@cust
You don't need to wait anything.
You can apply this patch via system patches package, just use commit id 62b1bc8b4b2606d3b20a48a853ef373ff1d71e26

Resolved by implementing BGP peering over IPSEC.

Thanks again for the video. It solved my problem.

If anyone bumps into this thread in the future, the static route showed in a screenshot above here was correct, however here's what I did wrong:

On site2 I had set "IPv4 Upstream gateway" in the interface config to the gateway on site1. This makes pfsense NAT the traffic instead of routing it. Here's a timestamped link to the video where this is explained.

I really wish I could do the same here. I get some false positive failovers because the single IP monitor becomes offline, but the gateway is working fine...

Gateway 1 monitor 8.8.8.8
Gateway 1 monitor 1.1.1.1

Gateway 2 monitor 8.8.4.4
Gateway 2 monitor 1.0.0.1

Gateway 3

Then prioritize them and route following this order.

OK, I think I just figured it out!! I didn't have the subnet enabled. Not sure how it happened, but it now seems to be working. I can open the printer's web page!!

Now I can revisit things.

Do you see errors on the parent interface?

You can try the dtrace commands shown in this thread and see if you're hitting some error other than 55 (no buffers).

@4o4rh i am struggling to get policy based routing working on truenas scale.
either i get the situation where non-media vlans can access the jellyfin server on the media vlan (but then the truenas/smb vlan is not accessible, or the truenas/smb vlan is accessible by not the jellyfin vlan (other than from a device on the vlan).

It both cases the non-accessible vlan is appearing on the wrong pfsense interface.

so, it seems truenas is returning via the default route rather than the desired return route

Ignore this

For anyone maybe suffering with similar issues, I went through the guide again and realised I'd forgotten to update the Port VID under Interfaces > Switch > Ports as well as updating the VLAN Tag under Interfaces > Switch > VLANs

Once that was done it got an IP and I could use it as a WAN port.

I add a consideration.

Currently the workaround of changing the global Firewall State Policy has worked, but can it have negative impacts on other things?

It would be nice to have an overall solution to the problem on OpenVPN, maybe with an option like it was done for IPSec. 😊

Bye,
Edo

@Troutpocket Might be worth checking if there are any rules or NAT settings on WAN2 that block access when it’s not the active gateway. Also, could be a policy routing issue — maybe the replies aren’t going out the same way they came in?

Enabling logging or packet captures on the firewall might give some clues.