No man, not that Alias! That sets only an alias name for one or multiple IPs, but doesn't assign the IP to the interface. Go to Firewall > Virtual IPs.Here you can add virtual IPs to interfaces. Select type "IP Alias", select the WAN interface and enter one of your additional public IPs and the mask and save it. Add the second one in the same way.

Hi Chris, I was under the assumption that routing it all through my management network would work. But I must have introduces something assymetric there I think. I followed your advices and created a seperate vlan on my PFSense for transit. Configured it on my switch with vlan interface IP. I then created the gateway on pfsense and was able to route the network I created as a test. Next step is reconfiguring all servers with their new default gateway. Thanks you so much. very happy.

Just for clarity, rules that match the OpenVPN tab do not get reply-to at all so the replies are routed according to the routing table. That usually means they go out the default gateway. Rules matching the assigned interface tab (which means they weren't matched by the OpenVPN tab or processing would have stopped there) get reply-to on the states. Glad it's working.

You either need to get a routed subnet, use 1:1 NAT, or bridge the interfaces. In order of most- to least-preferable.

So where are you rules on your lan?  And sorry but pfsense would have to have routes showing that it needs to go down the vpn to get to those remote sites or lan2 would never be able to get there. My guess is your forcing your lan out your wan gateway via rule on lan interface.

You did not say you performed the step of actually assigning the VLAN interfaces to the pfSense interfaces in Interfaces > Assignments.

Yes, this is possible.

This ticket will be close. Failover is working, I tested his work used ping, but it will close on my firewall :))

I was keeping an eye out for that yesterday but 1.2.4 wasn't in ports the last time I looked. Now that it's there we'll get that updated. FRR is definitely the way to go, though. It's based on quagga so the transition should be smooth if you decide to switch.

You can accept connections and port forward into either. reply-to will work its magic. OP gave no information regarding the port forward itself, so…

PTP SSL/TLS with a tunnel network larger than a /30 puts the server side into server mode. This means that you have to have remote networks on the server configuration to get the traffic into OpenVPN then you also have to have Client-Specific overrides with the remote networks set to tell OpenVPN which client to send the traffic to. Even if there is only one. You might try setting the tunnel network to /30 ands see if things start to make more sense. Especially if there will only ever be one client.

Ok please disregard my previous messages. I disabled CDP in the wireless bridge links on both ends and now the traffic is flowing as intended.

@johnpoz: So did you call your ISP??  Maybe they do not support bridge.. This is not place to help you or troubleshoot if your isp device support bridge mode, or if you isp even allows it. Call them!!!  Ask them if you can put their device in bridge mode - problem solved. If not then use pfsense with a double nat, its not the end of the world. Well, well, well, ….. We finally get their. I have managed too get an external ISP provided I.P Address. I need too explain a few things because I'm not 100% on whats going on. I went in too my router, looked at every possible setting and configuration and eventually found DHCP under LAN settings; being listed under, WAN, LAN, WiFi and USB Devices. I disabled WiFi, Disabled DHCP under LAN and also set WAN too Bridge Mode LLC. Switched the router off for 5 seconds as thats the amount of time it takes to do a hard reset. I reset PFSense too Factory Defaults, Immediately picked up an external I.P Address from my ISP Provider and currently have my PFSEnse Firewall set on the 192.168.1.1 Network. I was simply trying every option available when setting LAN to use DHCP as I was not sure if this would be needed as I have multiple home computers connected too a switch. Also NAT is automatically turned off by default when setting Bridge Mode in my ISP Box Router. Resetting PFSense too factory defaults using option 4) in the main terminal of the boot screen done the trick after finding the DHCP Config setting in my router basically. So yeah I totally get I have made my self out to be a complete idiot and I apologize for taking up so much of your time. I am now connected threw PFSense on my Rack Server and using my ISP Box as a modem. After all that, over the past several days I understand not what too do and what too do as I have been taking mental notes about the overall config and set up on a third party home system such as my Rack. In my case disabling DHCP under LAN for the LAN I have at home. Setting to Bridge Mode and disabling NAT  along with WiFi . It was the DHCP I was getting confused over and when I first started posting, the DNS Servers. I have learned a lot from this as I have been watching youtube Videos about DHCP handing  out I.P Address and how it works hence why I could not connect on my Home PCs. I just have a couple of questions. When setting up PFSense and having too disable DHCP in LAN on the given ISP Box Router and also having too Bridge the connection; turn of NAT and WiFi; is this the case for every custom set-up as in a DIY Build. Basically installing it your self. I've been on this for several hard days and the mistakes I have made now seem genuinely stupid when I thing about the Logicalities involved and how the overall set up would work. Am I correct in thing for DHCP; this is basically assigning I.P Addresses . DNS basically the look up of I.P Addresses and NAT is basically; the Name Address Translation Tables. Were as the like of I.P Ver.4 being the protocol used. I'm not sure what I did wrong with regards to setting up LAN as it wouldn't connect until after I done a factory reset of PFSense the the main terminal. BUt I now know a lot more than I did so thanks for sticking with me johnpoz. I appreciate it greatly.  8)

Thanks, I've just realized that the problem is on the NAS side, not pfsense

Sorry for delayed response. Was travelling for work. So today I was able to tinker with my set up a little more and was able to figure it out with your help. I was missing the PVID setting on my switch. I had to: 1. Configure the VLANs on both the router ans switch 2. Assign specific switch interfaces as members to my VLANs 3. Set the PVID for the ports I tagged Once I did that, I was able to plug my laptop into ports 1-12 and get assigned an ip of 10.11.12.x 13-18 an ip of 10.11.13.x 19-24 an ip of 10.11.14.x Now onto the rest. Thanks for the great info @Derelict! :D

What you are trying to do has nothing to do with the firewall as such. You will want to implement split dns for your clients. Probably the easiest way to do this would be via the clients' resolv.conf files, or equivalent.