In general you want to start a new thread rather than using old threads. Old threads don't receive as much attention as new threads. Give that you are using a satellite connection, you need to adjust the latency thresholds to higher values. Check the latency under load using ping, and then adjust the threshold values for the connection on the gateway edit page (System/Routing/Gateways/Edit) in the advanced section.

Pretty sure same as here https://forum.pfsense.org/index.php?topic=111108.0

I have tried pinging from the console and it was fine. DHCP was fine. Everything is up on the server. Internet on my LAN is not working., it can't connect to the internet.

That's "Alert interval".

Thanks for your answers @heper: your openvpn is a transit-network …. packets go THROUGH it instead of TO. Yes I understand this. It was kind of a "shortcut" : it was shorter to talk about "OpenVPN" rather than about "the machine connected through OpenVPN" @johnpoz: So looks to me you have this - see attached. Your drawing is really better than mine (except I do not see Internet as such a dark cloud)  ;)  Yes it is my network config. The reason I have such a config is because pfSense1 and server1 are virtual machines hosted on host1, while pfSense2 and server2 are virtual machines hosted on host2. Host2 acts as a backup of host1, and I wanted the settings of server2 (and all the other servers, configured that way), to be ready and operationnal. @johnpoz: I would not suggest trying to create a route on pfsense 2 point to the tunnel network 10.0.100/24 to pfsense 1 lan IP So is this the reason why the static route I set on pfSense2 (as described before - adding a "green arrow" on your drawing from pfSense2 to pfSense1) does not work ? Is there a (short) explanation why a "simple" static route will not do the trick ? I was expecting that if there is a "sign" in pfSense2 saying "to go to OpenVPN : follow the direction to pfSense1", and when you're in pfSense1, ask someone…

aaaah… ok. that i work for me. i have a dedicated server with ESXi and i have 6 VMs Servers and all the server is behind the pfSense.

I finally solved it. I mixed up two gateways. My mistake. Thanks for your help and interest. I really appreciate it.

Honestly that diagram has me scratching my head. It should look more like this unless you have some really fancy modems with dedicated management interfaces. [image: dual.png] [image: dual.png_thumb]

@cmb: Traffic from the host itself doesn't follow your gateway groups. If you have default gateway switching enabled, it switches the default to the next gateway in the list, in top to bottom order. When you say "in top to bottom order" are you talking alphabetically or what? Because AFAICT there is no way to re-order them in the list. I've had this problem/question myself for a while. Seems there should be a checkbox on the GW config page that says "Skip this gateway during failover events" or something to that effect.  Because there is nothing in the GUI that defines whether a particular GW is "internet facing" or not.  And we have seen that when pfSense itself has no internet connectivity, the GUI can become extremely slow or unresponsive.

A static route for each gateway is set towards their respective monitor IP. You need to pick different ones. ( There are enough anycast addresses available)

2.3.1-RELEASE (amd64) built on Tue May 17 18:46:53 CDT 2016 FreeBSD 10.3-RELEASE-p3 I can confirm this one is solved  :) Before update: MONITOR: LBGWGroup is down, omitting from routing group SCRGW After update: MONITOR: SCRGW is down, omitting from routing group LBGWGroup

personally i would have done the vlan option but some of our switches are not vlan capable. we are using dns and that's probably what is causing the issue here. im going to try and keep pushing the switch over sooner than later.

https://doc.pfsense.org/index.php/Multi-WAN

Each interface can have its own user/pass combination. If you only have 1 physical interface you might get away with vlans