The Monitor ping seemed to do the trick.  Thank you for all of the help!

Yes. You may also realize that by a VLAN on your existing LAN cable. But if the vpn server has a LAN IP request from vpn clients to LAN devices will be sent directly to the the devices, while the LAN devices will sent their responses to the default gateway. In addition you also need to add a route to the vpn server for the LAN network pointing to pfSense, of course. Another way to resolve that is to add an static route for the vpn tunnel to each LAN device you want have access.

@everyone I would like to thank you all for your advice and it was great advice. I was able to achieve my goal and remove the Cisco switch. @heper's suggestion, I put the /29 network as the WAN address and since I already had the /24 as VIPs, everything worked like a charm.  Thank you for guiding me!  Tomorrow morning, I am heading to my satellite office and putting in another pfsense box with a ipsec site to site vpn. I can now have uniformity between my 2 offices (already got that working in my test lab!  :) ). Thank you all for your help!

When you do a normal MLPPP connection on the router your DSL modems in bridge mode..  ( I used Zoom 5615 and 5715 models which are bridge only) you have an interface for each modem.  The interfaces can be set up with maintenance IP's or left without. Then you set up a PPP      /interfaces_ppps.php    and use the ctrl key as you choose all the interfaces where your modems reside.  Fill in you user name and password. I believe this is what your talking about…    I no longer use this setup as Im on a bonded circuit now at the shop but still have some info around. [image: mlppp.jpg] [image: mlppp.jpg_thumb]

@twinzco: I have solved the issue. You can see a link here: https://forum.pfsense.org/index.php?topic=105644.0 Just modified Data Payload from 0 to 1. And everything works fine! Resolved my issue as well.

No no, forget about routing! You cannot just route from the internet towards a private internal IP. Tracerouting from the WAN interface of pfSense does not make any sense at all, of course it will always try to send it to the internet. I suggest you go back to the drawing board and think carefully what you want to achieve. If you want, make a diagram and post exactly what you want to achieve, I can help you

Use network and put the alias in the network field.

"hat router is connected to an isp that pfSense has no connection to" Well then your kind of screwed.. Can you share routing protocols with that router that is downstream?  If not even if you send traffic to it from pfsense, those clients would just send traffic out the default gateway since it has no route back.  You would have to source nat all your traffic from your downstream to look like its on the transit network.

Yes. You need DNS servers assigned in System > General with assigned gateways. At least one DNS server for each gateway. Then either use the forwarder or use the resolver in forwarding mode. If you use the resolver in forwarding mode you probably want to disable DNSSEC.

@Javik: Apparently to test this, I will need to build a test bench. Set up two spare desktop computers running pfSense, install a bunch of NICs, connect the two together with multiple network cables forced at 10 megabit, and see if MPD can be set up to combine them. That would be absolutely awesome if it could! Ive got two 5 NIC boxes sitting here doing nothing right now other than some RIP and OSPF testing for an upcoming project..  I will see if I can do the same and test this..

For the reader's sake, this is what I ended up doing… On the Production Subnets' firewall: Add an "IP Alias" type Virtual IP on the Subnet B interface, setting the IP address set to an unused IP on that subnet Add a port forward on the Subnet B interface (NOT the WAN interface) from the VIP to the Host Z IP On the Test Subnet firewall: Add an "IP Alias" type Virtual IP on the LAN interface, setting the IP address equal to that of Host Z Add a port forward on the LAN interface (again, NOT the WAN interface) from the Host Z VIP to the upstream firewall's VIP on Subnet B Note that this works only for protocols that are supported by pfSense's NAT-ing capabilities. Since ours was a database connection (TCP 1433), this works just fine.

I also suggest you ask your question in your native lang section… Having a hard time making out what your needing help with. Sorry. Same layer as your pfsense?  Do you understand the difference between layer 2 and 3? If you can not put your controller on the same layer 2 as your AP, then use Layer 3 adoption https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Device-Adoption-Methods-for-Remote-UniFi-Controllers UniFi - Device Adoption Methods for Remote UniFi Controllers If you create a different networkf or your wifi - you have to create rules on this new network you create in pfsense.

No one routing a virtual ip subnet from one LAN to another, eh?

That's a question for the cache/proxy board. There isn't really a great way to make that happen selectively, unfortunately, but IIRC some people there have come up with workarounds for certain cases.