@rico said in Two providers, three links: Are link 1 and 2 sharing the same ISP gateway IP ? Check https://docs.netgate.com/pfsense/en/latest/multiwan/considerations.html Excuse me, I missed your answer somehow! Gateways are different, different subnets. On the first link of provider # 1 there is a white IP address, on the second link of provider # 1 the IP address is gray, as a temporary one. Thank you, I'll check!

@nunu There was an outbound NAT rule from LAN1 to a subnet not in LAN1 and it took a long time to realize. All in order for now. It helps writing it down somewhere. Cisco devices sometimes use loopback.

@heper Thanks, I did notice that and set the WAN_DHCP to default yet as soon as I add the new GW it becomes the default. I assume I can set the weight of the new one lower and that might help. Need to wait till evening to try again.

@m0l50n You need to add a route for the mobile VPNs IP pool to the remote site. So if it is pfSense you have to add it to the "Remote networks" in the OpenVPN settings. It also is required that the remotes VPN endpoint is the default gateway in its network. Otherwise you need another solution.

@floydque You could assign that URL to an Alias. And then policy route packages that have that alias as destination , out of the desired gateway. /Bingo

@shepherdkai said in Dual WAN at home? Anyone have stories on their experience?: I have a Ubiquiti EdgeRouter Lite sitting in a box that I plan to break out for this use case. Just curious... If you're going to use that box as your main router/firewall, why are you asking these questions on a pfsense forum?

Solved my own problem. Forgot to put additional static routes on my home router for the additional networks.... Silly me...

@helviojr Ensure that there is no rule on an interface group or floating tab matching to that concerned traffic.

@akirasensei said in 4G internet on 2nd WAN giving awful speeds and can't do local network between devices! Help!: but the NAS is on under the main WAN network) Well if your routing traffic to your gateway - no you can not get to network that are locally attached.. Same as on your other network..

@lak pfSense can do it, but I don't know any way with IPSec.

@hsv said in Is there a way to add many static routes: I need to add about 100 static routes. Just my curiosity cat meowing at me - why? Can you not just summarize the routes? For example route to 192.168.0/24 and 192.168.1/24 could be routed as just 192.168.0/23 If you have a lot of routes - I would try and summarize as much as possible.. Shoot you could sometimes route 100 with 1 statement, ie 192.168/16 for example.. Or run a routing protocol? So the routes are exchanged?

OK, I worked it out! I had the following Firewall rule for LAN: [image: 1617704328983-screen-shot-2021-04-06-at-8.17.46-pm-resized.png] But of course, the 10.8.0.0/23 and 10.9.0.0/23 (I changed them to /23 instead of /24) are not in the "LAN Net", so I had to add extra rules to allow that traffic out: [image: 1617704407299-baecb64d-b9fb-4d84-b216-035dbd903399-image-resized.png] That as well as the static routes fixed it!

Dude I don't know what else to tell you.. Its BORKED! Fix your setup.. There is nothing for pfsense to do here.. what you are trying to do is wrong - no matter how you look at it, or want to think you should be able to do it.. Even the most basic grasp of how networking works tells you how you have it setup is just plain borked.. edit: When a client wants to talk to an IP.. Is that IP suppose to be on my network.. Does it fall inside the IP space of my address and mask. Oh its on my network - ARP!! for it.. Ok device with mac address abc, answered for IP 123.. Send the traffic to that mac.. In no scenario does the client say - oh no answer for arp, send it to my gateway... The only scenario where it "could" work is if the gateway (pfsense) was doing proxy arp and answer for any IP that doesn't answer arp.. Which there is no such thing - there is a way to do proxy arp for VIPs.. So if you have some device on your /16, and it wants to talk to a an IP that is on one of your vlans that falls under this /16 block.. How would it know where to send the traffic.. So either your L2 are not actually isolated. Or you have pfsense doing proxy arp for every single IP under the /16 that is not actually on the /16 L2.. You can not expect your setup to ever function correctly.. Pfsense will clearly warn you - as it did that what your trying to do is wrong, ie the overlapping networks warning. But how can it warn you from a cmd line setup? Pfsense can try and keep users from shooting themselves in the foot.. But it can not protect you from every scenario of shooting yourself. Setup your networks on pfsense be them native or vlans so they do not overlap..

@viktor_g Thank you very much!

normal it will not give you problems restoring it, interface settings looks ok