Here is how you would do what your talking about.. [image: 1540978852944-howdone-resized.png] Route in pfsense left would be 172.16/12 go to 192.168.0.2 Route in pfsense right would be 172.16/12 go to 192.168.0.6 These are transit networks that connect to your mpls network which would route to your different locations. Clients in each location would only talk to pfsense as their gateway.. In the example 172.21.1.254 and 172.21.2.254 These are all different networks that could have 254 devices.. If you have more than that then you could increase the mask to /23 or even /22 - or create different vlans in each location.. As long as your different locations do not use overlapping networks..

https://www.netgate.com/docs/pfsense/book/multiwan/index.html

@netblues It works perfectly. Thanks a ton!!

Other little step was to create on switches the network 10.175.69.0/24 and then a virtual machine with ip 10.175.69.10: with this I can ping the servers on the other side. To do this I also created a static route like in the image: [image: 1540304884972-static_route_vpn_ipsec-resized.png] so the network 10.175.69.0/24 has as gateway 192.168.0.1 Then I opened a rule on LAN interface versus 10.175.69.0/24 like in the image: [image: 1540305156283-rules_vpn_ipsec-resized.png] After this I can ping from 10.175.69.10 to 10.64.3.46 and 10.64.3.80. How to communicate from LAN network to 10.64.3.46 and 10.64.3.80: is it possible to set a route? Where? Please if you have any idea let me know.

Delete - wrong topic

@luckman212 said in Documentation for the 2.4.4 feature? : Default gateway : Default gateway IPv4 : Automatic: when upgrading from older versions that occasionally leave you with no internet access Funny you should mention that. I had to drive out to a location last week because of this new feature :)

@r0sebush the order as they appear in the gui, left out Time Periode, this is set to 15k

List Action: Deny Both States Removal: Enable LAN rule shows Reject but WAN rule shows Block.

I get the same error. No load-balancing, no proxy server here. It works via my phone on Firefox.

If you use squid then the client traffic can't be directed out a second WAN with policy routing rules. There may be a way to fix it in the squid configuration, but that's a topic for a new post in the Cache/Proxy category.

I'm trying to get a similar thing working. I want workstations on LAN A to be able to use the WAN connection on pfSense B if the WAN on pfSense A goes down. (And vice-versa) I'm still working on it, and I'll let you know if I make progress. At the moment we have two WAN connections at each of the two buildings. I hope to be able to get rid of one connection at each building and maintain redundancy with the WiFi link. [image: 1539253594977-bf9069ef-839c-4fa9-a44b-a5b6a65b8c16-image.png] Edit:- OK, so this "just works" if I follow viragomann's instructions. (Thank you!) I made the WiFi link as a subnet connecting OPT1 on each pfSense giving each OPT1 an IP address in that subnet. Then on each pfSense make a new gateway in system -> routing which points to the other pfSenses OPT1 IP address. Don't forget to fix up the OPT1 interfaces' firewall rules, of course. Then I also added a static route using the new gateways so that workstations on LAN A and see workstations on LAN B (and vice versa) via the WiFi link. Now, if I pull the WAN on one pfSense, traffic then goes via the link and out to the WAN on the other. Works like a charm. Next I'll try load sharing.

@derelict did a Google search for netgear dual wan and one of the links was to this forum))) It crossed my mind that it's probably a wrong place to ask for help with my issue but I decided to give it a go anyways)