I think both agree on bad design.

@dotdash: It appears you are not getting any routes from the peer router. The fact that the pinger showed the remote router down seems to indicate the transit layer to 100.100.100.100 failed. Is that IP provider-assigned, or did you obfuscate the real IP? That block is not a traditional private space, but is supposed to be used by service providers for their internal networks. I've obfuscate the real ip.

The only way to do that is to get Multilink PPP from your ISP.

Maybe with pfsense it is hard but it is easy to setup using a layer 3 switch.  All you have to do is point the local traffic to the layer 3 switch.  It knows where everything is and will route or switch to the device.  Nothing hard.  It is a good way to bring a layer 3 switch into the fold without disrupting normal operations.

Check the system log for hints.

Just set a static route for 192.168.45.0/24 on the Exchange pointing to pfSense: route add -p 192.168.45.0 mask 255.255.255.0 <gateway></gateway> Replace "<gateway>" with the LAN IP of pfSense within 192.168.44.0/24.</gateway>

If it is critical to get this working I suggest you buy some support hours.  Contact support to discuss first.  For done things which were very complicated this is what I have done. It is been more than a year but I eventually gave up on this.  I think using openvpn might be easier but not sure.  I wish you luck with this!

Not sure what this document refers to but it is innacurate. You must configure 3G/LTE setting on interface if using as a wan connection or at least multi wan.  Directions say not to make any changes to the interface but you have to in order to make it work. https://doc.pfsense.org/index.php/Configuring_3G_modems

I will reply to myself as I've found the problem so anyone with the same hardware can use this as a solution. The problem was that the VLAN3 on the WDR3600 was incorrectly set to the interface eth1.3 and on the WDR-3600 the switch is on the eth0 interface, so the VLAN3 had to be set to eth0.3 and voila! everything works!!! The only thing that should be added to this setup are the firewall rules, that I have set as the following screenshot shows. [image: VLAN3_fw_rules.png_thumb] [image: VLAN3_fw_rules.png]

@kpa: No, that's not policy routing at all. What you need is a normal static route on pfSense with the WAN address of the inner router as the target for the traffic that going to the LAN of the inner firewall. Static routes are set at System->Routing->Static Routes. Actually thats exactly what I try to admit :) @kpa: Additionally I hope you're using a transit network between pfSense and inner firewall with no hosts on it? Otherwise you have a broken network setup with asymmetric routing. Yeah, a nice firewall transit network :) My understanding of policy based routing, comes from Barracuda and Juniper. There it works on the routing and not on firewall level. So both ways are possible, in- and outbound. Posted a screen as an example. [image: barra_pbr.PNG] [image: barra_pbr.PNG_thumb] [image: barra_pbr2.PNG] [image: barra_pbr2.PNG_thumb]

Ah. That makes perfect sense. You want to keep all VLAN tagged traffic physically separated for security purposes. Thanks!

Solved. Just wrong config. Need more accurate and not more. ( not edit files, chown and other, just config ) Good config must be: This file was created by the package manager. Do not edit! AS 65002 fib-update yes holdtime 30 listen on 0.0.0.0 router-id 192.168.56.101 network 192.168.57.0/24 group "GR_65001" { remote-as 65001 neighbor 192.168.56.201 { descr "to_as_65001" announce all  local-address 0.0.0.0 } } deny from any deny to any allow from 192.168.56.201 allow to 192.168.56.201 P.S. Log installation OpenBGPd at WEB-configurator Installing pfSense-pkg-OpenBGPD… Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Updating database digests format: .... done The following 2 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-OpenBGPD: 0.11_9 [pfSense] openbgpd: 5.2.20121209_2 [pfSense] Number of packages to be installed: 2 155 KiB to be downloaded. [1/2] Fetching pfSense-pkg-OpenBGPD-0.11_9.txz: .. done [2/2] Fetching openbgpd-5.2.20121209_2.txz: …....... done Checking integrity... done (0 conflicting) [1/2] Installing openbgpd-5.2.20121209_2… ===> Creating groups. Creating group '_bgpd' with gid '130'. ===> Creating users Creating user '_bgpd' with uid '130'. [1/2] Extracting openbgpd-5.2.20121209_2: …...... done [2/2] Installing pfSense-pkg-OpenBGPD-0.11_9… Extracting pfSense-pkg-OpenBGPD-0.11_9: .......... done Saving updated package information... done. Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_resync_config_command()...done. Menu items... done. Services... done. Writing configuration... done. Message from openbgpd-5.2.20121209_2: OpenBGPD has been successfully installed. Configuration file must be created at /usr/local/etc/bgpd.conf and permission set to 0600. Cleaning up cache... done. Success Any question? Contact here: http://ciscooc.blogspot.ru/

@costasppc: Maybe use 8.8.4.4 as your monitor ip? Best regards Kostas Ahh! Thank you! That was the problem!!

Vlan managed switch

Been a while but I think you need to create phase 2 entries for the other subnets…