I think the I found the issue ... sticky connection tracks connections by gateway and not by connection, this option doesn't seem to work if all the connections have the same gateway?

e70ebee9-d432-4e65-9a82-064a71c77295-image.png

Session tracking is all being routed to the same Gateway IP and thus means maybe any of my connections?

526ee23d-6eab-4095-91ff-662cf6cb64af-image.png

@AGA-0
Thank you. It worked very well with these steps in 2.6.0 but since upgrade to 2.7.0 error is occurring again:

Aug 7 11:27:35 (1691404055.938356) sockd[74692]: warning: new client from 192.168.13.5.62833 dropped: no resources

@navu I don't believe it is possible with a single Gateway.

@imsnow said in Vlan exit through Different gateway:

however I see that in the gateway I can only select one by default,

Where do you try this?
You have to configure a Policy Routing rule on the respective interface tab.

@Popolou said in Starlink + pfSense Plus 23.05.1 + Powerline network:

@CapitanBlack You need to use the Windows software, Their powersave mode is a common feature of their PL chipsets. Frankly, ditch it if you could. They are flaky devices.

That's why.... I only use Ubuntu and Android on mobile devices... :)))

Already ditched.

@johnpoz

Eureka 👏 👏 👏 👏 .

You were right.
Sometime things are simpler than you expected.
A simple gateway rout did the trick 😳
My mistake was i have tried always to ping the firewall, but forget to enable the LAN for allowing ICMP.

Works like a charm.

Thanks a lot.

Great forum.

@viragomann

Again, very happy with your help! Up to my next learnings!

@Bob-Dig No, setting the default gateway did not not solve the problem. Whenever I use WAN Chunian ISP for my LAN PC interface (PC connected to pfsense via ethernet), the issue started to happen. And if the same WAN Chunian ISP is used with LAN Router (Home wifi router), then it keeps working fine.

Not sure, if I should try capturing the packets if that can help.

still happening with 2.7.0.
we have a couple of openvpn client sessions established from the pfsense. sometimes the tunnels restart but the traffic stops passing (actually it's directed to the uplink interface, not to the ovpnc). filter reloading fixes the issue.

@johnpoz Interesting. I thought I could break out one of the ports and keep the other three as a switch. I do have an extra port that I can connect the second switch to the first but I'll need a bigger switch to add the ap. I guess that's the direction I will go since I don't want to go down the bridging route.

@viragomann Thanks, I'll check that the next time (Primary is back meanwhile)!

I'm not killing states at gateway failure, because sometimes pfSense assumes a failure (high packet loss) although there isn't any - killing states in this case would not be the best as I'm running all kind of self hosted services here. And nevertheless I have a fixed IP, so even when the WAN fails for a few seconds, existing states will be still fine.

Posted DHCP client issues here: https://redmine.pfsense.org/issues/14604

We have resolved this issue.

From the example provided above, when the traffic arrives at Edge #2, it does not have

We found the issue.

The edge routers were dropping inbound TCP packets even though there was a firewall rule allowing them.

Digging into the pfSense documentation, we discovered that a firewall rule allowing TCP only allows TCP with a SYN flag set. Any other TCP packet is dropped. Additionally, we found that there is a default deny on traffic leaving the firewall (out direction) for TCP packets without a SYN flag set.

Normally, TCP traffic is handled by the state after the initial SYN packet.

Because the traffic was returning via a different edge router, there was no state established AND the firewall rule was allow all TCP traffic that had a SYN flag; the return traffic did not pass.

Adding two floating rules fixed the issue.

Allow TCP traffic was set to allow all TCP flags inbound (of course, only for traffic you actually want to allow). A rule that allowed all TCP flags OUT of the interval interface (again, matching the traffic you wanted to pass).

@johnpoz It's fine, all sorted now.

Thank you for your help.

I'm doing this, but my phone is my fail over connection if local service is down. My issue is when phone is plugged in via USB it does not automatically recognize it. Have to go to

Status -> Interfaces

and click on "Renew" button on connection for it to activate.

I also go some of the setup at:

https://brendonmatheson.com/2020/08/07/wan-failover-to-4G-with-pfsense.html