And did you setup your ISP router to nat these networks?  Since your not natting them on pfsense?  You also have a asymmetrical setup here for devices to to and with devices in your lab..

192.168.10.0/24: LAN, for normal machines
192.168.20.0/24: DEV, for dev/test machines
192.168.30.0/24: SRV, for servers made available to the internet

Your best solution here is to just put your isp modem/router into bridge mode and use pfsense as your edge router/firewall.  Or just double nat..  I have yet to see a soho gateway from an ISP that allows you to nat other networks other than the one that is its lan, etc.

The capacity of the virtual drive I use for pfSense is 5GB and honestly I don't see why I should use a larger capacity than what I have now.
Therefore, the reason why I couldn't see the drive to install 2.3.x was not the capacity of the drive or the controller since I've tried all the resolutions I found in here.

I suppose that the real question here is the unsupported version I'm using and not the issue I'm having even though sometimes issues are continued through versions until they are reported and fixed.

Anyone can see that my setup is a bit of unique with 5 WAN connections over DHCP and I this is why I raised my question. Otherwise, no one else has an issue like this using a single or dual wan with real static IP's.
What I will try though, is to disable all the other WAN ports and perform a speedtest having only 1 LAN and 1 WAN.

What, nobody knows how this supposed to work?

Sorry for not being more specific in my last comment, but that PR#3609 is only for 2.4. In case anyone needs it, I made a version that applies clean to 2.3.3- you can grab it from this commit (apply in System Patches)

https://github.com/luckman212/pfsense/commit/87d5f6579223410c629eddf5ca4386cb435e0a9e

what is strange about it ?

if you ping from you windows terminal to where ? to the monitor-ip ?

Thank you so much, Windows's firewall on 192.168.0.110 was blocked incoming protocol from other sub net.
Now, I can access to 192.168.0.110 via 192.168.2.0 sub net.  ;D

So i just tried something and it seems to work. not sure if i was suppose to create a em0 interface when i created my pfsense router.

1. Go to Interface -> assign
2. assign em0 as only one with a vlan exist on WAN
3. enable the interface em0
4. go to Firewall rules and select the em0 tab
5. create a rule to block all traffic.

WAN_interface_4.png
WAN_interface_4.png_thumb

Yes, you're right it's asymetrical.
It's working now but we'll upgrade the pfsense with some NICs later…

Thanks again.

Because, as you are finding out, the servers need to know how to route the different traffic. They can't just have a default gateway. You end up with asymmetric routing, hairpinning, NAT reflection, etc.

Yes. That looks much, much better. Note that the web server no longer has any routing decisions to make. It just sends everything to the inside firewall and it makes all those decisions for it.

cool cool johnpoz

his internet plan is same as mine. 250down/25up

comcast said needs biz account for another ip address.. he did get an F with bufferfloat was I fixed with traffic sharper..

i just get the unifi hd 4x4 for my house well 2 of them.. i was hyped… but I'm happy...only around 700USD.. LOL...  replaced my ac pro 3x3.. single story 2100 sq all my kids are happy...

As a workaround you may set up an SNAT rule for the AP. Maybe that's what also the USG did. I've seen this also on a Fortigate.

Yes, you need a route on the client, but not static.
The OpenVPN server can push the route to the client after the connection is established, when connection is closed the route is deleted again.

To set this up go to the server settings and check "Redirect gateway".

Ensure that there is an outbound NAT rule for the vpn tunnel subnet in place on pfSense with NAT address = WAN address.

Awesome! Thank you for your help!

Now I just have to find out the IP Adresses for Steam and I'm fine :)