there is no alternative as to using some third-party external "open" smtp relay I guess … ?

Both are dynamic, but rarely change so a static route might work.

Though I'm not sure anymore that it was a problem in the pfSense setup.

Uhm… a DualWAN bridge?
This will not work.

For multiWAN you always need at least a routed setup (or NATed if you dont have public IP's on your LAN).

Just a quick update To state that I was stuck because of this bug back then:
http://redmine.pfsense.org/issues/show/111

Solution listed by cmb
http://forum.pfsense.org/index.php/topic,19763.msg101819.html#msg101819

My home IP used to end in .225, it changed to a new range when I had my cable modem changed due to phone issues (voip at home from our provider) That coincided with the reinstall of the setup.

Funny how things turn out =)

Do you mean you want to write your own code to add to have this functionality?

I'm not sure.
I think the page: services_dyndns.php would be a start to look at.

@foxtrop:

Hi, I solved this by increasing the waiting time, registration of the phone was 3600 seconds and the waiting time in the rule that applied was 3700 seconds, and so far I have had more problems.

My problem turned out to be some type of SIP proxy my fiber ONT has enabled.

AFAIK, stickies are still broken. I just create a rule for 443 that uses a failover pool instead of a LB pool. Last time I looked, this was mentioned in the dual-WAN howto.

You just need to pick a unique IP for each connection to monitor. I usually use something on the provider's side- other side of the T circuit, etc. If the gateways for two connections were the same, it would cause routing problems, as the firewall would not which interface to route the traffic out.

That's because it relates to the web server - try reading this article.

@fernandov:

To answer your question briefly

1. Yes, you need to install a second ethernet card for your second GW

You are not clear about which traffic will go thru which GW.  Is the GW1 only to be used by VPN users? Will all LAN users go out thru GW2 only or they will go out either GW (1&2)?

Let me thank you for your answer  ;D (so long awaited !!!)

The two gateways will be only used for the right service :

GW1 ONLY for VPN

GW2 ONLY for proxy navigation

Hope you could help me more  :)

Sincerely,

@soma:

I have been playing with static routes… for example adding 192.168.2.1/24 on the pfsense box that contains LAN1, and giving it a gateway of 10.1.1.1, but I don't think it's what I need to do, or I'm not doing everything I need to for routing between these LANs.

The 10.1.1.1 box doesn't know where 192.168.2.0/24 is so that won't work.  You have to set the gateway to the IP of the box that knows where the other subnet is.

DHCP box:

Static route 192.168.2.0/24 to 10.1.1.2

PPPoE box:

Static route 192.168.1.0/24 to 10.1.1.1

You will probably need to add rules to the OPT interfaces to allow traffic from the OTHER box's LAN subnet when the destination address is in the LOCAL box's LAN subnet.

Just add the routes and test first.  Do not make a lot of changes all at once.

Right, understand that and that is what we are going to do.

Solved this on my own with the help of http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf. That was all that was needed, and I added the superscope to my dhcp. Now clients on the subnet can browse the network!

@phospher:

hey, is this still an issue? if i understand this correctly it sounds like bad network design here…

if you ping from your lan to your ipsec GW to you get ICMP redirects?

are your two gateway's connected to the same switch? if so, you are probably having problems with redirects. i've seen this same issue occur when attaching two gateways to a cut through switch. if this is in-fact how yours is setup I would plug the ipsec Gateway into it's own physical interface on the firewall.

Yes, both LAN interfaces are on the same switch and both WAN are on same switch.

:( Increasing the number of states did not seem to do anything.  Looking at the states table, it might have been possible that the number of states was exceeding 10,000 at certain times of day.  But now that I've set it to 20,000, I don't think that is the problem.

I've also tried tweaking the apache server KeepAlive setting and also turned KeepAlive off.  No luck there either.

I guess if no solution presents itself, I'll have to switch load balancing to LVS or something.

The two pfSense boxes are Dell 1850 dual Xeon 3.4Ghz with 4GB of memory and a 2-port Intel PRO 1000 network card for WAN and LAN.

IMO, the easiest way to deal with multi-WAN is to use internal DNS servers. If you cannot do this, following the multi-WAN instructions and adding a static route to one of your DNS servers via the secondary interface should work. You should watch your states, and verify the DNS queries are going out the correct interface.