Have you tried setting Data Payload to 1 in System / Routing / Gateways / Edit?

Meu pfsense(2.3.2-RELEASE-p1 (amd64) ) não funciona também, seleciono pela regra que host X deve sair pelo gateway Y e ele não obedece a regra criada. Como tenho outro pfsense(2.3.2) instalado em outra filial, efetuei o mesmo teste e para minha surpresa funcionou perfeitamente.
Alguém sabe como resolver o problema?

My pfsense (2.3.2-RELEASE-p1 (amd64)) does not work either, i selected for rule that host X must exit through the gateway Y. As I have another pfsense (2.3.2) installed in another branch, I performed the same test and to my surprise it worked perfectly.
Does anyone know how to solve the problem?

I figured it out my by watching https://www.youtube.com/watch?v=zrBr0N0WrTY&t=378s

Resolved.. i cleared out the IPSec configure.. in the process discovered i had a typo in the address in the sophos side.

Ok, thanks for the clarification.

It's been a while, I know.  Yes, I can connect directly by IP address but I can't see the Samba share.  I'll come back with some more thoughts about my requirements in a few days ..

nvm got it! thanks for the help :D

Hence why this wasn't obvious  :D

Below are my results of the original NIC card compared to the identical spare card:

Original Card Results

Speedtest while plugged directly into pfsense router for WiFi: 50 MB/s up/down Speed of file transfers between subnet A to subnet B plugged into interface: 100-300 KB/s Speedtest over WiFi (TrendNet AP): 15 MB/s Down - 17 MB/s Up Speed of file transfers between subnet A to subnet B over WiFi: 100-300 KB/s

Spare Card Results

Speedtest while plugged directly into pfsense router for WiFi: 50 MB/s up/down Speed of file transfers between subnet A to subnet B plugged into interface: 70-80 MB/s Speedtest over WiFi (TrendNet AP): 50 MB/s Down - 50 MB/s up/down Speed of file transfers between subnet A to subnet B over WiFi: 60-70 MB/s

No other settings were changed on pfsense as this was simply a card swap. It doesn't make much sense to me either why I was getting full speeds on that NIC port to the internet when plugged directly into the interface but for some reason it was having a difficult time sending/receiving traffic from two segmented subnets and the WiFi wasn't nearly as fast even for this old AP. Once I recorded my results with the spare card I chalked it up as a faulty NIC port. Maybe some engineer can come on here and give me an explanation why I saw such a drastic difference between the two identical cards but I'm happy it's all set now.

Hope that helps give you some clarification into my troubleshooting johnpoz

I don't have that rule anymore or let's say changed it to that 4 rules i described. I attach a picture.

I found that way somewhere as i started with mwan.


For inbound traffic (from the Internet to your servers) – If you have your WANs setup properly (e.g. if they are static, pick the gateway on the interface settings), reply-to will make sure that if someone connects to WAN1 on the port, the reply goes back out WAN1. If they connect in on  WAN2, the reply goes back out WAN2.

For outbound traffic, if you want your server to prefer one WAN, add a gateway group to do failover and then setup a rule at the top of the LAN rules to match the server as a source and use the failover group on that rule instead of a load balancing group.

If neither of those apply you'll have to give us more information about what exactly you're trying to accomplish, what you have in your configuration now, and what sort of errors or unexpected behavior you see.

So the problem was the automatic rules created for NAT, once disabled, it works!

Thanks m8!  ;)

ok, i think it may have fixed it myself.

I've just tried adding two firewall rules for outbound LAN traffic to the specific IPs and it appears to be working.

Good morning,

I had just the same problem! I solved it using the following guide:
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN

Cheers,

JBR

When an interface has a gateway set on it it is considered to be a WAN. That means that all connections (states) coming into that interface get reply-to back to that gateway. It also means that all outbound connections get route-to to that gateway.

What you need to do is place a floating rule on WAN outbound for the networks on the other side of the IPsec gateway with no gateway set.

Any inbound rules on pfSense WAN should use the advanced option to disable reply-to.

Not setting a gateway on the WAN interface would also be an option. That should work until Multi-WAN interfaces are involved. In that case you need reply-to and route-to to override the default gateway/routing table.

@andipandi:

speeding up 1 single down- or upload is a lot more work

like not possible.
If you combine two links you won't get added speed. 1+1 is not 2, it stays at 1+1.

@ccmks:

@zdoc:

ccmks, thank you so much for your reply! I thought for sure the trick was going to be the firewall LAN rule, but I modified the gateway to my gateway group and it still isn't switching. I know the router sees the 3G connection as active as the update checker on the main dashboard can always check for updates, but none of the devices connected to the router wants to switch over to the back-up ISP.

I know this worked way back on 2.1, so I'm really just baffled as to what I'm missing.

Again, thank you for your reply on this! At least I feel like I'm potentially getting closer to figuring out what I'm missing.

Did you setup the gateway monitoring like I mentioned on previous post? You need to have ways for pfSense to know when the gateway will be considered down. Otherwise, it won't do the switch if the pfSense still see the gateway online.

I hadn't before and I just now got a chance to try it again this weekend. I had left them blank previously (there was a note that it defaulted to a certain value, so I assumed that was good enough), but I put in actual values this time. Still no change on my end - when pulling the plug on WAN1, neither my 3G nor my satellite back-up fail into its place. Again, I know the router itself is using the internet from one of those two other ISPs, as it's able to still check if it's on the latest version of software.

Something else I noticed: as soon as I plug my WAN back in (even while it still shows the status at Offline or Packetloss within pfSense), I can ping google.com again from my desktop. To me that tells me pfSense isn't even switching gateways on its end, otherwise there should be a delay before I start receiving responses again.

If there are any other screenshots or bits of information I can share (and you're still willing to help), please let me know.

And thank you again for taking time out of your day to help me with this! I greatly appreciate the help you've given me thus far.

@naztek:

Currently having the same issue on 2.3.2
Our 4G gateway shows as active and online and I can ping the ISP DNS server through that gateway (DHCP). After the gateway goes down and comes back up, it gets a new IP from the ISP and shows as down under Status > Gateways
The ISP DNS is still pingable but the failover is not working.

The failover is determined by Probe Interval.

We had our failover working in 2.1.3 but the same setting no longer work.

Sounds similar to what I'm seeing. It once worked, but I can't get it to go now. I'm assuming you did auto-upgrades from 2.1.3 to current? I know that's how I've upgraded. I'm wondering if I need to just purge config and start clean. I have a spare router, may try doing that one weekend to see.

because you have identical gateways for multiple interfaces … this is a bit of an issue.

search for terms like "multi-wan same isp" / "multi-wan identical gateway" posts

my router IP is 72.44.192.36/29, ISP said 72.44.192.48/28 and 74.206.101.16/28 routing by 72.44.192.36, and 72.44.192.48 and 74.206.101.16 those usually is gateway can use by NAT.