Hi @viragomann Thank you for your answer. This is what thougt to do at first. For whatever reason it doesn't work for me here. I ordered another /29 subnet and will check if it works with it. It didn't arrive yet.

@pfsense1921 said in HAproxy will not connect to remote server over IPSEC VPN: Are you saying this works with OpenVPN Tunnel? Yes, presumed you obey some setup steps. At the remote site you will have to assign an interface to the respective OpenVPN instance and move over the firewall rule from the OpenVPN tab to it. You have to ensure that there is no pass rule on the OpenVPN tab or even a floating rule applied to the forwarded traffic from the remote site! This is necessary for the reply-to to work, so that pfSense can send the response packets back to the other site.

Just in case anyone else ends up in the same place as me.............. I managed to solve the issue and found there was no access to the internet on the PRINTERS VLAN, despite having the firewall rules allowing it! Eventually I stumbled upon the Firewall NAT Outbound rules, which was populated with 2 rules per VLAN (had been done automatically, presumably when setting up the VLANs). These rules did not exist for the PRINTERS VLAN. Added these rules manually and all sprung into life! [image: 1717721846845-43fb5a5f-11d8-437e-b9a7-dabcee21984d-image.png] What I cannot understand is why these had not been created in the first place!! The outbound NAT mode was showing 'manual outbound NAT rule generation'. [image: 1717721966565-492154ac-6783-4375-9f47-bc2b5809d6c9-image.png] Thought this would have been set to Auto?? Never mind, all working now but at least I've picked up some extra knowledge. Thanks to everyone for helping me sort this out, it is greatly appreciated. Steve

@michmoor Yes, I have a WAN gateway (ISP). For Internet B, I would need another gateway using the LAN interface. The WAN gateway would be Tier 1, the LAN gateway would be Tier 2. Right?

@viragomann Thanks. I think I have it running. I typed in "ntpq -pn" on my Linux Minecraft server (On Guest LAN) and it spewed out all of the NTP servers I have configured on my pfSense box (All clients/LAN's use 192.168.1.1 as NTP server). However, I did not use any firewall rules to allow this to happen. Is it just happenstance that it works, or am I supposed to add a firewall rule?

@sef1414 said in Pfsense stopped detecting packet loss, failover not working: @mcury Yeah, nothing different there. This is a new issue that I didn't see before. If you can, share more details.

@Dobby_ said in iphone vs android usb tethered wan failover instructions? (2.7.2-RELEASE FreeBSD 14.0-CURRENT): Windows is used by companies to be sure the client and server systems will be 100 % compatible and working together. Apple is used @home, by creative working companies it starts at programming, image and photo work, video editing, sound and also DTP or web content work. All devices sync fine and you will be even up to date on all devices. I didn't realize we were having a Windows vs Apple vs *nix debate.

@atevet What you are doing sounds good. Yes you should be cautious creating networking around packages which are planned to be deprecated. The package pfBlockerNG > DNSBL > DNSBL Category has two lists - shallalist (Wrong, shallalist is no longer online) and UT1 which give quite extensive choices to block content without having to do a lot of investigation. Also: pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL - allowing the adult devices to go around the above lists.

I removed the external monitoring address, so that the gateway comes up again. I created the monitoring address as a gateway on that interface too, just for pinging, it still doesn't come up on its own. Maybe I have to many gateways for pfSense? [image: 1717179980943-screenshot-2024-05-31-202447.png] PS: Maybe upstream gateway is not the right term, but I will not change the heading because it will make pictures disappear.

@sminded said in Using WAN port to access a LAN: I want to access two separate LAN:s from a single point, so the idea was to use a netgate router with pfsense, configure two WAN ports, and connect the LAN:s to the WAN ports, and my laptop to the LAN port. But I'm not able to access the LAN:s from my laptop, what am I missing? Do I need to setup a static route on my laptop as well? You need to explain this in better detail. From the sound of it, the two LANs are in the same building and you're connecting them each to a WAN port on the same pfSense (with 2 WAN ports configured), then connecting your laptop to the LAN port of that same pfSense. Is that what you're doing?? If so, just use 2 LAN ports instead.

@TravisH The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab. If you want give priority to floating rule over interface rules you have to check the Quick option.

@darkcorner So my first solution of setting up a separate LAN segment at each office just for this device would be viable. So finally, the device moves to the remote sites, but it is accessed from an app at the central office; do I finally have it right?

@pfsense-dc , Is the Round robin method built into the rule? Because I couldn’t find documentation related to it. Thanks