what is the FQDN that is checked? Should be able to just use openssl to check the details of the cert, etc.

Wow! I really appreciate this!

Thank you!

When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors.

https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

Were you able to get it to work?

I have the same issue, did you manage to get it working?

@viragomann:

To solve, add an additional rule for VPN traffic (put all LANs in an alias and use this as destination in the allow rule) without the gateway option and put it to the top of the rule set.

That worked. Thanks!

After reading several other posts.  It looks like PF Sense doesn't support what I'm looking for.  Bummer.

dude if you need ports, and you want to create new networks - get a managed switch.. They are $30 for a 8 port gig smart switch..

Yes for pfsense you can get by with just the 1 lan side port with vlans on top of it.

We tried several of those (member down vs. Packet Loss/High Latency) with no improvement.
Generally I'm unsure how this setting applies as we're not looking for failover, but loadbalancing.

Any other ideas?

Well are you seeing your discover go out with the tag?  Are you not getting back a offer?  Then contact your ISP.

I would break it up with a smart switch vs having pfsense do it, since not sure what you think pfsense is going to do with IPTV vlan?  See drawing added to previous post

hi there Derelict!!
Thanks for your advice!! I will give that a try now :)
thanks for your help! I will let you know how it goes :)
Gazzzman

You should watch his other thread.. He cross posted this exact question in multiple places - this one didn't get any traction.

@johnpoz:

When you create the IP on the bridged interface.. You would not setup a gateway on it - because then in pfsense eyes it becomes a WAN..

So just setup a gateway on pfsense under system routing.  There you go just like you would do with a downstream router.

And again - what your doing is completely pointless.. Is it bridging now?  Then you have solved your problem.. Why do you think pfsense needs to get to the internet if your using it as a really shitty dumb switch that I am for freaking sure took you magnitudes of time and effort vs just buying a switch which yes derelict hit it right on the nose.. Just posting this alone was prob wasted $20 worth that you could of just freaking bought a switch if you needed some extra ports…

Where in your original post did you mention anything about 10Ge or even in your 2nd post after I asked for the purpose even?  If you would of mentioned that your trying to leverage a spare box as soft 10Ge switch I wouldn't thought you the typical user asking how can I use that spare port in my router as a switch port..

Thanks - yes, it's working fine now. It took about 5 minutes from installing to having the bridge working nicely. The issue was that pfSense itself couldn't check for updates or packages (I use the "Notes" package to track things relates to the router), which is the only thing a gateway is needed for. I don't like to leave things half working, so I asked. It turned out that the setting "Use this interface as the default gateway" had to be manually checked in advanced config, that was all.

Besides that, I'm sorry that you posted insults when they're unnecessary. I asked if we could restart without upset and you didn't take the hint. You assume it took ages and cussing ("a really shitty dumb switch that I am for freaking sure took you magnitudes of time"); it took about 5 minutes to get the switch up and running - it was just routing the management IP that was the issue. You don't read posts before flaming (" prob wasted $20 worth that you could of just freaking bought a switch"); if you can find any working 8+ port 10G SFP+ switch new or second hand on sale publicly anywhere in the world for under $20 I will personally donate the $20 to any charity you name and post the receipt here. The mention of 10G was completely irrelevant to the question of how to set up routing/gateway for a bridge IP. It would be the same config needed whatever the NICs were (KISS principle).  Your last sentence basically says it all: "If I knew you were doing it for that reason I wouldn't have made unjustified assumptions about your competence and acted like a troll"…. which you shouldn't do anyhow, of anyone, to anyone.

I think I figured this one out!

My dang syslog was logging to a remote site over a tunnel, and the tunnel was flaky at random times so the syslogd was filling up the tcp buffer.

I'll report back if it's stable for multiple days.