@johnpoz: So you have this - see attached. And what possible routes did you create?  Is your wan a common network?  Where is your common network your pfsense use to talk to each other with? If you pfsense lans are connected to same switch - why they not just using the same network? More general again: You need a common subnet between your boxes if you want them to talk to each other ;-) Either you could just strip another connection between both pfsense boxes, e.g. 10.10.10.0/30, then add static routes. Otherwise you need to add an Alias-IP from the other subnet to the LAN-Adapters of your boxes. Maybe add 10.0.0.254/24 to your first box or choose a different address. Then you can also add static routes pointing to the other box… or even add the other device as gateway and load-balance ;-)

that output is truncated. please see attached (bz2, but txt extension due to forum limits) crash.txt

I am having this problem too. It's a real pain. My ssh session drops after a few 10s of seconds. Ping works fine, but I am using Putty on Windows 7, and it closes the ssh session promptly. Has anyone reported this in the bug tracker?

mmm… i found out you cant ping or log onto the other vlans interface (switches page) if there are no computers connected to that vlan, if there is a computer connected to that vlan you can ping the laptop and also you can ping and log onto the vlan interfaces ip address which is the switches page

the issue was the squid proxy. when i run the pfsense without squid is everything all right.

i remember someone asking a similar question in  the Q&A session on BSDcon in the netherlands a while ago (around the time of the 2.0 - release) If i remember correctly, Ermal pointed out that it wasn't production ready and that implementing it in pfSense would be a huge undertaking. (adding/removing routes would need changes/special attention etc etc etc) Still i hope it will be a feature in one of the future versions. I think, it would also solve a lot of the multi-wan "hacking" that is required today (ie squid/vpn/…) Keep up the good work

exactly the same, which only makes this problem weirder.

There will be no problem with Dynamic DNS - you can define an entry for each ISP (on WAN1 and WAN2) so each Dynamic DNS name stays updated with the current public IP of ISP1 and ISP2. Then you can port-forward whatever ports you like from each WAN independently to the same backend LAN-side IP address of the server. About RDP - I am not sure what list of ports you will have to forward and the resulting security of all that being directly accessible from the public internet for "random" people to attempt connections. Personally I would put an OpenVPN "Road-Warrior" server on the pfSense, listening on both WANs (or failing over from one to the other if you want it to prefer a particular WAN or…). Then have the remote users connect by OpenVPN - they are then authenticated well and become part of your private network. Then they can RDP or whatever to wherever. Others will also have an opinion about that...

Thanks to both of you, it was my fault.

Outbound NAT happens as the traffic exits an interface. Routing decisions happen before that point. To oversimplify it a bit: Packet enters firewall Routing table (or policy routing) decides which interface the packet will exit Outbound (source) NAT applies as the traffic leaves that interface

Thank you for reply phil.davis, I have attached diagrams of the system that I'm trying to build up: two pfSense configuration works, one pfSense not works. PFS POS has two WAN interfaces (WAN1, WAN2) in failover group and two VPN connections (VPNPRY, VPNBCK) to headquarter office. The PC has "PFS POS" as default gateway and must use it for internet navigation and for communication with HQ Server (via VPN); VPN routing is managed by Quagga OSPF and I need to have VPNPRY on WAN1 and VPNBCK on WAN2. [image: twoPFSenseWork.png] [image: twoPFSenseWork.png_thumb] [image: onePFSenseNotWork.png] [image: onePFSenseNotWork.png_thumb]

No, that's not possible. Sticky, as you've observed, maintains a client-to-gateway relationship and doesn't get any more fine-grained than that unfortunately.

Ok updated info; site 1 - 1 WAN is connected to pfSense, when i try to make the second connection from site 1 this is in the LOG ; ERROR: can't start the quick mode, there is no ISAKMP-SA

Im thinking to get new isp to this setup really cheap so i will probably do it and i will let you know how it works,  but i think it will be okay. Since i will have 2 isps i will use google dnses The problem got solved and post can be locked