@greenlight said in Orbi Router in routing mode behind pfSense:

the certificates ip addresses must be orbi router's public ip addresses, which one you import on pfsense.

Orbi has no public address anymore, since it's behind the pfSens. But I used NAT, works.

@coxhaus right, I know that?

@viragomann
Thanks for the quick response, problem solved.

Maybe get them to do a config backup, and email the file to you using different internet connection.

Then edit the config for your needs & email it back. Then talk them through restoring the new config ?

@y2raza

I don't know :(

Frankly, I did not pay much attention

This is what I see in the logs now:

Oct 27 19:46:32 dpinger 92730 send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% alarm_hold 10000ms dest_addr 135.180.64.1 bind_addr 135.180.66.6 identifier "WAN_DHCP " Oct 27 19:46:32 dpinger 97106 exiting on signal 15

@BTCA

In the explanation above, I wrote gateway, but meant the static ipv4 for the lan/vlan that I can ping. new to pfsense and network, so I'm a bit confused here. anyway updated explanation below

When i set up dual wan ( balancer ) tier 1 + tier 1.
My admin computer cant talk with devices on the other lans/vlans, only the lans/vlans static ipv4 for the lan network.
If i ping the static ipv4 ip for lans/vlans that works fine, but when i try to ping/connect to other ip`s/devices on the network its not pinging/connecting at all.
So to make it work i have to change the gateway from (dual wan / balancer) to default gateway or make a rule over the balancer rule with default gateway to ping/connect to the devices.

When i run Packet Capture with dual wan ( balancer )
and ping static ipv4 for another lan port or vlan network ICMP echo request get reply asap no problems
but when try the exact same thing on a device on the vlan nettwork it does not get reply at all, just timing out and 100% loss.

If i change dual wan ( balancer ) to default gateway
Then every request gets replyed asap and everything works fine.

@wbrown766 said in PPPOE WAN is up and working but no internet on LAN:

IPv4 any protocol any port from LAN net to WAN net any port set to allow

The destination has to be "any" to get internet access.
"WAN net" is only the subnet of the WAN address. With PPPoE it's nothing else as the WAN IP.

@dwhdpowd

Starlink uses CGNAT which causes all kinds of issues with remote connectivity.

I'm kind of in a similar boat trying to connect to a remote site with an IPSec connection, but it's virtually impossible, thanks to Starlink.

More or less tagging this to follow if there ever comes a solution.

@viragomann Sorry that wasn't very well explained.

The VPN Gateway Group is made up of VPNBT Gateway, which is a Torguard VPN over the BT ADSL, and the VPNVirgin Gateway which is another Torguard VPN over the Virgin cable.
My issue is that when this Gateway Group is used no traffic uses the VPNBT Gateway and thus the BT ADSL.

Finally found long-term solution. WG interface (that is a WireGuard client of a remote WireGuard server) needed not only MTU set to 1420, but also MSS set to 1420, otherwise I suspect it didn't try to fragment packets and things didn't work properly.

The reason it did work properly with WG_SERVER instead of LAN I think is because WG_SERVER also has MTU set to 1420 on both ends, so client was already sending properly sized packets.

@SteveITS yeah I would think restarting pf would force the loading of rules.. Which you could just also do with filter reload under status.

Or you would of thought of just reboot pfsense if something wasn't working, etc.

Not sure how they would of gotten that deep into the weeds of disable and then reenable pf?

@underling89
Yes, since the gateway is configured by DHCP, you need to connect to the server to get it.

But for sure you can state the interface IPs and gateways static for the time being, configure the gateway group and rules and switch the interfaces back to DHCP after connecting.

@johnpoz
agreed!
The problem right now is losing the internet access if i disable this rule on the Wan. I am ways away from getting to know how the rule apply on PfSense. Just getting back online is the first step right now. Thank you for your support John!
I will let you know once I have a better grip on the rules.

@dangersheep @viragomann

We discussed the need (or not!) for a static route/gateway. Isn't that related to the bug report here: https://redmine.pfsense.org/issues/14200 ?