I added #3 to the ticket, but I'll post here just so others see it in conjunction with the first two:

When "Enable Dynamic Gateway" is selected, the olsr.conf file that is generated tries to load the secure plugin.  If no security key exists (ie. the file is empty), olsrd fails to start.

Add pass rules above your default any to loadbalancer rule:

pass, proto any, source any, destination WAN subnet, gateway WAN-gateway
pass, proto any, source any, destination OPT-WAN subnet, gateway OPT-WAN-gateway

You have to exclude these subnets from loadbalancing.

thanks i will try that i will let you know how i go,

Ok, got some more info for you….

If I set the rules to source = lan2 subnet to gateway wan2 AND I set the DNS servers under the DHCP server tab (which btw are the same that are in system general... so really it shouldn't matter)
I am able to browse the internet.  I am not however able to access the pfsense box still (or ping it).  But obviously it can pull from the box since it is processing the DHCP requests. !?!?!

I'm banging my head here cause I know I had it working before.  Anyone else with a successfull dual wan want to share their setup?  Like I said I know I'm missing somthing simple, just can't seem to get it.

Try at system>advanced to set the "static routes filtering" option.

The pfSense blocks everything by default at WAN, so it won't reply on a tracert. Add an ICMP allow at your WAN interface.

monitor IP should be different.

Add a pass rule on top of your loadbalance rule with default gateway for the dmz subnet. It has to be excluded from loadbalancing.

You need a second parallel tunnel for this as the traffic you want to send through doesn't match the tunneldefinition you already have. Add 2 identifiers at both ends to be used for this (as the tunnels will run between the same public IPs as endpoints). The second Tunnel should have the definition for 192.168.1.0/24 <-> 10.10.11.0/24.
Another (maybe in this scenario easier) solution is to change the subnetmask at the one end to 10.10.0.0/16. In both cases you need a static route at the pfSense located in the 10.10.9.0/24 subnet to the gateway to 10.10.11.0/24 subnet.

It's simple roundrobin of new connections. This way even a single client can utilize the full bandwidth of multiple WANs with multiple connections. You can't use weights for to make the WANs be used 2:1 for example. Different WAN bandwidth is no issue though. I have a loadbalancing setup at the office of 2 WANs, 2 mbit/s SDSL and 6000/640kbit/s ADSL.

Please see http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing and  http://doc.pfsense.org/contrib/PFSENSE-LoadBalance-FailOver-V3.pdf how to set up policybased routing/loadbalancing.

Please post your firewallrules. There must be something missconfigured.

Thanks for all the help, I do appreciate it.

I decided to yank the nic & put in a 2nd switch. Figured $15 is better than spending anymore time on it, specially since I pretty much suck at anything dealing with the command line.

I doubt that can be easily done with 1:1 NAT (first match wins and that is the match for WAN). You probably need portforwards from WAN to the internal servers and from WAN1 to the internal servers. In this case the state will handle which connection is used for the answer.

Yes, you can do this, add the ip's to a alias, and make a rule that has destination to that alias –> route to wan1 or wan 2 respectively.

Problem solver  ;D

The problem was in the MT box afther the pfsense box.

@vkeven:

After reading some documentation about openbsd i think that te problem is because PfSense does'nt implement the "REPLY-TO"

Read This

http://www.openbsd.org/faq/pf/pools.html

OpenBSD Doc are really done well!!!!

I switched from OpenBsd to Pfsense because I really love the web interface but I think that the command line will never be replace by a GUI , OpenBSD i'm back home!

This issue has nothing to do with reply-to or whether we use it or not (we do).  It has more to do with how we detect the gateways to auto-create the reply-to.  I'm confident that we ignore duplicate gateways.  I expect some day I'll change that code, but I'm sure that's what's biting you.  If you can insert a layer 3 device between WAN2 (binat if you need to) and the duplicate gateway, your problem will likely go away.

–Bill

Those are broadcasts that don't leave the local subnet (think what would happen if the broadcasts would leave their subnet; poor internet!). You would have to setup some kind of central server all your clients log on to find each other. Don't know if this is possible for your application but in case the application is designed for anything larger than single LANs there should be an option.

"I wouldn't think so but you need to make sure that ALL traffic for the game, etc is going out wan #2 via policy based routing."

The 2 wans will be on separate subnets. I was concerned more with the performance of the actual PC e.g downloading at 10 meg and still being able to service the othter wan without lagging the connection.

thanks for the reply