• Force gateway group NOT to fail back

    5
    0 Votes
    5 Posts
    384 Views
    D
    @Gblenn I teach daily, days and nights so my occurrences are likely more visible. Typically, it fails over to Tier 2 and often is unnoticable. (I find out later looking at logs.) However, on this latest instance, the Tier 1 was flapping and zoom reported my connection was unstable. Students reported poor audio and video. It was only resolved by changing the backup to Tier 1 and restarting zoom. Later that night my main connection stabilized. so naturally I'm thinking it is trying to switch back as soon as Tier 1 is available. I will test to verify.
  • PfSense HAProxy certificate export import

    57
    0 Votes
    57 Posts
    13k Views
    V
    @viragomann I’ll work on that and some spare time Another quick question from another Bundoo machine and two other windows machines I’m not able to get a SSL connection to the Qnap machine even though I imported the CA certificate into the browsers this goes for chrome and Firefox getting a machine reboot cleared cookies and data from browsers. Any suggestions on this one? Thank you,
  • Pfsense port forwarding across Wireguard VPN - Asymmetric routing issue

    3
    0 Votes
    3 Posts
    1k Views
    Tom5051T
    @viragomann I figured it out in the end. The guide I followed to setup the site to site wireguard tunnel specified not setting the upstream gateways on the tunnels and using static routes to avoid double nat. It also stops reply-to working correctly.
  • How to force a client to only have access to WAN1?

    4
    3
    0 Votes
    4 Posts
    391 Views
    M
    @SteveITS Indeed that was the issue! You're a legend mate, I've been struggling with this for almost a week now, whats even worse is that I scoured the docs and still somehow managed to miss the bit you highlighted for me ‍️
  • Route subnet through VPN Client - Outbound NAT

    10
    5
    0 Votes
    10 Posts
    1k Views
    U
    @viragomann Super - and thanks for the patience anf final explanations
  • Allow IPs on another subnet straight to the WAN gateway

    34
    0 Votes
    34 Posts
    4k Views
    T
    @Troniclab sorry, correction: both subnets are /24 ;-)
  • Assigning new gateway for vlan client does not work

    3
    6
    0 Votes
    3 Posts
    320 Views
    A
    @SteveITS no they are internal networks. i want to redirect all traffic from one client to use another route. this used to work in previous days.
  • Assigning new gateway for vlan client does not work

    1
    6
    0 Votes
    1 Posts
    153 Views
    No one has replied
  • Pass rules for WAN2

    8
    3
    0 Votes
    8 Posts
    472 Views
    V
    @madbrain Firewall > NAT > port forwarding You have to add these rule manually.
  • Frequent packet loss / latency on WAN connection.

    1
    0 Votes
    1 Posts
    110 Views
    No one has replied
  • 0 Votes
    1 Posts
    237 Views
    No one has replied
  • Not Enough Tiers in Gateway Group

    1
    0 Votes
    1 Posts
    128 Views
    No one has replied
  • Two sites WiFi link vs VPN

    1
    1
    0 Votes
    1 Posts
    171 Views
    No one has replied
  • Unable to access LAN subnets from PfSense

    8
    0 Votes
    8 Posts
    944 Views
    U
    @viragomann Hey so, I finally got to this and I did the following: I went to System > Routing and setup a new gateway 10.1.4.13 -> This didn't work when I went to the status tab it showed this route as offline so I changed it to (FYI this is the current IP assigned to the DreamMachine WAN Port) 10.1.4.1 -> This immediately showed as online I then went into Static Routes and did the following: Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.13 -> Didnt work tested with ping and VPN no response. Then did Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.1 -> Got a response through ping but seems to be redirecting and I cannot see the machines in VPN PING 10.1.1.1 (10.1.1.1) from 10.1.4.1: 56 data bytes 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3f 01 0100 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3e 01 0200 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3d 01 0300 10.1.4.1 10.1.1.1 92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 1747 0 0000 3c 01 0400 10.1.4.1 10.1.1.1 FYI just wanted to test the default network since i cant even access the DreamMachine
  • 0 Votes
    3 Posts
    334 Views
    A
    @viragomann I will try and replace the cable monitor it. Thank you for the reply.
  • Multi-WAN

    1
    0 Votes
    1 Posts
    235 Views
    No one has replied
  • 0 Votes
    1 Posts
    592 Views
    No one has replied
  • Pass Through 3rd IP to 2nd Firewall

    1
    0 Votes
    1 Posts
    180 Views
    No one has replied
  • Old GW Still Referenced in Logs

    5
    0 Votes
    5 Posts
    736 Views
    M
    @viragomann Thank you. Searched the config file and found a few rules that had the old GW specified that did not appear in the GUI. Updated and monitoring.
  • Traffic goes where ?

    7
    3
    0 Votes
    7 Posts
    791 Views
    J
    @LB-0 said in Traffic goes where ?: @Jarhead No change when enableing that rule and there should not be a need for any rule on the SERVER nic since the traffic originates from the LAN and pfsense is a stetefull FW. Very true but if the return traffic was going out the WG tunnel, there would be your problem. By disabling that rule you should have gotten rid of the tunnel path and you would need the rule above it to make sure that subnet still had access to anything while testing. As Viragomann said, start sniffing. I'm still betting the return traffic is hitting the WG tunnel. You can sniff on it and see if the packets are forced that way.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.