@Oats:

Looks like there is a bigger issue. My LAN connection is randomly going down so that I cannot even ping the firewall or SSH in.
Tried changing the NIC but no change.
Restarting the router gets me connected for a few minutes then dies. But my OPT1 connection is fine (I'm using it right now). LAN was fine a few days ago and just stopped working today.

No idea how to proceed.

UPDATE: Was consoled in and got the following message when the connection dropped:
watchdog timeout
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers

going to try thishttps://forum.pfsense.org/index.php/topic,57238.0.html

UPDATE: stephenw10's fix above solved the dropping issue. Now back to the original issue.

Could be a personal firewall on one of your clients. I would try temporarily disabling it. If that fixes it just add an exception to allow the traffic.

If you're not using static IP addresses for the WAN, I don't think CARP or HA failover is possible.

vbentley's suggestion for WAN failover should still work, although I've never set it up

For a single pfSense host with multiple WAN connections use 'Gateway Groups' and configure load balancing, failover and firewall rules to use the Gateway Groups.

Figured it out… I had to configure a DansGuardian NAT rule to redirect all traffc from LAN to port 8080....Grrr.

route-to (rules specifying a gateway) doesn't necessarily follow the rules of routing traffic that normal routing of the OS will. If passing broadcast traffic with a rule with a gateway, it will forward that traffic as instructed. Where your architecture is poor and you have HA, that can result in a routing loop that's akin to a broadcast storm.

Block broadcast traffic before matching pass rules specifying a gateway in that case.

Problem solved, Thank you a lot!

@cmb:

https://forum.pfsense.org/index.php?topic=110043.0

I thought I searched hard enough, but apparently not. :(

Thank you!

In the meantime you can set up host overrides in DNS resolver so you can connect to \hostname\share. Your recent history might be enough to make it easy to work with. That or just \1.2.3.4\share

DNS resolver host overrides work great on smaller networks. MS really needs to build in AD lite for home networks. IPv6 makes it much harder to "just use IP addresses."

Some further info I have found on closer examination of /var/log/ppp.log

[opt1] Bundle: No NCPs left. Closing links…
[opt1] IPCP: state change Closing –> Initial
[opt1_link0] LCP: SendTerminateAck #52
[opt1_link0] LCP: LayerDown
[opt1_link0] PPPoE: connection closed
[opt1_link0] Link: DOWN event
[opt1_link0] LCP: Down event
[opt1_link0] LCP: state change Stopping –> Starting
[opt1_link0] Link: reconnection attempt 1 in 3 seconds

It also turns out it is less random than I had thought. It is every 4.5mins.

I was thinking it might be this https://redmine.pfsense.org/issues/3821  but that issue is apparently resolved in 2.1.5 which I am running.

Any ideas here?

Or if 2 interfaces are connected to the same layer 2, you could also setup a lagg..

Your not thinking the interfaces of your firewall/router are switch ports are you??  If you need more ports, get a switch!!!  Interfaces on pfsense should be network interfaces..

In your last setup, you've set the tomato settings to tag VID 30 on port 2, and nothing else.. Where do you define where VID 30 originates? in the SSID settings?

Also, did you add rules to that GUEST interface to allow traffic to enter pfsense?

And whenever I ask my friend to uncheck the ( route all traffic through the tunnel ) check box, I then can access again the webUI and I could get an internet connection, problem is , I'm not being routed through the wan interface of pfsense.Although when I use the office separated internet I'm being routed out to the wan address and thus getting its IP when checking in Who.is

@jimp:

That link is for load balancing servers behind pfSense – meaning one external IP address, multiple servers behind the firewall.

What you want uses multiple WANs/external addresses. In that case, the balancing would have to be done via DNS RR type records or some other means (external load balancer, BGP, etc)

Thanks
what I must do when I want test load balance work good ?
How I test Load Balance ?

At the moment, not likely. The L2TP system isn't meant to be used as a site-to-site style VPN.

There isn't a way to add a route that would actually point to the proper L2TP server interface since the client could connect to any of them.

Hi sir,

I have connection in the internet now, thanks for your replies and help, my problem was on the NAT configuration, Its a bit misconfig. haha

thanks  again sir ! :)

In the meantime I fixed this issue. I had to set up NAT for the OpenVPN interface. In case anybody experiences the same issue: I used the latter description in this guide: https://chubbable.com/setup-pfsense-as-openvpn-client

Have a nice weekend!