Ok found my solution, Go at the bottom and click on the advance options There add the following SourceIP=X.X.X.X AND THEN SAVE The X.X.X.X should be the ip address of the gateway via which you want the traffic to go out of Hope this helps someone. Rajbps

You might ask them to put that list on their webserver it a plain-text format. That way you could just periodically update a URL type alias from their site. Absent that, yes, you will probably need to keep the alias updated yourself.

That sounds completely convoluted but you don't control NAT sourced from a specific network on rules on that network. You control them with Outbound NAT. The easiest way is to probably enable Hybrid mode then make a NO NAT rule for the public source addresses on that WAN address. There is no such thing as 'classic Multinet.' Putting tewo layer 3 networks on one layer 2 is something that should only be used to do something like transition to new addressing. It should not be used as a permanent solution to anything.

ok i found the AS numbers for xfinity live tv AS7922

No man, not that Alias! That sets only an alias name for one or multiple IPs, but doesn't assign the IP to the interface. Go to Firewall > Virtual IPs.Here you can add virtual IPs to interfaces. Select type "IP Alias", select the WAN interface and enter one of your additional public IPs and the mask and save it. Add the second one in the same way.

Hi Chris, I was under the assumption that routing it all through my management network would work. But I must have introduces something assymetric there I think. I followed your advices and created a seperate vlan on my PFSense for transit. Configured it on my switch with vlan interface IP. I then created the gateway on pfsense and was able to route the network I created as a test. Next step is reconfiguring all servers with their new default gateway. Thanks you so much. very happy.

Just for clarity, rules that match the OpenVPN tab do not get reply-to at all so the replies are routed according to the routing table. That usually means they go out the default gateway. Rules matching the assigned interface tab (which means they weren't matched by the OpenVPN tab or processing would have stopped there) get reply-to on the states. Glad it's working.

You either need to get a routed subnet, use 1:1 NAT, or bridge the interfaces. In order of most- to least-preferable.

So where are you rules on your lan?  And sorry but pfsense would have to have routes showing that it needs to go down the vpn to get to those remote sites or lan2 would never be able to get there. My guess is your forcing your lan out your wan gateway via rule on lan interface.

You did not say you performed the step of actually assigning the VLAN interfaces to the pfSense interfaces in Interfaces > Assignments.

Yes, this is possible.

This ticket will be close. Failover is working, I tested his work used ping, but it will close on my firewall :))

I was keeping an eye out for that yesterday but 1.2.4 wasn't in ports the last time I looked. Now that it's there we'll get that updated. FRR is definitely the way to go, though. It's based on quagga so the transition should be smooth if you decide to switch.

You can accept connections and port forward into either. reply-to will work its magic. OP gave no information regarding the port forward itself, so…

PTP SSL/TLS with a tunnel network larger than a /30 puts the server side into server mode. This means that you have to have remote networks on the server configuration to get the traffic into OpenVPN then you also have to have Client-Specific overrides with the remote networks set to tell OpenVPN which client to send the traffic to. Even if there is only one. You might try setting the tunnel network to /30 ands see if things start to make more sense. Especially if there will only ever be one client.

Ok please disregard my previous messages. I disabled CDP in the wireless bridge links on both ends and now the traffic is flowing as intended.