So you are just skipping parts when showing us your layout? Yeah ICMP working but not TCP for example sounds like asymmetrical routing, hard to tell with only knowing a few small pieces of your network and configuration. -Rico

So, nothing did Help that I searched yet... Well... seems like something within the System was corrupted... I reinstalled everything from ISO and did the config from ground up. Now its working.

No. We had some issues at this client in 2.4.4 with the fail-back not working and ended up running a cron script to load the gateway page. That didn't work in our case, a few days after upgrading. We poked and prodded for a while (over an hour) and eventually found saving that group (without any changes) changed the default gateway back. Given there's two of us that might imply something with 2.4.5. Since the router's at a client I can't do much troubleshooting but if you can replicate you might open a support ticket or a bug report at redmine.pfsense.org.

@serbus said in Load Balancing stopped working: Hello! Check weights... https://redmine.pfsense.org/issues/6025 John I checked, the weights are both set to 1. @Rico said in Load Balancing stopped working: Use unique subnets for any of your Interfaces. -Rico Can you give me a general idea on how to check / set that up?

yes, I have only one server inside that network so I didn't care to set a /32 but you can do that

Are you just pulling those IPs out of thin air? That first one is a peering network.. And the other one is securebit de company. If you don't have valid IPv6 to use - then use ULA.. .Or get a /48 from HE for free to use..

@Rico Thanks

Hi there, Yes, I did resolve this in the end. The key for me was Static Routes on the Wireguard Gateway VM on my local network, I also set a static route on the Endpoint to send any traffic with my LAN IP addresses back over the wg interface. I didn't realise that if you set your wgx.conf to use AllowedIPs= 0.0.0.0/0 it forces ALL traffic over the wireguard interface, so returning traffic never gets back to the client that initiates the connection. Anyway, a picture is worth a thousand words, and see my updated diagram here. Apologies to the Network Engineers out there. I'm not a pro, so I guess my diagram is pretty amateur! It serves it's purpose for me as documentation though :) In the pic, you can see the routing table on the WG Gateway VM and the WG endpoint. The routes in Green are the ones I added manually, and it all works like a charm now. Also, note the MTU thing, that caused me no end of grief, so if you have issues with SSL handshakes failing and other random stuff....check your MTU. [image: 1604697747932-wireguardpublic3.jpg]

@ihrewerbung said in How to Multi-WAN setup as Loadbalancing and route all traffic over VPN-Provider like mullvad?: Maybe a Floating rule would be another workaround? worth a try

@viragomann group of internal networks no problem directing traffic to a different gateway than default brNP

Hi All! Just to give an update to this, I moved my setup to a newer beefy server and I am now able to download upto 170Megabytes per seconds. I did not do anything special, I just migrated PFSense to our new beefy server as a virtual machine and now I'm very happy as ever. [image: 1604637235622-e983830f-0577-4b29-9620-020beb55b683-image.png] Thank you all for responses! Consider this solved until 10Gbps is available in our location, that is to another milestone.

@Lanna Lanna thanks for the advice I tried that but it wasn't it. After digging around for almost a month here. I found the issue! VPN Server from Private Internet Access (PIA) created a route 0.0.0.0/1 when the interface is created. In OpenVPN client I had to select "Don't pull routes" and it no longer makes that route. pfSense 127.0.0.1 now properly goes through the default Gateway.

@maartenv said in Can pfSense receive LACP over incoming dual WAN connections. Is that possible?: Or are there other solutions possible? Probably, depends on wether you have the possibility or want to put a device in another location and probably add some latency to the connection. But you could host another e.g. pfsense instance in another location or in the cloud, point your webserver DNS name to that and there use HAproxy to add both IPs of the external webserver IPs as loadbalancer/failover configuration so that would utilize the redundant internet connection. A bit like CDN services. That would also be another possibililty: put a CDN service (or sth alike) in front of the webservers, add your rendundant IPs to your webserver to them and have them utilize it. But this means that pfSense must also be able to receive LACP over the incoming WAN connections but I can not find a way to do this in the webgui. Is there a way to do this as in the Interfaces/LAGGs configuration screen the WAN interfaces are not shown. Should be pretty straighforward if a bit unusual: just add both physical interfaces that are pairs of the LACP bond to a LACP-type LAGG (interfaces/assignment -> Link aggregation / LAGG) and instead of configuring your WAN on the phys interface, use the newly created lagg0 interface.

UPDATE: Solved Problem was solved, main issue was OpenVPN Main interface catch-all rule If anyone is interested in this thread let me know to provide a tutorial Thank you Regards Mike

Thank you very, very much. I did not know some of the Netgate documentation was outdated, so in order to prevent this kind of misinformation, I immediately downloaded the latest pfSense Documentation dated Sep 28, 2020 from here https://docs.netgate.com/pfsense/en/latest/index.html