Thanks again for the video. It solved my problem. If anyone bumps into this thread in the future, the static route showed in a screenshot above here was correct, however here's what I did wrong: On site2 I had set "IPv4 Upstream gateway" in the interface config to the gateway on site1. This makes pfsense NAT the traffic instead of routing it. Here's a timestamped link to the video where this is explained.

I really wish I could do the same here. I get some false positive failovers because the single IP monitor becomes offline, but the gateway is working fine... Gateway 1 monitor 8.8.8.8 Gateway 1 monitor 1.1.1.1 Gateway 2 monitor 8.8.4.4 Gateway 2 monitor 1.0.0.1 Gateway 3 Then prioritize them and route following this order.

OK, I think I just figured it out!! I didn't have the subnet enabled. Not sure how it happened, but it now seems to be working. I can open the printer's web page!! Now I can revisit things.

Do you see errors on the parent interface? You can try the dtrace commands shown in this thread and see if you're hitting some error other than 55 (no buffers).

@4o4rh i am struggling to get policy based routing working on truenas scale. either i get the situation where non-media vlans can access the jellyfin server on the media vlan (but then the truenas/smb vlan is not accessible, or the truenas/smb vlan is accessible by not the jellyfin vlan (other than from a device on the vlan). It both cases the non-accessible vlan is appearing on the wrong pfsense interface. so, it seems truenas is returning via the default route rather than the desired return route

Ignore this For anyone maybe suffering with similar issues, I went through the guide again and realised I'd forgotten to update the Port VID under Interfaces > Switch > Ports as well as updating the VLAN Tag under Interfaces > Switch > VLANs Once that was done it got an IP and I could use it as a WAN port.

[image: 1747882023978-eabc93a8-57d3-42a7-a238-9dc201c9bca6-image.png] VPN Only is essentially just the rule up above. NAT wise I've added this rule: [image: 1747882202689-68d71407-e473-4694-b9ec-6679e6575c41-image.png]

@Al2108 You need to solve the same gateway issue first. Some device in nat mode in between maybe?

@andydills said in Two default routes are getting installed: This is on 2.7.0, .... @andydills said in Two default routes are getting installed: We're thinking Stop thinking, the solution has arrived. 'Years ago'. Upgrade first. Go to 2.7.2 - and even consider continuing upgrading to "Beta 2.8.0" as is very close to release. Then : reset your questions. Bye bye old issues. ( Welcome to the new issues - not that I, afaik, 'm aware of any =

Okay, this is resolved. As suspected, it was related to the configuration of the VLAN for the OPT1 port. For anyone up against the same issue, the solution is: follow the instructions for configuring switch ports with VLANs https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html set your VLAN to have members "4" (assuming you are using the 4th LAN port as your OPT1 for WAN2), and "5" this is the critical part: for the VLAN members 4 and 5, you must make "4" untagged and "5" tagged -- see screenshot. I believe this is because traffic from the VLAN must go to the switch (member 5), but traffic on port 4 (member 4) cannot be tagged since your secondary internet provider is not set up to handle VLAN traffic. I could be wrong here, and welcome any better explanation for this solution. [image: 1747192363633-vlan-screenshot.png]