Thanks-  Seems to work just fine but I had one of those "wait a minute" type moments…

Either load balancing or see if your ISP will do MLPPP…

For anyone else experiencing this problem I have just found this http://forum.pfsense.org/index.php/topic,3701.0.html I'm going to give it a try now.  I'll post back how I get on.

If this is the case you chose your monitor IP wrong.

Thanks Jim.  THe addressing is all fine - there are no issues pinging or web browsing to the printer.

it work's so far… :)

You create the rule and then move it in the list with the "<" button.

Another possible way would be (on 2.0, recent snapshots only) to send the outgoing OpenVPN traffic for that instance into a failover pool, so it would re-route over the other WAN if needed. If the remote system has a different IP for each direction, you can also add another "remote x.x.x.x" entry into the custom options to direct it there if the primary link on the server end should fail.

Thanks, I will give that a shot when I get home. Will I have a problem if both interfaces have the same default gateway? It would be great if I could set the default gateway to an IP address rather than an interface.

@jimp: It may work but I wouldn't call that "valid" in any sense of the word. Sounds like a DC is just trying to cheap out on allocating IPs properly. The host (esxi for me) has a classic network configuration in /24. But if we need more IP for virtuals machines, our DC ("OVH" or "Online" in France) give us a /32 (called "ipfailover") and the gateway must be the same as host. Even if we want a range of addresses, they give us a /30 /29… but the gateway are external.

I would like my Asterisk PBX box to have a public IP because the SIP protocols don't behave nicely behind nat. I also need a ftp server. Thanks for  clearing up on what i needed to do. I'll just connect these boxes to the switch before fpsense and then just enable iptables directly on the servers. And use NAT1:1 for whatever else i can.

We found the problem. It is a bug in the Citrix XenServer 5.6FP1 with some network adapters in combination with VALN tagging. :D