Thanks a lot, for your help.

I will try it with /23

Hello, I have exactly the same issu.
This causes a lot of problems in my network.
Please help

sticky connections don't work and I have a lot of problems with expired sessions (banks and many others sites).

Yes they do. Sticky connections are more a potential solution for load balancing setups than failover.

It's worth pointing out that every other device I've used that does RIP has an UI for specifying what networks it advertises, as well as whether RIP is enabled or disabled globally. It seems like pfSense doesn't have a way to specify which networks it advertises? I think that's all I need, a way to turn on and off advertisements on a per network basis.

All works perfect - please excuse me: there was a mistake in the firewall rule.

Regards,
Michael

@babiz

Thank you for the help! I understand. What I try to achieve is to make sure my VPN is running, because I am setting it up for the first time. I have no other option than test the two pfSenses as I suggest. After I see that the VPN connects from both sides I can travel in piece. Otherwise I am sure I end at site B without VPN.

Ok thanks for the clarification. I just wanted to keep things simpler, and only have to set/manage that rule in one place instead of for each pass rule.

Are both of these routers on the same WAN router right now? Physically located at the same location?

I see. I don't assign my openVPN connections to interfaces in that fashion myself so was trying to make sure.

Yes it is.

The routes get synced, but not loaded into the routing table of the backup firewall.

As i was researching about it you posted here and I found this guide:

https://www.netgate.com/docs/pfsense/book/routing/routing-public-ip-addresses.html

It was indeed NAT, got outbound NAT disabled for the second interface public IP range /30 and worked fine!

Thanks!

If you are on 2.4.4 there is a default GW Setting under Routing.
But it should interact here.
Normally you dont need the reject rule. BEcause any Ips from the ALIAS has to go through the WAN2.
If it isnt up, it shouldnt work.

I've proved out that the problem lies with the split routing, by issuing the following commands :-

route add -host 168.63.129.16 -ifp hn1 [msdefaultGW]
route add -host [externalfixedIP] -ifp hn1 [msdefaultGW]

This is locking down that any packets going out of the box towards the MS probe IP and a fixed IP on the internet are routed through the 2nd interface.

This all works fine, except that I can't work with individual static routes I need any traffic that comes in on the 2nd NIC to go back out the 2nd NIC.

OMG why are you running multiple layer 3 on the same layer 2??

Just setup vlans... You have a LAB and you can not afford a vlan capable switch at 30$ for 8 port gig?? Come on people... If your going to do something don't freaking use bubble gum and sticks..

@ssanders76

I got it working you need to add a virtual IP address (IP Alias) of 10.0.0.16/24 on the WAN.

strange thing happens !

now all full speed are acquire!

nothing to understand !

thank's

anyway