@McMurphy: Just had a thought… We run a mail server using the Sat static IP. With a WAN based schedule would this simply redirect outbound traffic and still allow the inflow of mail via the Sat or would the Sat WAN connection completely stop? A solution may be to run both connections during the day and prioritise the 3G over sat (if possible) then block the 3g during off peak times... just create a rule, higher up the ruleset, specifically for the mail server to use the sat ip …. mail server needs corresponding mx records to be able to receive mail

Hi All, I'm having the same issue but when I tried to revert using the following command: pkg add -f http://pkg.freebsd.org/freebsd:10:x86:64/release_3/All/quagga-0.99.24.1_2.txz The OSPF and ZEBRA service no longer started. If I ran the following command via SSH, I received this error: Exec format error Anyone have an idea of what I may be doing wrong or perhaps a configuration incompatibility that I must remove?  I tried uninstalling the packages, rebooting then reinstalling but didn't help.  I tried removing all the interfaces from the configuration but services still didn't start. This is a MAJOR issue for us because we rely on OSPF for redundancy, at the moment, without it working, if a link goes down, we have to manually reboot the pfSense units so that the new routes are written. I've attached my ospfd.conf and zebra.conf files with some of the IP's and passwords changed. ospfd.conf.txt zebra.conf.txt

Tone?  How exactly did you hear tone?  Do you have something reading the text to you?  You should adjust it to happy go lucky tone then.. Sounds like you have it configured wrong if you perceived anything but wanting to help you.. Adjust it more to a Bob Marley sounding, if you have it set for say Samuel L. Jackson screaming about snakes or something ;)

I get that error when cable modem goes offline. Never used bgp,  so can't help there

what is the FQDN that is checked? Should be able to just use openssl to check the details of the cert, etc.

Wow! I really appreciate this! Thank you!

When you add multi-wan, you add policy routing. You need to bypass policy routing for local destinations including remote VPN endpoints. Policy routing bypasses the firewall's routing table, including IPsec traffic selectors. https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

Were you able to get it to work?

I have the same issue, did you manage to get it working?

@viragomann: To solve, add an additional rule for VPN traffic (put all LANs in an alias and use this as destination in the allow rule) without the gateway option and put it to the top of the rule set. That worked. Thanks!

After reading several other posts.  It looks like PF Sense doesn't support what I'm looking for.  Bummer.

dude if you need ports, and you want to create new networks - get a managed switch.. They are $30 for a 8 port gig smart switch.. Yes for pfsense you can get by with just the 1 lan side port with vlans on top of it.

We tried several of those (member down vs. Packet Loss/High Latency) with no improvement. Generally I'm unsure how this setting applies as we're not looking for failover, but loadbalancing. Any other ideas?

Well are you seeing your discover go out with the tag?  Are you not getting back a offer?  Then contact your ISP. I would break it up with a smart switch vs having pfsense do it, since not sure what you think pfsense is going to do with IPTV vlan?  See drawing added to previous post