So they can not just tag the other network range with a vlan ID? Look for a better isp would be my suggestion.. Your switch solution works - but means your running those different layer 3 networks on the layer 2 connection from you to them.. How many other customers have different IPs on this layer 2?  Be interesting to sniff and see how any different IP address via broadcast/arp

Hi V3lcr0! You are absolutely giving me good info. When i connect to vlan 5 i dont reach internet. I get an ip 192.168.5.100 wich is correct. And i can log on to pfsense 192.158.5.1 + unify controller My switch stops traffic to other nets, and in unify controller all ap's are disconnected… When i go back to my normal wlan the router dont change ip, i get the 192.168.5.100 i stead of 192.168.0.100. So then i connect with a cable and get my 192.168.0.100. And then in controller ap's are adopted again except the one i have tagget out from router vlan id5 I have 2 wans, but i only use one due to difficulties to understand this, first i need t get this vlan5 work. I see pacets from the net when capturing vlan and LAN while on vlan5 From "normal" wlan i reach internet easy, but not from the wlan id5 I also got some help from ubnt to controll switch setup and controller setup for VLAN5 and wlan on tag 5 so i think it is OK now. Yes rebooted pfsense also, no change. I really dont know the next step... shit...

Could be anything at this point…to dovetail Wroxc...maybe connect a PC before each switch(starting with your LAN) to narrow down your problem. Did you add rules to VLAN interfaces? Did you add VLAN interfaces? Are you getting leases? Firewall logs? Switches tagged correctly?

@jimp: There are other load balancing and multi-wan options there. And System > Routing has no options page. Though at some point the options will reach a critical mass and warrant a "Settings" tab under System > Routing rather than being lumped under Misc. Also that setting is known to be broken in certain cases (especially with a PPPoE WAN) so we don't want to encourage its use. Hi!, I know this is an old post, but couldn't find information as specific like this. If the gateway switching is not desired, how do you set the alternative gateway for the firewall itself?, I'm running PPPoE as a second uplink

Problems like this bring out the tenacity monster in me and in the spirit of completion I am posting the solution to my own question in case anyone else has this same issue. It turns out that the LTE Gateway I set up did not like using the same IP address for the gatewayIP and the monitorIP. This is despite the fact that that this type of arrangement works for my cable wan connection. Perhaps it's because the IP provided by the mobile connection is an unaddressable IP i.e. 10.X.X.X. In any case by changing the monitorIP on the LTE Gateway to the IP address of one of the DNS servers on the LTE interface the LTE gateway is now online and failover works nicely. Now I just have to get some aerials for my dongle so that I can get an LTE signal from inside my comms cupboard. WCDMA is definitely not cutting it! :) :)

What exactly is the point of a pfsense box with just public IPs on it and no lan?  If it only has 1 network attached how is it routing/firewalling anything?  What are you using it for? Btu sure connect them together with a transit network and route whatever clients you wont out the the other pfsense box with the public /24

How does the openvpn traffic get to pfsense?  That would be pfsense "wan" interface.. The interface pfsense uses to get to or from other networks would be a wan interface..

Hello everyone, thank you for your support! Now i try to explain better that situation. Yesterday i found, maybe, a good idea that causes this block. Yes, the explanations were not very clear, but the reason is that I do not know my network very well. Anyway, yesterday from various pc i launched the tracert command and, yes,  my diagram isn't correct! For example : from a LAN 10.160.3.1 the result is this : 1    1 ms    1 ms    1 ms  10.160.3.201 2    3 ms    2 ms    2 ms  10.10.0.10 3    4 ms    4 ms    4 ms  10.10.0.2 4    4 ms    4 ms    7 ms  10.10.0.1 5    4 ms    9 ms    3 ms  10.160.99.36 so there are many other passages before the packet get to the PFSENSE and above all it is no longer the network that I imagined at the last step… From this LAN pfsense doesn't work and the pc can't surf on internet. And i believe i have to work in pfsense for make it work, but I do not know how to do it. Instead, from this other LAN, 10.160.2.0, the tracert result is this : 1    4 ms    6 ms    1 ms  10.160.2.201 2    <1 ms    <1 ms    <1 ms  10.160.99.36 and PFSENSE works like a charm. and obviously from the network, 10.160.99.0, the tracert command shows that there is only one passage from my pc to PFSENSE, and yes it works. Summing up, when I try to connect at pfsense from the networks that pass on this way doesn't work. 10.160.3.201 or 10.160.4.201 or 10.160.5.201 =  there are the gateway of the LAN 10.10.0.10 10.10.0.2 10.10.0.1 10.160.99.36 = PFSENSE I hope i was clear. Thanks a lot!

sorted!!! i made a stupid mistake when i was making the vpn interface (so i can use it as a gateway for my specific vpn traffic) i ticked both boxes under "reserved networks" which blocks rfc1918 but i dont want to block them as the virtual vpn ip im assigned is 10.8.0.2 which is a rfc1918 address i put back protonvpn interface back in the "ALLInt" so i can easily manage the rules under one tab as its long winded otherwise also in firewall > rules > outbound i had to make it hybrid and copy the wan and make another one for the protonvpn address as it didnt work otherwise see pic of what i did https://s10.postimg.org/jk6oiio7t/rule.png thanks for all your help in this Derelict much appreciated!

Setup your to vlans on your interface your going to connect to on pfsense and tag them 403 and 404.. And sure pfsense can run bgp… Did you not buy support?  I would suggest you call pfsense for help if you do not understand how to setup a vlan.. How are you involved in this project exactly if you do not understand what a vlan is? https://www.netgate.com/support/contact-support.html You cold for sure run your vlans over a lagg or port channel.. Why did you not mention the vlans before? That makes more sense.. Maybe you should contract someone to set this up for you... I would suggest you contact pfsense support, or hire someone local to get you up and running.

Too answer my own question in case someone else has this problem: My VPN provider pushed the route for the default gateway. This was visible in the routes section. I used this article to change the VPN connection https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway This made my pfsense works as expected (including the Squid) Thanks

Guys !!!!! i got all the success. Nice to get the helpful response. Attached current updated diagram, how it looks like. i know now Pfsense is something i'm gonna keep for many years for now. it made me feel like flying, other petty issues which i used to have, are resolved too. altogether, now i've got more control over my complete network. i hope this remains stable. i removed the extra cable running through the Dlink WI-FI to the cisco switch was of no use. ps - i had faulty NIC which i had to replace caused me 7 days of inconvenience. ;-) works like a charm. thanks Derelict [image: new-home.PNG] [image: new-home.PNG_thumb]

snailkhan@ i'm opening new fresh post if you feel it's not exactly the same scenario..but i guess similar issue existed for me when i tried accessing webgui for Pfsense using my lab network it didn't work. anyways i hope it works. Thanks for all your help. see you there.

What were you doing at the time you had this probem?

So, I've a INTERFACE called DDOS-GUARD, and that interface has a static IP, provided by DDOSGUARD, and my WAN has an other public IP, so I want to redirect all the traffic from the DDOS-GUARD interface to my lan server 192.168.15.240, I tired to do that in System -> Routing -> Static Routes. But when I did that, my lan server 192.168.15.240 didn't have internet connection.