@Gblenn I teach daily, days and nights so my occurrences are likely more visible. Typically, it fails over to Tier 2 and often is unnoticable. (I find out later looking at logs.) However, on this latest instance, the Tier 1 was flapping and zoom reported my connection was unstable. Students reported poor audio and video. It was only resolved by changing the backup to Tier 1 and restarting zoom. Later that night my main connection stabilized. so naturally I'm thinking it is trying to switch back as soon as Tier 1 is available. I will test to verify.

@viragomann I’ll work on that and some spare time Another quick question from another Bundoo machine and two other windows machines I’m not able to get a SSL connection to the Qnap machine even though I imported the CA certificate into the browsers this goes for chrome and Firefox getting a machine reboot cleared cookies and data from browsers. Any suggestions on this one? Thank you,

@viragomann I figured it out in the end. The guide I followed to setup the site to site wireguard tunnel specified not setting the upstream gateways on the tunnels and using static routes to avoid double nat. It also stops reply-to working correctly.

@SteveITS Indeed that was the issue! You're a legend mate, I've been struggling with this for almost a week now, whats even worse is that I scoured the docs and still somehow managed to miss the bit you highlighted for me ‍️

@viragomann Super - and thanks for the patience anf final explanations

@Troniclab sorry, correction: both subnets are /24 ;-)

@SteveITS no they are internal networks. i want to redirect all traffic from one client to use another route. this used to work in previous days.

@madbrain Firewall > NAT > port forwarding You have to add these rule manually.

@viragomann Hey so, I finally got to this and I did the following: I went to System > Routing and setup a new gateway 10.1.4.13 -> This didn't work when I went to the status tab it showed this route as offline so I changed it to (FYI this is the current IP assigned to the DreamMachine WAN Port) 10.1.4.1 -> This immediately showed as online I then went into Static Routes and did the following: Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.13 -> Didnt work tested with ping and VPN no response. Then did Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.1 -> Got a response through ping but seems to be redirecting and I cannot see the machines in VPN PING 10.1.1.1 (10.1.1.1) from 10.1.4.1: 56 data bytes 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3f 01 0100 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3e 01 0200 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3d 01 0300 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3c 01 0400 10.1.4.1 10.1.1.1 FYI just wanted to test the default network since i cant even access the DreamMachine

@viragomann I will try and replace the cable monitor it. Thank you for the reply.

@viragomann Thank you. Searched the config file and found a few rules that had the old GW specified that did not appear in the GUI. Updated and monitoring.

@LB-0 said in Traffic goes where ?: @Jarhead No change when enableing that rule and there should not be a need for any rule on the SERVER nic since the traffic originates from the LAN and pfsense is a stetefull FW. Very true but if the return traffic was going out the WG tunnel, there would be your problem. By disabling that rule you should have gotten rid of the tunnel path and you would need the rule above it to make sure that subnet still had access to anything while testing. As Viragomann said, start sniffing. I'm still betting the return traffic is hitting the WG tunnel. You can sniff on it and see if the packets are forced that way.