Ah: I forgot to ask my question:Does anyone see anything wrong with my configuration, or does anyone have any suggestions I might try? Thanks! –jason

Ping from the web utility only works through wan 1 AFAIK. Are you running a squid/transparent? I had the same exact problem and shutdown squid and everything worked with no issues.

Should work fine. Just a matter of installing the openbgpd package and configuring it the way they require.

You have to prevent that before it gets to your firewall, your firewall can't stop that. On a wired network, your switch has to control that, on wireless, your access point.

@heper: when working with vlan's you'd only need 1 NIC for all vlan's …. but then you would need a layer2 switch behind the pfsense on the pfsense you can create as many vlan interfaces as you need Hi, I'm trying to setting up pfsense vlans which steps I need to do? Until now i create two vlans Interface VLAN tag Description rl1–----------2----------CASA  rl1------------3---------UFFICIO where rl1 in the lan interface (rl0 is wan interface) which is the next step (i'm using static ip)? Is the hp 1810-g suitable swich? Regards Ugo

Thanks for the response. The issue was running the transparent proxy on the pfsense box. We were running two proxies, disabled the pfsense transparent and it all works. :)

You are probably seeing some asymmetric routing there. Go to System > Advanced and find the option under there to bypass firewall rules for traffic on the same network. That should help. Also in the squid settings be sure to set the option to bypass the proxy for private/local networks.

@heper: figure out how OSPF package can help you with routing all traffic over interconnects and if fails over WAN Brilliant idea. I'll try that too. Once I get a working setup I'll share it here.

I love the internet. We had almost the EXACT same setup (firebox for default gw and an ASA for vpn termination). This saved me many, many hours of headaches. This option is the same in 1.2.3 as well BTW.

You're a really great, now works without problems. I replaced the single IP subnet with all the LAN and I think that works by any location. Thanks, but thank you very much for your cooperation. Known, but those of Virgil can not do like the others … hei hei ..

The easiest way is on the client to add "redirect-gateway def1;" into the custom options, which will redirect the default gateway over the VPN. Alternately, if you are on a recent 2.0 snapshot you should also get a dynamic gateway entry under System > Routing for the VPN connection and then you can use policy routing to selectively route traffic from the LAN side over the VPN.

That has been fixed in recent snapshots.