced statistics. So I never thought that the problem could come from the querier himself.

Bad stuff basically any of those sites that are blacklisted or anything trump :)
Figured there was a plugin for it but iam somewhat out of date on my pfsense.

Yeah the caching was after though for system items to the equipment.
Even if i do get around to it the size would be minimal.

We use zfs on our server so was figuring on that and though we don't get a lot of blackouts we had one Monday that was nearly two hours so figured its a good time to install something that well kick back in without user input needed.

We have a Asus AC86U which works great using Merlin's firmware but dual wan always been a mess on commercial routers.

Thanks for the input. :)

Thanks for your answers, is a particular problem between chrome remote desktop and proxies. I changed the chrome remote desktop for other remote and free app and works well.

Thanks for the replay. will come with genuine one soon.

I was having problems with the last video because it was requiring me to upload a config file, however now, I installed OpenWRT on it, and I think there has to be a way now to configure the device manually. I am really looking into this now.

That sounds like a great option. Interested to know how it works out. That's a pretty flexible little box. Not bad for the price.

Never tried it yet.

There is although i like to avoid mixing different card/chipsets to avoid points of failure.

I fully understand the Intel point of view as everything built basically onto the card and not past off to the driver.

Presently our Ac86U is running fine and Merlin custom firmware is great but Asus never got dual wan to work correctly in its firmware on any of its router models.

That seems like a hardware or maybe bios bug

its a old Atom 64bit system but was going fine till this ue1 took over

The purpose of that check is to prevent it booting to a broken system.

yeh yo're right in this case ue0 often wasnt loading at all so no point continuing

If the gateway the IPSec tunnel is on changes state, yes, there are scripts that are triggered to restart IPSec. rc.newwanip will probably be triggered if you have a dhcp or ppp WAN.

Steve

yes ! good work, Luckily it was only a software problem

@tman222 Yes your experience helps. Thank you