Other little step was to create on switches the network 10.175.69.0/24 and then a virtual machine with ip 10.175.69.10: with this I can ping the servers on the other side. To do this I also created a static route like in the image: [image: 1540304884972-static_route_vpn_ipsec-resized.png] so the network 10.175.69.0/24 has as gateway 192.168.0.1 Then I opened a rule on LAN interface versus 10.175.69.0/24 like in the image: [image: 1540305156283-rules_vpn_ipsec-resized.png] After this I can ping from 10.175.69.10 to 10.64.3.46 and 10.64.3.80. How to communicate from LAN network to 10.64.3.46 and 10.64.3.80: is it possible to set a route? Where? Please if you have any idea let me know.

Delete - wrong topic

@luckman212 said in Documentation for the 2.4.4 feature? : Default gateway : Default gateway IPv4 : Automatic: when upgrading from older versions that occasionally leave you with no internet access Funny you should mention that. I had to drive out to a location last week because of this new feature :)

@r0sebush the order as they appear in the gui, left out Time Periode, this is set to 15k

List Action: Deny Both States Removal: Enable LAN rule shows Reject but WAN rule shows Block.

I get the same error. No load-balancing, no proxy server here. It works via my phone on Firefox.

If you use squid then the client traffic can't be directed out a second WAN with policy routing rules. There may be a way to fix it in the squid configuration, but that's a topic for a new post in the Cache/Proxy category.

I'm trying to get a similar thing working. I want workstations on LAN A to be able to use the WAN connection on pfSense B if the WAN on pfSense A goes down. (And vice-versa) I'm still working on it, and I'll let you know if I make progress. At the moment we have two WAN connections at each of the two buildings. I hope to be able to get rid of one connection at each building and maintain redundancy with the WiFi link. [image: 1539253594977-bf9069ef-839c-4fa9-a44b-a5b6a65b8c16-image.png] Edit:- OK, so this "just works" if I follow viragomann's instructions. (Thank you!) I made the WiFi link as a subnet connecting OPT1 on each pfSense giving each OPT1 an IP address in that subnet. Then on each pfSense make a new gateway in system -> routing which points to the other pfSenses OPT1 IP address. Don't forget to fix up the OPT1 interfaces' firewall rules, of course. Then I also added a static route using the new gateways so that workstations on LAN A and see workstations on LAN B (and vice versa) via the WiFi link. Now, if I pull the WAN on one pfSense, traffic then goes via the link and out to the WAN on the other. Works like a charm. Next I'll try load sharing.

@derelict did a Google search for netgear dual wan and one of the links was to this forum))) It crossed my mind that it's probably a wrong place to ask for help with my issue but I decided to give it a go anyways)

Yeah. As long as the network is routed to the CARP VIP you're good.

You can 1:1 NAT or do something ugly like bridging. But bridging will get even uglier with multiple VLANs like that. I get that you don't want to NAT. Get the ISP to route another subnet to your address on the /29.

I might have found my answer: "State Killing on Gateway Failure".

Concur a larger transit sure doesn't hurt ;) and yup a /29 gives you a few address to work with if doing HA, etc.