If you have the GRE interface assigned and enabled, it should "just work" in 2.2.4 and 2.2.5 (and at least some prior versions to that). Any edge cases should be fine with the shellcmd 'ifconfig gre0 up'. The root issue is confirmed fixed in the base FreeBSD version in 2.3, so it works in all circumstances with no workarounds or edge cases or anything.

Hi, If you have 4 WANs coming into your Netgear and want them to come into your pfSense box on 1 port it can be done with vlans. So on that port you will want to create 3 Vlans in pfsense and assign them to an interface. So the interface assignments should have: WAN1    xl0 WAN2    VLAN xxx on xl0 WAN3    VLAN xxx on xl0 WAN4    VLAN xxx on xl0 The Vlan tag numbers are important for the next step On your Switch create 3 additional Vlans with the tag numbers that you used in pfSense. Each port on the switch has to have an untagged VLAN. So on the Switch where the WAN connections come in you will want that VLAN to be untagged on that port and the rest of the vlans off for that port. So if port 1 WAN1 comes in then leave that one alone and leave the rest of the vlans off for that port. Then if port 2 is WAN2 then set that port to be untagged for the VLAN id of the WAN2 VLAN and off for the rest of the Vlans. Then if port 3 is WAN3 then set that port to be untagged for the VLAN id of the WAN3 VLAN and off for the rest of the Vlans. Then if port 4 is WAN4 then set that port to be untagged for the VLAN id of the WAN4 VLAN and off for the rest of the Vlans. Then the port to the pfsense box you will want WAN1 to be untagged on that port and the rest of them to be tagged on that port.

Is implementation at pfSense level a real constraint? If not, you can easily deploy router with double WAN, seen as unique gateway from pfSense but providing fail-over in term of gateway. Do not expect efficient load-balancing here  ;)

I said smart switch could be had for $40 Here is one http://www.amazon.com/TP-LINK-TL-SG108E-8-Port-Gigabit-Tag-Based/dp/B00K4DS5KU Here is dumb switch for $18 http://www.amazon.com/TP-LINK-TL-SG108-1000Mbps-Desktop-Gigabit/dp/B00A121WN6 Here is a 8 port dumb gig for 22.5 http://www.amazon.com/NETGEAR-ProSAFE-GS208-8-Port-Gigabit/dp/B00KFD0SYK If you look you could prob find a 5 port smart for about 20 bucks as well..

Thanks for your answer. Unfortunately none of these what you mentioned. This was first what I checked. If I configure the gateways with Tier 1 for one gateway and Tier 2 for the other one then it works really stable. There is absolutely no interruption for days now. Neither NIC nor ISP disconnect. If I change back to Tier 1/Tier1 then second gateway will loss 100% packages after a certain time. The cable modem works if I connect it directly. I added my routing groups and my fw rules. At a temporary solution I route a part of ports to gateway 1 and all others to gateway 2. [image: routing_groups.JPG] [image: routing_groups.JPG_thumb] [image: fw_rules.JPG] [image: fw_rules.JPG_thumb]

NOTE: if you have problems with multi WAN (which may be the reason you look at this topic) you may find it senseless, because you browser can have problems with downloading images SO SEE THIS TOPIC NOT VIA ROUTER YOU PLAN TO CONFIGURE :)

I have to ask. How is it that someone is "new to networks" and an ISP at the same time?

Hi, the pfsense is the default gateway for all the subnets. All clients have that setting. FiberP35 Gateway: [image: Screen_Shot_2015_09_21_at_16_58_28.png] FiberP29 Gateway [image: Screen_Shot_2015_09_21_at_16_58_04.png]

Solved - LAN based firewall rule, where you set exact gateway for traffic (Advanced features, Gateway). Worked like a charm for me.

whats your questions exactly? if you would create a LAN-rule (TCP/UDP) like so, it would force everything using port 5000 through a specific wan: src:any /  dest:any / dest-port: 5000 / gw:TWC_gateway

This turned out to be an access list issue with the data center provider. The had setup using VRRF prior to discovering the issue, so we're still using it but odds are it would have worked fine as configured. I guess we'll shift to the new configuration when we upgrade the hardware pfsense is running on.

@tomwaller: Am I doing something fundamentally wrong here. I thought the packet would come back the way it entered but I guess not. No, return traffic follows the system routing table, which means it sends it out the directly-connected network in that circumstance. If you dual home a system like that, don't connect cross-subnet to it. Strictly connect to its IP on the same subnet as the source machine, or the IP of the interface where the default gateway resides if it's sourced from a network where the destination system isn't directly connected. That'll ensure no issues along those lines.