Managed to solve outgoing pings with an explicit allow ICMP echo request on the tunnel interface, seems those were being blocked even though I have an allow * on the LAN.

I'm still seeing echo reply being sent out my WAN if I ping the tunnel IP externally. Is there any way to have a rule apply to packets coming from the pfsense box itself and set the gateway if src==tunnel ip?

Since everything else seems to be working now, I can live without external ping.

Make what will be the second LACP interface an OPT interface, IP it, and connect to pfSense using a laptop plugged into that.

Create a two-port LACP group on your switch.

Create the LACP group using the first pfSense LAGG interface, assign it to LAN, and connect it to the first LACP port on the switch and make sure it works.

Connect to pfSense over LAN, add the other interface to the LAGG and connect it to the switch. It should just be added to the group.

@leo_1988:

Also i really thought it’s going to be the sum of two lines (28mbps)… isn’t any other way to do this? I’m sure I saw some YouTube videos with this feature!

28 = 20 + 8
I can't deny this  ;D

What must be understood is that if you open one single connection from your device to one single external server, the max throughput will be the one allowed by the gateway used by THIS unique connection. There is no aggregation here.

As a result, if you have multiple parallel protocols, one using one gateway and the other using the other gateway, benefit will be that total throughput may reach 28 Mbps. So there is some potential benefit but only if having the 2 connections on same gateway would have faced bottleneck.

Thank you , worked with these configurations .

I checked the box and it seems to be working now. I also verified with the vendor of there settings and he added routes for the  pcs that only use the software and so far so good.

proxy always goes through the default route. if you setup pia , then most likely, this is your default route.

you can change this behavior by using the 'dont pull routes' option on your openvpn server …. you will have to assign an interface to openvpn to make it work again

You need an additional outbound NAT rule to get traffic for the gateway router UI originating from the correct subnet.

| Interface: | USB_VZN_WWAN |
| Protocol: | any |
| Source: | any |
| Destination: | Network: 10.1.1.1/32, Port:<leave blank=""></leave> |
| Translation: | Address: Interface address, Port: <leave blank="">, Static port:</leave> |

You might have to make this rule higher priority (i.e. above) the automatically created rule to get everything working correctly.

that's really stange.. Have you tried to restart apinger service? execute this command from GUI or SSH: netstat -rn -f inet

@awebster: I tried auto, 100 full duplex –> no ok. But I do https://forum.pfsense.org/index.php?topic=100447.0 –> ok

I'm also having problems with Gateway monitoring via ping, but I'm not sure that it is the same problem as yours.

You would not necessarily be able to ping that gateway from your LAN, depending on which WAN is used to do the ping.

Since you have multi-WAN, a ping might go LAN -> WAN1, or it might go LAN -> WAN2.

When you do your ping test from the pfsense box, you need to specify that the ping go out the same WAN that is using the gateway you are trying to ping.

Thank you. I knew I had seen this somewhere but just couldn't remember. Anyway thanks for your help

@walls6176:

My problem is routing a public IP from firewall1 via firewall2 to the Internet. For example, from firewall1, I am unable to route 8.8.8.8 via firewall2, and on to the Internet via the second ISP.

If the other routes work this will work in the same way. However, I think you'll have an asymmetric routing issue, if you do that.
To resolve, you have to add an outbound NAT rule for that traffic.

Well, I removed the avahi package, and the problem is now history. I will retry installing the package at another time and retest.

@doktornotor:

And how exactly is this suppose to work? The traffic will never hit pfSense unless the "government router" knows to send the traffic there.

You have a point there but i forgot to mention the reason i use the pfsense,
Where i work (govermental position) happens a great internet misuse (almost abuse) like facebook, youtube, online radio streaming etc. We were ordered to find a way to block all these sites from our local pcs. So i don't mind about the incoming traffic so much, the only thing i want is to stop requests for some sites.

The problem is that some old static ips are used for the govermental site so i cannot change them into my lan. That's why i want all the wan computers and all the lan computers in touch.
Maybe i have thought it the wrong way, but I'm not that expert.
The thing is that the 10.217.75.1-255 has to stay that way and that all others must be on 10.217.76.1-255 in order to be filtered away. Do i have a false thinking here?!?!