Pretty sure same as here https://forum.pfsense.org/index.php?topic=111108.0

I have tried pinging from the console and it was fine. DHCP was fine. Everything is up on the server. Internet on my LAN is not working., it can't connect to the internet.

That's "Alert interval".

Thanks for your answers @heper: your openvpn is a transit-network …. packets go THROUGH it instead of TO. Yes I understand this. It was kind of a "shortcut" : it was shorter to talk about "OpenVPN" rather than about "the machine connected through OpenVPN" @johnpoz: So looks to me you have this - see attached. Your drawing is really better than mine (except I do not see Internet as such a dark cloud)  ;)  Yes it is my network config. The reason I have such a config is because pfSense1 and server1 are virtual machines hosted on host1, while pfSense2 and server2 are virtual machines hosted on host2. Host2 acts as a backup of host1, and I wanted the settings of server2 (and all the other servers, configured that way), to be ready and operationnal. @johnpoz: I would not suggest trying to create a route on pfsense 2 point to the tunnel network 10.0.100/24 to pfsense 1 lan IP So is this the reason why the static route I set on pfSense2 (as described before - adding a "green arrow" on your drawing from pfSense2 to pfSense1) does not work ? Is there a (short) explanation why a "simple" static route will not do the trick ? I was expecting that if there is a "sign" in pfSense2 saying "to go to OpenVPN : follow the direction to pfSense1", and when you're in pfSense1, ask someone…

aaaah… ok. that i work for me. i have a dedicated server with ESXi and i have 6 VMs Servers and all the server is behind the pfSense.

I finally solved it. I mixed up two gateways. My mistake. Thanks for your help and interest. I really appreciate it.

Honestly that diagram has me scratching my head. It should look more like this unless you have some really fancy modems with dedicated management interfaces. [image: dual.png] [image: dual.png_thumb]

@cmb: Traffic from the host itself doesn't follow your gateway groups. If you have default gateway switching enabled, it switches the default to the next gateway in the list, in top to bottom order. When you say "in top to bottom order" are you talking alphabetically or what? Because AFAICT there is no way to re-order them in the list. I've had this problem/question myself for a while. Seems there should be a checkbox on the GW config page that says "Skip this gateway during failover events" or something to that effect.  Because there is nothing in the GUI that defines whether a particular GW is "internet facing" or not.  And we have seen that when pfSense itself has no internet connectivity, the GUI can become extremely slow or unresponsive.

A static route for each gateway is set towards their respective monitor IP. You need to pick different ones. ( There are enough anycast addresses available)

2.3.1-RELEASE (amd64) built on Tue May 17 18:46:53 CDT 2016 FreeBSD 10.3-RELEASE-p3 I can confirm this one is solved  :) Before update: MONITOR: LBGWGroup is down, omitting from routing group SCRGW After update: MONITOR: SCRGW is down, omitting from routing group LBGWGroup

personally i would have done the vlan option but some of our switches are not vlan capable. we are using dns and that's probably what is causing the issue here. im going to try and keep pushing the switch over sooner than later.

https://doc.pfsense.org/index.php/Multi-WAN

Each interface can have its own user/pass combination. If you only have 1 physical interface you might get away with vlans

You could force certain services, say HTTP, HTTP, SMTP, FTP etc. to go out WAN2 and thus leave WAN available for gamers, by setting specific LAN firewall rules to use specific WAN2 gateway under advanced –> Gateway options on each firewall rule for certain services. I know it's not exactly what you are looking for, but, it will help. You could take it one step further and create 2 gateway groups WANgamers with WANgw in it Tier 1 and WAN2gw in it Tier2 and a second gateway group called say WANgeneral with WAN2gw in it Tier 1 and WANgw in Tier 2. That way, each Gateway Group will have redundancy and failover to the other WAN, but, prefer to use a different WAN gateway normally. Then, your firewall rules will ALWAYS reference a specific gateway group, either WANgamers (which prefers to use WAN) or the WANgeneral gateway group which prefers to use WAN2. I hope that helps.

pfSense (like most other routers) does not aggregate ; it balances (hence the name). so basically, a single connection will never exceed the max speed of a single WAN. With multiple connections, a single client will be able to get the speed of both wans  (2 downloads/with torrents/ google's spdy/ …)