@rcoleman-netgate Yeah, that would be nice. from what i have read from the Telus web site, it's a $400 add on. Cost to speed ratio was why i left my other internet provider. But the grass isn't always greener. :)

@viragomann And exactly that was the case/issue. The VLAN contains my GuestWifi Clients. On the Unifi APs I had seperate LAN configured and in here there was "apply Guestpoliy" option enabled. [image: 1691653854263-guestwifisettings.png] From there Ubiquiti Forum I had a description of what this feature does once enabled: **Guest policies on VLAN will have firewall rules blocking that VLAN from all others and will apply L2 isolation.** After that checkbox was disabled I can reach the LAN Subnet just fine. Thanks for help folks!!

@BlazeStar https://docs.netgate.com/pfsense/en/latest/firewall/index.html#managing-firewall-rules

@mspeed OK, so I'd say that's not a DNS issue. The policy routing doc should explain what you want...that link and further up that page. I would think "bbc.co.uk" has multiple IPs/servers so you will probably have to compile a list of IPs yourself. If you put bbc.co.uk in an alias pfSense will resolve it every 5 minutes but I expect that would resolve to one IP.

I think the I found the issue ... sticky connection tracks connections by gateway and not by connection, this option doesn't seem to work if all the connections have the same gateway? [image: 1691480934531-e70ebee9-d432-4e65-9a82-064a71c77295-image.png] Session tracking is all being routed to the same Gateway IP and thus means maybe any of my connections? [image: 1691481013598-526ee23d-6eab-4095-91ff-662cf6cb64af-image-resized.png]

@AGA-0 Thank you. It worked very well with these steps in 2.6.0 but since upgrade to 2.7.0 error is occurring again: Aug 7 11:27:35 (1691404055.938356) sockd[74692]: warning: new client from 192.168.13.5.62833 dropped: no resources

@navu I don't believe it is possible with a single Gateway.

@imsnow said in Vlan exit through Different gateway: however I see that in the gateway I can only select one by default, Where do you try this? You have to configure a Policy Routing rule on the respective interface tab.

@Popolou said in Starlink + pfSense Plus 23.05.1 + Powerline network: @CapitanBlack You need to use the Windows software, Their powersave mode is a common feature of their PL chipsets. Frankly, ditch it if you could. They are flaky devices. That's why.... I only use Ubuntu and Android on mobile devices... :))) Already ditched.

@johnpoz Eureka . You were right. Sometime things are simpler than you expected. A simple gateway rout did the trick My mistake was i have tried always to ping the firewall, but forget to enable the LAN for allowing ICMP. Works like a charm. Thanks a lot. Great forum.

@viragomann Again, very happy with your help! Up to my next learnings!

@Bob-Dig No, setting the default gateway did not not solve the problem. Whenever I use WAN Chunian ISP for my LAN PC interface (PC connected to pfsense via ethernet), the issue started to happen. And if the same WAN Chunian ISP is used with LAN Router (Home wifi router), then it keeps working fine. Not sure, if I should try capturing the packets if that can help.

still happening with 2.7.0. we have a couple of openvpn client sessions established from the pfsense. sometimes the tunnels restart but the traffic stops passing (actually it's directed to the uplink interface, not to the ovpnc). filter reloading fixes the issue.

@johnpoz Interesting. I thought I could break out one of the ports and keep the other three as a switch. I do have an extra port that I can connect the second switch to the first but I'll need a bigger switch to add the ap. I guess that's the direction I will go since I don't want to go down the bridging route.

@viragomann Thanks, I'll check that the next time (Primary is back meanwhile)! I'm not killing states at gateway failure, because sometimes pfSense assumes a failure (high packet loss) although there isn't any - killing states in this case would not be the best as I'm running all kind of self hosted services here. And nevertheless I have a fixed IP, so even when the WAN fails for a few seconds, existing states will be still fine.