Many thanks for your help, it works fine.
You help me a lots.

@techanalyst NM solved

@Nick-Sharp said in Multiwan failover between two sites via P2P Leased line.:

Static routes
192.168.2.0/24 GW_OPT1 – 10.10.100.2 Interface WSP2PHH

This should read...
192.168.1.0/24 GW_OPT1 - 10.10.100.1 Interface HHP2PWS

Thanks for your response. You know, sometimes you need to be told something three times before it sinks in. Every time I've seen this recommendation, I've read the settings as "Pull Routes" not as "Don't Pull Routes". I thought having the box unchecked was accomplishing this. After more careful examination I see that I had it backward. I checked this box and voila! It's now working as expected. Thank you!

Help me understand the DNS leak concern and how to avoid it?

Well then you changing the cache default time makes no sense how it could fix anything..

Have your isp explain what that setting "fixes" If the mac doesn't change then your cache could be for 10 years ;)

Seems like your isp wants to see arps more often than every 20 minutes for whatever reason?

@guido_neumann said in Access to Web Gui over ISP WAN Gateway - Rules,NAT?:

Destination WAN Orbis1 and now i can ping and HTTPS.

Destination would be "WAN_ORBIS1 Addr" or "This Firewall". Source should be any because of - you get it - the internet. Or even better, if you access that from a static IP (company etc.) then only allow this or another trusted IP. Much better than just allowing all.

Thank you, Chris. I was able to download and install the image. All is good!

@viragomann Thanks, I may just try that.

My immediate goal in regards to addressing is to make it long enough so that I can purchase a class C IPv4 netblock on the open market. Nothing would make me happier than the death of IPv4 but until then I am forced to support it.

Hi to all,

I'm facing to the same problem, WAN connexion is droped after 10min, and up after 10 other...
I try to add route or modify "Use non-local gateway" in WAN gateway advanced, but it doesn't fix the problem.

f8db588f-7b67-4e9e-b040-f2425f22c50b-image.png

How can i fix WAN connexion ?

Best Regards.

There is a package called filer, it would allow you to store the contents of a file in the xml, so the file will be created for you after say an update to pfsense.

Just to not leave everyone hanging on this, here is the outcome:

Got the new router. Restored from backup the configuration file. Switched the interfaces as the SG-5100 is slightly different then the 4860. Plugged everything in and everything seemed to work. That is till 9 am the next work day. Same problem different router, however when it switched to the backup WAN it seemed to connect for a minute or less then it too failed. Rebooted the 5100 and we were back in business on the the main WAN. The backup WAN was connected also. That is until 9 am the next day. Same thing.

Some time that day the backup WAN stopped working. Could not get it to work. However the next day at 9 am the main wan did not fail with the cell modem off. Same thing the next day. Without the cell modem no 9 am anomaly.

However no back up wan. Over the course of several days I continued to trouble shoot the cell modem. Multiple settings changes, factory resets, every suggestion I could find on the net about this specific modem. However the modem would work just fine plugged directly into a laptop. It worked in router mode as well as bridge mode always on the laptop. I could set it up on the laptop, leave it powered up and quickly plug it into the 5100 and there would be an ethernet connection but would never get an IP. The 5100 would not communicate with the modem no mater what I did.

One night at home I thought what if the router had a hardware port problem? Not normal for a new device but possible. Also unusual that it would be the same port that I happened to have the modem connected. So the next morning I logged into the pfsense gui and switched WAN_CELL interface from ix0 to ix2 and plugged the cell modem into ix2. Power up the cell modem and when it finished booting it connected and I had my backup wan again.

Netgate support said I should hook up a laptop to ix0, do some changes to the pfsense settings and see if that port can connect to the laptop. Guess what - it would not connect. To triple check I did the same changes to ix1 and plugged the laptop in and it immediately connected.

On top of that with a working port and cell modem the 9am anomaly has not occurred again.

So I now have an RMA to send the brand new 5100 back. And our repaired 4860 is on it's way back to us.

P.S. During this adventure I discovered an anomaly with some settings when you switch interfaces. In System, Routing Gateways, Edit, WAN_CELL, Advanced the Probe Interval and the Alert Intervals switch back to the default values. I would think that they should stay as set to the gateway name.

Anyway we are back up for now. I will let you know if anything changes.

I don't believe that you can dynamically control which interfaces unbound uses for external lookups. Its config allows you to choose which interfaces to use, but no way to change it on the fly.

Hello,

pfSense its firewall- and routing-behavior in regard to multicast and broadcast is still not clear to me. Especially not as soon as it is "above link-local scope".

And .... that is where I have problems. I cannot make my media-server (Twonky) visible across subnets or making a SMB3 share visible in another subnet (note that the share is not visible but accessible).

I do have some doubts if it is possible to get those things working with actual software.

However, I did a lot of research and would like to share some links with you,

I did a lot of research and would like to share some links with you,

Zero-configuration networking
https://en.wikipedia.org/wiki/Zero-configuration_networking#DNS-SD

Using pimd
https://forum.netgate.com/topic/139218/sonos-speakers-and-applications-on-different-subnets-vlan-s

NetBIOS over TCP/IP
https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP

IP-V6 multicast
http://what-when-how.com/ipv6-advanced-protocols-implementation/ipv6-multicast-address-to-layer-2-multicast-address-mapping/

IPv6 - Addressing Modes etc.
https://www.tutorialspoint.com/ipv6/ipv6_addressing_modes.htm

IPv6 - Special Addresses
https://www.tutorialspoint.com/ipv6/ipv6_special_addresses.htm

By the way my media server is using IGMP V3 (the actual standard) and I think IGMP-proxy is not (yet?) supporting that.

Sincerely,

Louis