Thanks for the support given so far. At seems as though I was to early. A couple of hours after Hetzner said they made the change in routing it started working. So now everything works as it should.

@johnpoz I like to NAT, so I will use VIP.

Really dumb. I had a default gateway set on the interface, and the default gateway was the other router. Fixed now.

I found why. My mobile operator don't send public IP to their client. A NAT is used between a public IP and the terminal. So, modem retreive a private IP from this NAT operator. Thank anyway Derelict.

Here is how you would do what your talking about.. [image: 1540978852944-howdone-resized.png] Route in pfsense left would be 172.16/12 go to 192.168.0.2 Route in pfsense right would be 172.16/12 go to 192.168.0.6 These are transit networks that connect to your mpls network which would route to your different locations. Clients in each location would only talk to pfsense as their gateway.. In the example 172.21.1.254 and 172.21.2.254 These are all different networks that could have 254 devices.. If you have more than that then you could increase the mask to /23 or even /22 - or create different vlans in each location.. As long as your different locations do not use overlapping networks..

https://www.netgate.com/docs/pfsense/book/multiwan/index.html

@netblues It works perfectly. Thanks a ton!!

Other little step was to create on switches the network 10.175.69.0/24 and then a virtual machine with ip 10.175.69.10: with this I can ping the servers on the other side. To do this I also created a static route like in the image: [image: 1540304884972-static_route_vpn_ipsec-resized.png] so the network 10.175.69.0/24 has as gateway 192.168.0.1 Then I opened a rule on LAN interface versus 10.175.69.0/24 like in the image: [image: 1540305156283-rules_vpn_ipsec-resized.png] After this I can ping from 10.175.69.10 to 10.64.3.46 and 10.64.3.80. How to communicate from LAN network to 10.64.3.46 and 10.64.3.80: is it possible to set a route? Where? Please if you have any idea let me know.

Delete - wrong topic

@luckman212 said in Documentation for the 2.4.4 feature? : Default gateway : Default gateway IPv4 : Automatic: when upgrading from older versions that occasionally leave you with no internet access Funny you should mention that. I had to drive out to a location last week because of this new feature :)

@r0sebush the order as they appear in the gui, left out Time Periode, this is set to 15k

List Action: Deny Both States Removal: Enable LAN rule shows Reject but WAN rule shows Block.

I get the same error. No load-balancing, no proxy server here. It works via my phone on Firefox.

If you use squid then the client traffic can't be directed out a second WAN with policy routing rules. There may be a way to fix it in the squid configuration, but that's a topic for a new post in the Cache/Proxy category.