Is are your Internet access rules under the LAN configured under Advanced with a specification of your failover group as its gateway?

Ok I see, looks a bit unsecure.I think the best way would be to add an wifi access card to pfsense and mananage the wifi and dhcp from there. Thanks you help me clarify some things

@hyrol: Under System=> Routing=> Gateways Change Monitor IP to Alternative Monitor IP , I'm using goolge ip. it's working for me. I also got it working this way.(same GW-ip on both WANs different monitoring IP) BUT… Pfsense was fine with it untill I had to reboot my cable-modem and Pfsense due to a cable-mess-cleanup. I can't get it working again now. It's been said a couple of times in this thread. When a multi-wan-setup where al the WANs are using the same GW-address is working (when not PPPoE) it's pure luck. I guess i'll have to double-NAT one of my two WAN-connections. Anybody have tips on how to do this? mainly the firewall-setup in the "first" router(the one getting the public IP). My guess is, get a simple SOHO-router, have it do the required portforwarding towards the 2nd WAN-ip on pfsense, open up firewall on SOHO-router and do the firewalling in pfsense. [EDIT] I just finished setting it up with a 2nd router. I put the ip of the interface of my pfsense in DMZ on the cheap router, did the necessary portforwarding and tried to keep everything else as secure as I could. Works pretty fine and I've got a couple of exact spares for my SOHO-router since it's the one I replaced for my self-built pfsense-firewalls in all of our branches.  ;D

Thanks Jimp, this seems to have worked.  I did as you said: 1. Removed the IP Alias from the WAN 2. Removed the bridge 3. Set up the DMZ side of the PFSense iface card to accept on the subnet. Thanks so much.

Yes, I definitely agree with you there. I was more or less directing my query towards the OP. Being that s/he has posted this over a month ago, and truth be told, I wasn't expecting replies anytime soon. Perhaps I will start a new thread this weekend (after dutifully searching the wiki and forums, of course) if I run into troubles that aren't perceivable or clear to me. Thanks, and take care!

These changes are logged in the system log. It shows alarms for gateways when they happen and what gateways are being removed from service. On 2.1 this has moved to its own separate Gateways tab.

This is NOT a bug. That's how IPSEC works. Traffic is redirected before it's applied to the routing table. If you want to make use of the routing table you need to use OpenVPN.

Really need a network diagram to understand what you have and what you're trying to do.

@darnitol: Is it a good idea to turn on the Sloppy State option for all internal routing that doesn't require firewalling? Never in normal circumstances. Only in unusual cases with multi-homed hosts or other cases for asymmetric routing. Both of those should be avoided in general.

This is all over the internet. Others with more experience can tell you the why, I only know that in 2 instances where realtek nics were involved, the bond (linux in this case) would only do active/passive. Probably has to do with the MAC address dynamic update that actie/active type bonds use.

You also need to specify the failover group as the gateway under Advanced in your LAN's default allow rule.  I've forgotten to do this several times and wondered why failover isn't working until I fixed the rule! When it rains, it pours.

Ok, but where do I find OSPF or quagga? I've only seen those terms for 1.2.x. I only see RIP under Services with 2.0.1. Looking at the section in the pfSense book, I see that it's a separate package. I don't have that installed. So I've solved it this way. Plus, with the gateway group, it also load balances normal internet traffic from the LAN and using static routes, I can force certain sites to be accessible only through a certain WAN (e.g. there is an IP restriction on the website).

If you are using m0n0wall and not pfsense, then the best place is to ask on m0n0wall forums and mailing lists. While pfSense was based on m0n0wall, the user interface and feature set has changed. We could get you close and I will attempt that. Since you don't need firewalling, I doubt that you need NAT also. Given that, you can actually turn of firewalling and turn either pfsense or m0n0wall into a router. I don't know where it is in m0n0, but in pfSense, it is in System -> Advanced -> Firewall/NAT. There is an option to disable the firewall. It will not NAT either with the FW off. As far as routing, you do not need to create routes on subnets assigned to the pfsense or m0n0wall system. It routes between them automatically.So unless you have a subnet behind another router, then you will not have to create a route at all.

@jimp: There aren't any plans to notify when it comes back up. I don't recall 100% why that was, but I think it's because there are times when it's assumed to be up or when it comes back that would cause a lot of false positive and/or redundant e-mail notifications. I have posted a Feature Request for this bug. It appears that if a Gateway goes down, comes back up, and goes down a second time, the second email is not sent, IF the contents of the last notification sent is the same. Saving the current state of the GW or sending an email upon GW up status would solve this bug. References: http://forum.pfsense.org/index.php/topic,53590.msg286373.html

In a windows domain environment. I use wsus. For starters make sure your clients have the primary DNS of your local domain controller. Do this by amending dhcp. Then on the domain controller you have to create a group policy. Do this by going into admin tools and look for gpo. It's so much easier now in a 2008r2 environment, but 2003 takes a little more work. This is deffo the best way and the Microsoft way of doing it.

I have same issue. On my OVPN server, i can have either of the vpn connections up if the other one is down. The log produces this: Oct 5 14:42:24 php: /status_interfaces.php: Starting 3gstats.php on device '' for interface 'wan' Oct 5 14:42:29 check_reload_status: Reloading filter Oct 5 14:42:32 php: : Gateways status could not be determined, considering all as up/active. Oct 5 14:42:34 php: : Resyncing OpenVPN instances for interface WAN. Oct 5 14:42:34 kernel: ovpns1: link state changed to UP Oct 5 14:42:34 kernel: ifa_add_loopback_route: insertion failed Oct 5 14:42:34 kernel: ovpns1: link state changed to DOWN If ovpns1 is up then the log changes to ovpns2: if_add_loopaback_route: insertion failed etc.