You can't reach the 192.168.2.1 gateway from this 192.168.3.0/24 network.
Add one more network card to your pfSense or use VLANs to create these Interfaces virtually separated. You need a capable VLAN Switch then though.

-Rico

Sorry, the txt image is a liitle broken. Right picture is here:

@Gertjan Hello, thanks for commenting. I had set it to 8.8.8.8 to test if I can get to ping to google. At the time I didn't trust the router. Thanks to your comment I have changed my dns to my router and it worked fine.

8fb612f3-17f0-40bb-b8a7-2e8f577c5bef-image.png

The rules for lan are ok now because I can go to the internet.

In that case I would BLOCK LOCAL_SUBNETS then PASS ANY

@johnpoz OK it's noted.
However, we have other server that is in this range of address: 10.1..1.x, how to do not saturate Chimpanzee switch requests that will be issued by other hosts who want to reach the other server via this chimpanzee switch?

Yeah Rico hit it on the head.. Where you can run into problems is when the site could be really any IP owned by the CDN its being hosted on.. So the specific IP you use could change all the time..

And some of these have ttls as short as 60 seconds for example... So when the filterdns process runs (every 5 minutes by default) that populates your alias for www.somedomain.com you get IP 1.2.3.4... But then 3 minutes your client wants to go there and you get 4.5.6.7 which is not in your alias.

Even if you put in the whole swath of IPs that are owned by CDN.. you now get sites that you might not want going through the vpn since they are hosted on the same CDN, etc.

So while yes you can do it.. Be aware that there could be complications based upon if that fqdn is hosted on CDN..

Yes having the same GW for multiple WAN IP:s worked (at least for me) fine for a while. This is basically the only option you have if you want to run with multiple wan IP:s and your operator is providing you with multiple IP:s with DHCP (mine gives up to 5, no static IP:s available) . Off course for monitoring of GW one must use different targets for every GW.

For testing purposes I did do a fresh install of Pfsense 2.4.4-RELEASE-p2 and the problem seems to stay.

Annoying part is that this setup now works, for a while, then it goes offline, and soon works again :).

@Rico
Hi , I have tested this approach and configured CoDel Scheduler and used it for a while and tried diffrent combination of it's options but the mai nproblem is that is causes web access slowness on entire clients, no body can use internet correctly, some websites not opening right a way and take a long time to load but as soon as we disable schedulers every thing is ok!

i think configuring scheduler and CoDel and Queues needs some advanced expertise. guidelines provided in the video and pfsense docs not enough to use them, at least for me.

It looks to me like you need to:

Change your default gateway from Automatic to the gateway group. Policy route your LAN traffic to the gateway group

https://docs.netgate.com/pfsense/en/latest/book/multiwan/index.html#multiple-wan-connections

What? This is not a guide. Question asked and answered.

@viragomann Sorry, I misread that IP. I accidentally blocked out my local IP. You are right.

Not sure about the original ASUS firmware, but I have like 10 ASUS RT-AC68U with DD-WRT connected as Site-to-Site OpenVPN to my pfSense Server. Everything working very great and robust.
I'd recommend to check if DD-WRT is available for your ASUS DSL-AC68U.

-Rico