You should use firewall rules to separate the traffic of mission critical devices and set the fail-over group as gateway, while the gateway rule for all other lan hosts will be your wan1.

So your asus wifi router is in front of pfsense, or behind it?  There should be no devices connected to your asus router if that is your internet connection and you want to now use pfsense.  Pfsense can use a double nat, but things have to be behind it to be "protected"  If going to use the asus behind pfsense for your wifi, then you would jsut use it as an access point not a router.

should that topic to be moved on another forum subsection?
Firewalling
Traffic Shaping

I'm not sure that it's on the best place for the moment, since it's concerned by firewalling, shamping, and multiwan…

New pfSense has three LAN rules, in this order:

Allow connections to the Web GUI on the LAN interface of the pfSense from any subnet Allow traffic that is sourced from an IP address in the same subnet as the interface (implied rule at the end of the list, does not normally explicitly appear) drop all traffic that didn't match one of the allow rules

You need to either change the default allow rule to allow every subnet you want, or add another rule that allows the subnet you're interested in.

Note that if your computers on the other subnet don't have some way to route traffic to the pfSense, you won't be moving traffic this way probably (like if those computers want internet access through this pfSense).  You may want a virtual IP address on the LAN interface so that the pfsense has an IP address on both subnets to use, or something like that.

I think that you misunderstood. I am not trying to force ALL traffic to use the VPN just browsing and basic services I want routed to the VPN both http and https especially, and my daughters' games and Netflix.
Every thing else must go out on the unencrypted satellite connection.

Solved the problem and hope this is helpful to others…

Rebooting the "modems" on 74.92.10.128 and 74.92.16.120 solved the problem. Maybe something to do with APP? What was confusing me was that the "WAN" port worked.

https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

I finally found the problem…

There was never any problems with my config.
My ISP had routed the subnet through the wrong gateway!

Needs more context: what is 10.201.0.0/24 and what subnet is your PC sat on?

I have try with phisical interface and i have the same issue. Curl command seems to go out by default route

@klubar:

Maybe I found the answer…. (?)

Under Firewall / Rules / LAN, in Advanced Options I changed Gateway from "*" to LoadBalanceWAN (name of my Gateway Group).

Is this the solution?

That will do it, I'm still learning pfSense but in order to route traffic to a different gateway you modify the Firewall->Rules as you've done.

Or make a 192.168.2.0/24 interface and put the PCs on that.

You can make it work but it's a crappy design and should just be fixed instead.

Thanks a lot!
The "use sticky connections" solved my problem  :D :D