1. pfSense should be frontend for all other services 2. OpenVPN is recommended solution for accessing anything in LAN, it can be added (I recommend You using additional package named OpenVPN Export Utility to export config files for Your VPN client) 3. I think answer is no, however I don't know Squid capabilites well

Having the same issue getting traffic from localhost to work with multiple gateways, doesn't really matter if its failover or load balanced. The traffic from localhost will always follow the default gateway. Sure you can force the traffic to leave another interface trough a floating rule, but trouble is that the floating rule will kick in after SNAT(outbound NAT) has already happened, leaving you with a packet that will always have a source address of the default gateway interface. So effectively in a dual-wan load balanced setup, the 1st request will leave wan1(default) and return on wan1, request 2 will leave wan2, and return on wan1, and of course pfSense kills request 2. <slightly ot="">I believe this is the same issue that I'm experiencing with OpenVPN on udp listening on "any" interface, the request can enter any interface, but OpenVPN will always respond through the default GW. Though it seems to work fine with TCP.</slightly> What we need is some kind of logic that can apply the rules before SNAT, possibly something with routing the traffic trough a dummy-interface and reflecting it back, making it look like regular traffic entering the interface, for (re-)processing. Isn't this how NAT-reflection works? wouldn't it be possible to make something like this?

Thank you so much! I did exactly as you implied and now 172 can reach 192 and the internet. Thanks again! :D

Is it possible to let traffic from 145.58.0.0/16 network flow over one wan interface?

Solved it. To work for the above setup correctly, I had to set NAT to manual. What I did not add was manual NAT rules for the second LAN. It works fine now with these additional settings: [image: nat.jpg]

hi Mike, if you use quagga ospf you can setup a link cost in the interface settings to prefer one link instead another(link state). in bgp(path vector) you can set the local preference(cisco use 1st weight and then local preference). for the other route you are correct connected is before static and so on. BR

hi, you can assign a loopback interface with shellcmd package. i have done this for all route rid with quagga ospf. let me know if this can fit your needs. BR

Thanks so much, now it works!!

Thank you very much Phil, I cant resolve it. I disable one interface and pfsense never refresh the new route… i added push route to advance configuration in OVPN server and client, and force the routes via command prompt and i m able to see with one connection (MPLS). But i must restart every time, it's a shame, but i cannot point the same range of destination (Ex. 192.168.0.1/24) using two differents gateways 10.0.0.0/24 (MPLS) and public IP using ADLS. Always the last one overlap the route even if the interface at server its disable. Now I think by the changes I made, cant connect the second OPEN VPN, perhaps both of them points to the same network.... push "route 192.168.0.0 255.255.255.0" on server side and push "route 192.168.1.0 255.255.255.0" on client side I cant use multiple remote configuration as you told me because the ADSL connection never can't see the MPLS connection, remember that one it's a private link between the office's managed by telco. I Think I only can create 2 VPN peer to peer, one over MPLS and the other over MPLS, and switch VPN like's gateway's. But i couldnt do it. Thank you very much, you show other way's to see my problem. Tomorrow I ll keep trying.

I'm still stuck in the issue and understand that if there was no answer, probably similar issues were on the forum…. However I digged into the posts and didn't find an answer for one question: is it possible to have typical scenario with WAN - nat - LAN and simultaneously public ip assigned to voip gateway behind the pfsense box? From what I've read I think I need transparent/bridged firewall, but i such scenario nat is disabled which I have to avoid. Or maybe there is other way to assign public ip to the voip gateway not losing nat between lan and wan interfaces? Please help, any clue will be helpful!

Attach pictures [image: wan2.png] [image: wan2.png_thumb] [image: wan2-interface.png] [image: wan2-interface.png_thumb] [image: wan2-status.png] [image: wan2-status.png_thumb]

Here is the marketing text from Clavster, entry level is $980, is this on the development list?? WAN Load Balancing, or Route Load Balancing, is an important function for most companies regardless of application. It enables you to connect multiple Internet Service Providers (ISPs) to your Clavister product to ensure optimal Internet access, even in the case when one ISP service fails. By utilizing both Internet links at the same time, you can route outgoing traffic to the link with the most free capacity and/or with the lowest latency. By combining WAN Load Balancing with our Host Monitoring functionality you can make sure that the traffic distribution is dynamic and based on the current capacity and quality of each link. The WAN Load Balancing functionality is a must for any organization that require high quality Internet access at all time without having to pay for extremely expensive lease lines.

anyone?

While it is best to avoid such overlaps, more specific routes do get considered first as SeventhSon mentioned. It should work fine.

Would love to see a network diagram of this to get a better visual of what your trying to do. www.gliffy.com