Hi, first sorry for my english. I have a similar scenario, and I resolved in this way. I create 2 VPN tunnel (peer to peer) one for ADSL (client and server both with the same setting) and the other one for MPLS (client and server both with the same setting) . This permit create an adicional interface per each tunnel. This interface need to be enable but leave in blank all the settings, the interface will use the IP address confgured in the Open VPN P2P (either client and server) only need to put a name and enable. Once you finish this the interfaces will appear at the dashboard, and if the tunnels are up they will you show the IP address used, dont forget open the ports used in firewall rules. This is only needed at server side of Open VPN. The client dont need listen port. The last you need to do is create a gateway group with the gateways associated OPENVPN dynamic gateways, in the same tier if you want load balancing or diferent tiers y you want failover. Once you create the gateway group, only need to assign it at one LAN roule in the firewall for example: in site 1 you need to create a rule that permit traffic from any source to dstination 10.0.2.0/24 use gatewaygroup (this "gateway group" you find at advanced setting inside the firewall rule). and in site 2 you need the opossiterule for example. permit traffic from any source to destination 10.0.1.0/24 use gatewaygroup. I worked a lot for this configuration. Both OpenVPN and VPN assigned interfaces dont need any firewall rules, leave it empty. Saludos, Max. Sorry again for the "English".

powercycle the printer / update firmware some models have a terrible networking stack

Guessing you're letting it push you a default gateway, which you probably don't want. That in and of itself doesn't suffice though (reply-to should route it back out correctly). Second issue, you probably have a static IP WAN with no gateway chosen under Interfaces>WAN, so it's not setting reply-to.

Set the monitor IP to something like 8.8.8.8, then it'll ensure it's bound to that interface.

Another easy way to do it is to use a dynamic routing protocol between your pfsense box and your l3 switch. RIP should do the trick just download routed package and advertise all routes you want discovered. You will have to look up instructions on your dell switch I'm not fimilar with it.

@Oats: Looks like there is a bigger issue. My LAN connection is randomly going down so that I cannot even ping the firewall or SSH in. Tried changing the NIC but no change. Restarting the router gets me connected for a few minutes then dies. But my OPT1 connection is fine (I'm using it right now). LAN was fine a few days ago and just stopped working today. No idea how to proceed. UPDATE: Was consoled in and got the following message when the connection dropped: watchdog timeout msk1: prefetch unit stuck? msk: initialization failed: no memory for Rx buffers msk1: prefetch unit stuck? msk: initialization failed: no memory for Rx buffers going to try thishttps://forum.pfsense.org/index.php/topic,57238.0.html UPDATE: stephenw10's fix above solved the dropping issue. Now back to the original issue. Could be a personal firewall on one of your clients. I would try temporarily disabling it. If that fixes it just add an exception to allow the traffic.

If you're not using static IP addresses for the WAN, I don't think CARP or HA failover is possible. vbentley's suggestion for WAN failover should still work, although I've never set it up For a single pfSense host with multiple WAN connections use 'Gateway Groups' and configure load balancing, failover and firewall rules to use the Gateway Groups.

Figured it out… I had to configure a DansGuardian NAT rule to redirect all traffc from LAN to port 8080....Grrr.

route-to (rules specifying a gateway) doesn't necessarily follow the rules of routing traffic that normal routing of the OS will. If passing broadcast traffic with a rule with a gateway, it will forward that traffic as instructed. Where your architecture is poor and you have HA, that can result in a routing loop that's akin to a broadcast storm. Block broadcast traffic before matching pass rules specifying a gateway in that case.

Problem solved, Thank you a lot!

@cmb: https://forum.pfsense.org/index.php?topic=110043.0 I thought I searched hard enough, but apparently not. :( Thank you!

In the meantime you can set up host overrides in DNS resolver so you can connect to \hostname\share. Your recent history might be enough to make it easy to work with. That or just \1.2.3.4\share DNS resolver host overrides work great on smaller networks. MS really needs to build in AD lite for home networks. IPv6 makes it much harder to "just use IP addresses."

Some further info I have found on closer examination of /var/log/ppp.log [opt1] Bundle: No NCPs left. Closing links… [opt1] IPCP: state change Closing –> Initial [opt1_link0] LCP: SendTerminateAck #52 [opt1_link0] LCP: LayerDown [opt1_link0] PPPoE: connection closed [opt1_link0] Link: DOWN event [opt1_link0] LCP: Down event [opt1_link0] LCP: state change Stopping –> Starting [opt1_link0] Link: reconnection attempt 1 in 3 seconds It also turns out it is less random than I had thought. It is every 4.5mins. I was thinking it might be this https://redmine.pfsense.org/issues/3821  but that issue is apparently resolved in 2.1.5 which I am running. Any ideas here?

Or if 2 interfaces are connected to the same layer 2, you could also setup a lagg.. Your not thinking the interfaces of your firewall/router are switch ports are you??  If you need more ports, get a switch!!!  Interfaces on pfsense should be network interfaces..

In your last setup, you've set the tomato settings to tag VID 30 on port 2, and nothing else.. Where do you define where VID 30 originates? in the SSID settings? Also, did you add rules to that GUEST interface to allow traffic to enter pfsense?

And whenever I ask my friend to uncheck the ( route all traffic through the tunnel ) check box, I then can access again the webUI and I could get an internet connection, problem is , I'm not being routed through the wan interface of pfsense.Although when I use the office separated internet I'm being routed out to the wan address and thus getting its IP when checking in Who.is

@jimp: That link is for load balancing servers behind pfSense – meaning one external IP address, multiple servers behind the firewall. What you want uses multiple WANs/external addresses. In that case, the balancing would have to be done via DNS RR type records or some other means (external load balancer, BGP, etc) Thanks what I must do when I want test load balance work good ? How I test Load Balance ?