Another possible way would be (on 2.0, recent snapshots only) to send the outgoing OpenVPN traffic for that instance into a failover pool, so it would re-route over the other WAN if needed. If the remote system has a different IP for each direction, you can also add another "remote x.x.x.x" entry into the custom options to direct it there if the primary link on the server end should fail.

Thanks, I will give that a shot when I get home. Will I have a problem if both interfaces have the same default gateway? It would be great if I could set the default gateway to an IP address rather than an interface.

@jimp: It may work but I wouldn't call that "valid" in any sense of the word. Sounds like a DC is just trying to cheap out on allocating IPs properly. The host (esxi for me) has a classic network configuration in /24. But if we need more IP for virtuals machines, our DC ("OVH" or "Online" in France) give us a /32 (called "ipfailover") and the gateway must be the same as host. Even if we want a range of addresses, they give us a /30 /29… but the gateway are external.

I would like my Asterisk PBX box to have a public IP because the SIP protocols don't behave nicely behind nat. I also need a ftp server. Thanks for  clearing up on what i needed to do. I'll just connect these boxes to the switch before fpsense and then just enable iptables directly on the servers. And use NAT1:1 for whatever else i can.

We found the problem. It is a bug in the Citrix XenServer 5.6FP1 with some network adapters in combination with VALN tagging. :D

Thanks Francesco, I noticed indeed similair problems, but if there is no fix (i cannot see if someone is working on it), is there maybe a manual (console) workarround for it? The only thing i want to accomplish is to route some traffic (network or host based) to a specific (not the default) WAN gateway. Is'nt that a very basic routing functionality? The routing part worked OK in 1.2.3 (as i recall) but i do not really want to downgrade to 1.2.3 regards GJ

Figured it out now; I had to add a LAN rule for traffic types and select which gateway to use :) I love policy-based routing…

Muchas gracias, Perry, it works!

If you are only routing, and not doing NAT, make sure you have the NAT rules disabled (Firewall > NAT, switch to manual, delete any rules that show up).

I don't think what you want is possible by disabling firewall/NAT. With a bridge you would have on your LAN side the public subnet from the WAN. When you want failover you also need firewall rules, since the firewall rules determine to which gateway (or in your case failover-pool) the frames are sent. –> You need to enable the firewall/NAT part again. Follow the guides on loadbalancing/failover on the wiki. http://doc.pfsense.com/index.php/MultiWanVersion1.2

Thanks Jimp you are really my hero. Thanks for teaching so many stuff. Really appreciate it.

When you have multi-wan setup, you can direct traffic however you want. You can force all traffic from LAN2 out WAN2 if you want, or mix and match, or make them do failover for each other: LAN1 would go into WAN1failstoWAN2, and LAN2 would go into WAN2failstoWAN1, then when both WANs are operating it does what you want, and nobody would have downtime if a WAN fails.

Yes it make sense. Thanks for your explanation. Cheers.

Hi Guys, At last i get better understanding for it. Does it mean also if isp does not support mlppp i could not do wan aggregation? What i want to do is having a big upload pipe for my website. Which i don't really understand how do other big website did it. For example doing a nslookup for google.com it report back with few public ip does it mean is a dns round robin? Could we determine that with multiple public ip is dns round robin? Need expert to solve my curiosity. :)

A correction! After insertion is possible to ping the gateway on this subnet, but to use devices (like print on a printer) is indeed necessary to insert a rule like the friend had earlier reported.