@babiz Thank you for the help! I understand. What I try to achieve is to make sure my VPN is running, because I am setting it up for the first time. I have no other option than test the two pfSenses as I suggest. After I see that the VPN connects from both sides I can travel in piece. Otherwise I am sure I end at site B without VPN.

Ok thanks for the clarification. I just wanted to keep things simpler, and only have to set/manage that rule in one place instead of for each pass rule.

Are both of these routers on the same WAN router right now? Physically located at the same location? I see. I don't assign my openVPN connections to interfaces in that fashion myself so was trying to make sure.

Yes it is. The routes get synced, but not loaded into the routing table of the backup firewall.

As i was researching about it you posted here and I found this guide: https://www.netgate.com/docs/pfsense/book/routing/routing-public-ip-addresses.html It was indeed NAT, got outbound NAT disabled for the second interface public IP range /30 and worked fine! Thanks!

If you are on 2.4.4 there is a default GW Setting under Routing. But it should interact here. Normally you dont need the reject rule. BEcause any Ips from the ALIAS has to go through the WAN2. If it isnt up, it shouldnt work.

I've proved out that the problem lies with the split routing, by issuing the following commands :- route add -host 168.63.129.16 -ifp hn1 [msdefaultGW] route add -host [externalfixedIP] -ifp hn1 [msdefaultGW] This is locking down that any packets going out of the box towards the MS probe IP and a fixed IP on the internet are routed through the 2nd interface. This all works fine, except that I can't work with individual static routes I need any traffic that comes in on the 2nd NIC to go back out the 2nd NIC.

OMG why are you running multiple layer 3 on the same layer 2?? Just setup vlans... You have a LAB and you can not afford a vlan capable switch at 30$ for 8 port gig?? Come on people... If your going to do something don't freaking use bubble gum and sticks..

@ssanders76 I got it working you need to add a virtual IP address (IP Alias) of 10.0.0.16/24 on the WAN.

strange thing happens ! now all full speed are acquire! nothing to understand ! thank's anyway

Thank you so much :D

@derelict said in Load Balancing Problem: Load balancing works best when lots of states are being distributed between the various WAN interfaces. Okay, thanks for the clearification. As it happens we do have many "small" connections, so pfsense will do its job (7 VOIP Phones, 7 PCs with Mail and Database acces, file transfers). Next step will be traffic shaping... Priority for VOIP ;-) By the way: Until now I used ipfire. But a single WAN will be to slow and ipfire does only support failover but not Multi WAN.

If you use Routed IPsec (VTI) then you would have an IPsec gateway for each tunnel that you could use with a gateway group. Though because VTI doesn't support reply-to it may not be as ideal as it could be, the return traffic would only take one of the two WAN tunnels. You can pull it off easier with OpenVPN (tunnel up on each WAN, assign the interfaces, use gateway groups + firewall rules only on the assigned interface tabs)

Probably you're missing the outbound NAT rule for the VLAN you want to direct over the VPN. To get better help here, you have to provide more details about your setup: vpn client config interface settings firewall rules outbound NAT rules