This is fundamental to a decent Fw in todays world.

If PfSense intend to play a part in that world, this is basic stuff that needs to be fixed asap.

@kiokoman Hi, thanks for your interesting about the question. Yes I tried several time with multiple configurations: the most obviously was create vlan 0.836 where igb0 is the main interface where is still attached vlan 0.835 for internet traffic. Telecom says 10.10.10.2/30 so I supposed gw for vlan 0.836 is 10.10.10.1, but with or without gateway the connection isn't really active. So I disabled "monitor gateway" considering it active (i have so many doubts about it as i can't see any relevant traffic on this interface), then I created firewall rules on new WAN 0.836 "any to 224.0.0.0 proto IGMP with applied "allow IP control" option and "any to 239.0.0.8 proto UDP "with applied "allow IP control" option - then on interested internal lan (called IPTV) "allowed IGMP and UDP from network IPTV to 224.0.0.0", in the end I enabled IGMP PROXY with upstream WAN 0.836 and downstream LAN IPTV, nothing to do, I'm missing something, pheraps more than something ;)

It seems that it can't be fix at the moment. Other people stumbled upon the same problem.

Using a phone hotspot doesn't work for my use case.

I was really hoping there would be a way to make pfSense obey the firewall rule to route out the specified gateway.

@viragomann
Finally got around to reinstalling and reconfiguring from a clean install.

I am happy to say that it solved the problem.

@viragomann
Hi,

sorry for the late feedback.

I got it running.

Connected the WAN part from the NanoPi to the eth3 and gave him LAN network. And the LAN port from the NanoPi then to the switch.

@viragomann Many thanks!!

That makes sense, although this is really bad :(

With your keyword I found an article in the A1 forum. There they indicated that the A1 support could fix that somehow for the guy.

The only thing I need is that they forward the ports, well, I will chat with them, let's keep fingers crossed.

Thanks again!

@mushymiddle all good points :)

Seems the issue was with my route.
I had to specify the ip and not only the dev
e.g. route add 10.0.0.0/16 via 10.240.0.1

@swemattias
I learned somethings from these websites:
https://github.com/ahuacate/pfsense-haproxy/blob/master/README.md
https://docs.deeztek.com/books/pfsense/page/pfsense-haproxy-softether-vpn
https://cbonte.github.io/haproxy-dconv/2.2/configuration.html

I think this redmine issue might be covering a similar issue https://redmine.pfsense.org/issues/855.

Does anyone have a work around for voip connections so far?

@johnpoz Ok, I was so blind 😊

Thank you!

@steveits Got it working. Thank you!

@skull07 I am also having this issue with T-Mobile home internet. I get the "duplicate echo reply received" alerts in dpinger but there are no duplicates happening at least not in the packet trace of the WAN interface, I am using an ATT connection as my backup WAN. I seem to get phantom packet loss indications as well randomly where there really are no packets lost. I tried using unique singular public IP's that are not accessed by my systems and the problem still happens. It's something to do with the T-Mobile router and/or CGNAT which does not allow you to use passthrough mode or any options at all for that matter. It also blocks traceroute attempts to get an idea of intermediate gateways. Of course using this router makes for a double and maybe triple NAT scenario but I have no other way to get internet where I live and for most things it works fantastic. Just cant use dpinger anymore to get an idea of the link quality. If anyone does ever figure out what's going on here please post.