@cleciomelo Good afternoon Guys, I'm new here and also the use of PFSENSE.

I need some help on a dedicated link, but for some reason the internet doesn't work, and the funny thing that is dripping the internet doesn't work anymore.

I removed every rule on the most unsuccessful Lan.

Here in the company we have two working wan, plus the third is that dedicated link does not work, is like Uptime.

The link is PPPOE, I'm waiting and thank you all in advance.

Update

We have interfaces assigned to the VPN connections at both SiteA and SiteB. Looking at firewall rules SiteA VPN-interface rules are currently (any/any). SiteA has no rules in the one named OpenVPN. SiteB also has a rule allowing (any/any) on its interface assigned to the VPN but it also has an (any/any) rule in the one named OpenVPN. Removing the rule from the one named OpenVPN now gives me the same behavior at both locations. I am still seeing routing issues depending on which host I am pinging from.
SiteA-LAN to SiteB-L2VPN the routing is asymmetrical. Send is over L2VPN, reply is over VPN
SiteB-L2VPN to SiteA-LAN the routing is symmetrical. Send and reply is over VPN
SiteB-LAN to SiteA-L2VPN the routing is asymmetrical. Send is over L2VPN, reply is over VPN
SiteA-L2VPN to SiteB-LAN the routing is symmetrical. Send and reply is over VPN

Goal would be to get the traffic flow routing symmetrical no matter the to and from address.
Any thoughts?

Yeah!, I was watching the camera through vpn with pFSense OpenVPN, IPSEC/L2TP but recently I had to restore to default the pFSense config And now I was testing the connection from internet, because I wasn’t able to connect to the cam! Once resolved the problem, I will enable again my vpn server, I know that if I try to connect by vpn it’s easy to do it without Any problem cause I’m in the same net, but that’s not the question!, I’m having some nat troubles in my pFSense configuration And that’s what I’m trying to resolve! I would like to know what is delaying the connection to the cam while the connection to rdp, for example, is much faster!.

Thanks!

Thanks for the reply, your right it had to be done that way thank you again

I set an upload and download limiter to 10mbit. However it seems no pages load when I enable it on the firewall rules on the vlan created. Should the source be the new vlannet an alias and or the wan net. When I set an any any rule on the new vlan I am able to grab the other wan just fine but I need to restrict the bandwidth. I noticed a bridge vlan was also created when I bridged the new vlan with vlan. Does anything need to be done with this? I've tried just about every source possible in firewall rules with limiters on and it's either I can still ping out to 8.8.8.8 but no web pages load or the limiters do not function .

@MathewFernandes Try something like Qotom-Q575G6 https://www.amazon.com/Qotom-Q575G6-S05-Qotom-Barebone-Gigabit-Firewall/dp/B07KM31GJT/ref=sr_1_1?keywords=Q575g6&qid=1572885456&s=pc&sr=1-1 with Pfsense

My solution ATM is to use FRR and OSPF. I've setup IPSEC VTI on the WANs with public ips, and one openvpn pair for each WAN2 over the natted cellular connections. I have 3 vpn connections in total between A and B. OSPF will usually default on the IPSEC connection and use OpenVPN when IPSEC is down.

I'd have set it up faster with some gateway groups and port forwards, but I expected it'd got too dirty when throwing site C in the mix. Haven't setup site C yet but I expect it will work in this setup.

@Orbettino said in Cannot get failover WAN to work:

@dwr953topfsense Hello, have you made any progress? I've the exact same problem here on my setup. Failover works but fallback isn't.

Yes, I did. All works OK now.

Currently we have added static route to each location to access other site through single vendor if that vendor connectivity breaks we have manually shift to other vendor
Both vendor provided MPLS through cloud if site1 location mpls fails for vendor1 but it working on site2 due to this I have to manually shift to other vendor2 even if that site MPLS link is working
I tried OSPF free but it is not showing any neighbors router

I realized that I do not need to add 192.168.0.x since my WAN interface is 192.168.0.1 and /32 was incorrect too. I have removed that. I can see the route in the table but still the ping to google.com or 8.8.8.8 or 192.168.0.1 from a VM(192.168.1.100) connected to pfsense is very random. how can I troubleshoot that?

edit: do I have to reboot each time I save anything? that seems to do the trick

So it was actually an issue in the router behind the RG replacement. I have dual WAN connections set up in it and had failover rules in place for outbound traffic. I decided to create a rule for traffic to the WAN NET to use the default route instead of the failover policy route. Immediately after applying the changes connections are being maintained and there are no more entries appearing in the RG replacement pfSense logs.

Adding these notes in case of the 1 in a million chance someone else encounters the same issue.

You something like this

https://forum.netgate.com/topic/124545/monitoring-pfsense-using-nagios-and-ssh

Or a bash script like this .....

if curl -s --head --request GET https://example.com | grep "200 OK" > /dev/null; then echo "mysite.com is UP" else echo "mysite.com is DOWN" fi