Anyone want to tackle this questions? It's maddening and preventing my ability to balance my WAN usage.

Yes it works , just be sure the nic has dot1q support.(most of them have nowdays)

I configured  3 pppoe connections with load-balancing , just used a unmanaged gigabit switch to break the ethernet connection from the isp into 3 separate nics(wans) on pfsense where i configured the 3 accounts.

As much as usual. There's so much here that even spending several hours a week here each, we can't possibly address every thread (or even a majority of them). Generally if I can provide reasonable guidance quickly on a thread, or if it looks like a bug, I'll reply. If someone's essentially asking for hours of time doing a proper network design, I'll be glad to do those kinds of things, but only under our support or professional services depending on specifics. One of the great things here is how many other really knowledgeable folks chip in to help. It's unusual for a thread to go unanswered. Generally only if it's way more involved than a forum thread should reasonably be (you really need to hire a network consultant), or if the post is really unclear. If something goes unanswered for 24 hours, you're welcome to bump it.

@heper: not exactly the same thing. LB FO  as you describe it, is dealt with by differently. loadbalancing works only works on pfSense when the service is not running on pfsense itself. (on a lan-client, a dedidcated squidbox, a dedicated dns server, …). loadbalancing does not work with services/software running on the firewall itself, because policy routing can not easily be applied to them. For example: Squid binds to a specific interface (generally the default gateway-interface). Policy routing can not be applied because, it  can only happen when traffic goes from INTERFACE-A  --> INTERFACE-group ; in squids case traffic does not go from A-->group: it goes straight out the WAN without any possibility of applying policy routing. There are some unreliable hacks possible with binding squid to localhost, forcing it through a gateway group by using quick floating rules ; even marking/matching packets to avoid some other oddness. ( This with lots of help from jimp,cmb & ermal when i did extensive testing of this on the 2.0-Beta till 2.0.3 builds) I've all done that before and got it sort of working …. unreliably with annoyed customers as a result. My advice: for the moment best stick to failover-only when dealing with squid (see allow gateway switching) jeroen You do realize that the problem is with Squid Package, nothing to do with FreeBSD or PFSense itself, right? The use of Float Rules with grouping worked really well up to version 2.0.3, Squid, Squid-guard, everything fine, now with version 2.1.x is a pain in the a…

Can someone explain to me how to do it Or give a link to a simple guide

Anyone? Still trying to figure this one out. Thanks.

Sorry I figured it out once i'd had a bit more of a play with it. Thanks very much for your time and help.

Thanks man,  what I eneded up doing was creating a gate of 1.100.100.100 on the lan interface, then pointing vlans(routes I needed) at that gateway, worked awesome, thank you for pointing in the right direction

What exactly is the challenge? From your ISP you have got at least one IP address for your use an one gateway address and probably addresses for DNS servers. On a new installation your are guided through a setup wizard at command prompt where you can set the static IP and the gateway for WAN an LAN. After the initial set up is finished you have a menu in the console to configure this (2 - Set interfaces IP address). If you are already in the web configurator you can find the setup wizard in System menu. In the GUI you can add further IPs in Firewall > Virtual IPs.

If the gateway is set to 192.168.0.254 from location1, this means that you have also set an IP in that subnet. What are the subnet masks? IF set correctly, what firewall rules did you create to allow the traffic? Did you set a route on both sides? Do the routers/firewalls have an IP address between them to route the traffic? Any more details you can provide will help.

Hello, case solved. I replaced all aliases of dmz with machines ips and works fine.

I think it's because you are natting the LAN on the WAN. Traffic has to go out the WAN to reach the other net. Try using advanced OB nat and excluding the private subnets from NAT.

In case anyone else has this problem.  The fix is to just create a second ipsec tunnel to the other subnet.  This is what happens when you try to over think things.

@heper: Did you specify a dns server for each gateway in System: General Setup ? No, i've selected "none" on the "Use Gateway" option for all my DNS. I guess i could make one DNS go through my primary gateway and the other through the secondary, but automatic change of default gateway seems a better option. @heper: Shouldn't the default gateway of pfsense change when i'ts down? Not by default, you can however, enable this if you wish (System: Advanced: Miscellaneous: Allow default gateway switching) I will activate this option and make some tests. Thankx.