Another option might be GRE, unless a) I don't understand GRE properly b) my ISP filters that c) there's no way to bypass for a gateway route the generic restriction that a GRE routing entry can't be more generic than the link it uses to be transported over (which of course in the case of a gateway rout, it would be). Personally, I don't care WHAT I use. I can put a pfSense (or Vyatta, if it has to be) box on both sides of the link. Anything that's in my budget (i.e. free software and $150 nettop on each end) is an option as long as it can route the class-C network through some sort of logical tunnel of sorts such that the gateway is logically at the colocation provider, while it's physically here in my home there's a possibility to have a guest LAN bypass all of that, and via NAT access the internet directly through the ISP without detour of the tunnel I can have a few additional private-LAN to private-LAN IPSec VPNs to clients and friends' LANs Ideally, it would also allow 4) policy based routing, such that end-user web traffic, downloads, etc. use NAT and don't do the colocation routing detour 5) VoIP PBX (like FreeSwitch module in pfSense). My problem is, the current setup works, sort of, but not trouble free, but it works (it hangs itself rather often, needs resetting on a regular basis, the box sometimes gets overloaded etc.). I'm not in a position though to spend $300-$500 all said and done on hardware and equipment installation charges at the colocation provider, just to figure out that it won't work; the whole operation is only meaningful if it moves me from "sort of works" to "works" ;) I wish there were someone who could answer a question like that…

It will only fail over when connection is lost or the monitor IP cannot be reached. I do not know of a way to make it fail over if you suffer high latency, you would have to power down that line to make it fail over to the secondary. If you got a second ADSL wouldn't that line be susceptible to high latency as well anyway? New ISP?

normally switches bypass the router completely when they actually send data on the local network…that's kind of the whole point of a switch

why not simply put the wifi on a seperate subnet and you can use a firewall blocking rule to block wifi subnet from lan

why not just set up pfsense to do static dhcp, get another interface for the pfsense box and use the dd-wrt router simply as an access point (or set an ip for it on your current lan and use the dd-wrt bridge function to accomplish this) the only difference is that the second way will have your wireless on the same subnet

instead of wireless routers why not just use atheros wifi cards? one for each subnet?

2 things are they all on the same subnet did you set your domain in pfsense and all your computers the same (windows xp will not see networked computers on other domains unless you MANUALLY set them up)

are you sure you've set vuze up correctly? did you try testing it with single wan to make sure the dual wan is what's really causing you the issue

If you firewall is a bridge, it shouldn't be your default gateway.

Please read the documentation on setting up loadbalancing/failover here: http://doc.pfsense.org/index.php/Special:Search?search=loadbalance&go=Go

The next hop needs gateway to be reachable from one of your local interfaces. You would need to configure your IPSec tunnel so that it included the network you needed to reach.

Ok I added network diagram.In this diagram location A and Location C are use pfsense and they are conneccted with vpn ( ipsec ) .everything is ok.I want to reach ın location C , any location in this diagram.How can i do this.May ı connect one more ehternet card for routing or any other solution.And how to i conf. Thank you very much .. Best Regards [image: PfsenseRoute.jpg] [image: PfsenseRoute.jpg_thumb]

Great, thanks so much!! :)

Before you ask more questions: Read up what NAT is. Wikipedia and google are good places. After you know what NAT is, you should know which of these you need ;)

Thank you. I tend to overlook the obvious and over complicate things…

Oh interesting, finally someone with the same problem! A couple of tips that might help you: .- PPPoE and sticky connections are not friends before pfsense 2.0, you shouln't use them .- To get the version the best place is to go to Status -> System , in there you can see the version with build time. .- Update to 1.2.3, this version seems to solve a lot of issues, not mine but even tough. Finally, I would like to know what hardware are you using (board + network interfaces) Cheers Hi, Sorry for the delay in answer I was extremely busy in last few weeks and completely forgot about this post. Anyway I have made some more testing regarding this issue and here what I managed to learn: Switching WAN from PPPoE to Static helps a little bit - interface are not dropped so often - however ramdom downtimes for 10 sec. are still occuring approx. once every 2 days I did not test it with 1.2.3 version - and to be honest I do not really have a time at the moment. Changing router config was quicker :-D Regarding HW - here is my hardware profile: Dell PowerEdge sc 440 (dual-core pentium x86_64) motherboard - dell branded for this server model NICs - 5 x BROADCOM 5721 GIGABIT ETHERNET ADAPTER

Enable NAT reflection: system –> advanced --> Network Address Translation

The "copious free time" was sarcasm.  I quite often see forum threads elsewhere on tha intarweb where some mouth-breathing basement-dweller will tell a poster to just "get the code and fix it".  :) But back to your original problem - in this case I suspect it's a pretty rare need, most ISPs are at least slightly more clueful than yours.  Sorry!  :/   One possible route would be to appeal to their human side and explain that you have multiple WAN links for a reason, i.e. working from home or whatever, and could they puh-lease make an exception in your case.