Pfsense is looking from top to bot. So first rule first ;)
You can see how much Traffic goes over this Rules. If there is any you have triggert it.
Or do a Tracert from one of the PS4 and look if they go other ways.

Did you set the Lan rule right? To use the GW Group?
Rules - Lan - Allow Lan to anywhere - advanced - outgoing gateway (or something similair)

@johnpoz
Yeah i didn't want to give it a vlan, however when i created the interface on the MS250 switch it required i give it one.

Pretty much all websites prob have issues with this, anything that does any sort of session or login for sure would have issues with this especially from a security point of view where you would have a cookie coming from multiple IPs, etc. etc.

@marvosa said in Backup route with single WAN box?:

You will have to setup PFsense for a dual WAN or configure a 2nd gateway on your workstations and edit your metric there.

And that is exactly what I did. Easy and it works!!
Thanks to everyone for your help and support

It finally worked after enabling gateway monitoring and thus setting Gateway to dynamic instead of WAN DHCP.

Ok, for anyone else who is unable to get port forward OpenVPN to work with multi wan, where you forwarded all vpn traffic to local host. The issue I had above was a result of allowing the default protocol listing for OpenVPN. I left it at UDP for IPv4 and IPv6 on all interfaces (multihome). Once I changed it to UDP for IPv4 only, everything worked as described in the online manuals. Good luck out there!

i'm accessing dsl modems from LAN net (isn't it obvious from the configuration i present?), when take down a WAN gateway by force the other is accessible but not when both are active.
disable firewall functionality on where ? pfsense is the firewall and there isn't any rule limiting access from lan to wan, default allow rules are active.

If you are not pulling routes then you have to policy route to the VPNs. I don't see anything there that does that.

If it's local, you might not see it on the firewall.

If you are using MS NLB though, you might not have realized you need to set net.link.ether.inet.allow_multicast=1 in system tunables or the firewall may drop traffic to/from the addresses it uses.

https://www.netgate.com/docs/pfsense/install/upgrading-older-versions-2.2.html#microsoft-load-balancing-open-mesh-traffic

Sounds like you have some clean up for sure.. Or your going to have all kinds of asymmetrical problems.. The core router is where the routes are decided upon, if you have other routers that go to other networks other than the internet.. Then they could all be on connected to the same transit, or they could have their own transit networks, etc.

How about you draw up this network and we can figure out best way to do it.. But you shouldn't be routing on hosts... Its messy and overly problematic!!! if you have to do routing on your hosts for shit to work - then your doing it wrong ;)

Hello, sorry for my late response.
I'm tryng both DNS or IP access to the 2 modems, with same ip address but different wan interfaces.

Gianmarco

Unfortunately that didn't work in my case. Same errors, same behaviour. I don't use gateway groups though.

WAN as as source (starting pint) , and you're going in.
The firewall isn't just doing what it is ought to do ?

Hello there! May you pose more details regarding your issue? That way we can help you better.