Still an issue?

no gateway option, you can use the 'interface' option on either wan & it'll bypass policy routing if you don't use any wacky floating rules

okay makes sense.. I'm surprised they use a rfc 1918 address but I guess the ISP can use whatever they want on their internal network.

Yeah. It probably wasn't the reboot. Maybe pre-existing states or something.

-bump-

Hello All,

I just wanted to bump my old topic, to see if anyone has had a similar need / if anyone has architected anything similar to what we're trying to achieve.

Any assistance would be appreciated!

I tried that but when a go to Routing > static routes, and select the gateway options, the gateway group i have created with the two routers does not appear on the list. I have pfsense version 2.4.3.

@Kartoff just to test if that is part of the problem but it isn't.

new development:
It seems the problem is on the side of PIA. I have added a gateway group and set it up to use PIA and NordVPN as a fallback and now it is running on NordVPN without a problem.

Another thread on this forum suggested that some PIA users are using the service to spam this very forum which is why some IPs seem to be banned. My humble attempt of an explanation is this: It seems reasonable to assume that PIA is having server issues and their servers are going down due to excessive load from spam activities. If the server that I am connected to is going down, then my connection would go down with it and not recover.

Thanks for confirmation of what I feared! :)

Thanks a lot, for your help.

I will try it with /23

Hello, I have exactly the same issu.
This causes a lot of problems in my network.
Please help

sticky connections don't work and I have a lot of problems with expired sessions (banks and many others sites).

Yes they do. Sticky connections are more a potential solution for load balancing setups than failover.

It's worth pointing out that every other device I've used that does RIP has an UI for specifying what networks it advertises, as well as whether RIP is enabled or disabled globally. It seems like pfSense doesn't have a way to specify which networks it advertises? I think that's all I need, a way to turn on and off advertisements on a per network basis.

All works perfect - please excuse me: there was a mistake in the firewall rule.

Regards,
Michael

@babiz

Thank you for the help! I understand. What I try to achieve is to make sure my VPN is running, because I am setting it up for the first time. I have no other option than test the two pfSenses as I suggest. After I see that the VPN connects from both sides I can travel in piece. Otherwise I am sure I end at site B without VPN.

Ok thanks for the clarification. I just wanted to keep things simpler, and only have to set/manage that rule in one place instead of for each pass rule.