https://docs.netgate.com/pfsense/en/latest/book/bridging/index.html

It seems that it works, I heard your review on the windows FTP client that does not handle the passive mode. So I retested with FileZilla forcing the passive mode and it works. I certainly had a rule that jammed before that. Thank you for your help.

What we are here for - any other questions just ask.. When you have your rules adjusted - post them and we can discuss.

Does your alias actually populate? Lets see your rules. Do a traceroute for some IP that is in your alias. edit: Here I just forced traffic going to 8.8.8.8 out a vpn.. [image: 1570101405511-outvpn.png] Here is normal [image: 1570101416250-normal.png] Did you setup your outbound nat? Did you change your vpn to not be default, ie don't pull routes or let it set routes? keep in mind if you had existing states they would have to be flushed..

I would wager that by now google, etc have a whole ICMP infrastructure set up and the DNS servers are not actually the ones responding to pings.

You do realise a speed test will only use 1 of the 3 WAN connections.

@Elrick75 said in Does pfsense generate internet traffic on the second connection if first connexion is operational?: Thanks for your answer, it doesn't seems simple to recover this information from 4G supplier... So much person who are not technical, like many hedlpdesk in this case, too lame... Why not try it for a few days and see what happens, it will be cheaper in the long run. I can't see them charging for a ping to the gateway as its non internet traffic.

@skullnobrains said in gateway group : ending up with no default route after a network restart while the gateways where ok: any way to instruct pfsense to keep the first gateway active at all times ? errata : i mean stick in the first gateway whenever pfsense detects none are working

looks like it does https://wiki.freepbx.org/display/FPG/Firewall Did you enable that module?

@jbredereck I got same problem. I was trying to use IPsec tunnel with routed(VTI) mode. I stuck with same situation that machine behind vpn get incoming packet, but reply was going out through wrong interface (default instead of tunnel). Your solution saved my time. Thanks! Regards, Jacek

@Ximulate Hi, great news!! Regards Crysion