in your case there is no point in assigning a gateway for the lan interface afaik . all you'd have to do is add static routes (for your various lan subnets) pointing towards your core-switch-router-thing, that sits internally on your lan and handles the routes. on your core-switch-routing-thing, you'd need a route (for your openvpn-tunnel-network) pointing to pfsense. Offcourse you could also choose not todo this all manually and use a dynamic routing protocol, like ospf,rip, … to add the routes for you.

hi.. you can limit the traffic only when you use Tproxy Feature in  your ubuntu squid

The solution is ; You need to make and allow the rules for interface OPT1 to LAN interface, set your destination (all MPLS network) Create a gateway for OPT1 and do a static route for each MPLS network.

I know how to do it now, once you add VIP you make outbound NAT manual and you add the outbound rule there

Hi Karl, I'm also from the Philippines and been using pfsense for several years now. I'm not sure with your first question but for the second question, you can definitely use IDM or torrent downloading to achieve the combined speed of both connections for downloading one file. You are right that they use multiple connections so they will use both WAN links when you're downloading as long as you setup the firewall correctly.

@ptt: Check this –> https://forum.pfsense.org/index.php?topic=75358 Worked just fine! Thanks!

Ow… Ok, just understood. Specifying timeout and saving isn't enough. So, FYI, if needed : need to uncheck "use sticky connections", save, recheck "use sticky connections" and specify timeout, then save. Works nicely now  8)

Yeah right. I did this some month ago.  ;) Sometimes the monitor ip is not responding.. :(

Glad you were able to get it to work at least once (don't you hate it when that happens)  :P My only suggestion is to try and start with simple scenarios (take things apart to simplify if necessary) and then add complexity till it breaks  ;) Good luuck and let us know how it works out.

ok found it. im obliviously blind. [image: ohmygod.png] [image: ohmygod.png_thumb]

This is the main problem that I see as well. The access points don't allow the ping reply. Please test with something else, like s real computer.

someone?? :)

Can you access your pfsense from your MPLS network? Can I see your static route for each MPLS network at pfSense? and also firewall rules

Ok, assigning the gw to the interface did the trick, thanks! Regards, Andreas

@adambmedent: Thinking about this more.  How do you guys connect a single ISP handoff to 2 pfsense machines configured in HA.  Currently all of my ISP's hand off a single ethernet connection. I am hoping my ISP's can siply enable another port on their ONT/switch which I can run to the secondary pfsense box. I was thinking implementing a switch after our ONT would be a single point of failure.  After some thought I realized BGP would detect the link as down and fail us over to the other circuits.  So a switch after our ONT shouldn't be a big deal. Now I just need to decide if I want to do a carp based hardware HA or virtual HA.  Carp seems to have its advantages, but its a completely new concept for me.