@bob-dig

No worries.

Getting my head around the outbound NAT. Working!
Not sure how to properly setup policy based routing.

My WG config is identical to the official docs given at
https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
and the video
https://www.youtube.com/watch?v=2oe7rTMFmqc

Can the outbound NAT and policy based routing be applied to the wg tunnel? If not - do I need to disable it?

@dobby_ Issue solved there was no rule in outbound NAT Tab. Thank you all for the support.

@infosoporte said in Two ISP, two Pfsense:

All computer equipment is in the same cabinet.

single pfsense with dual wan and multiple LANS/VLANS would be my preferred solution

Can this be done easily ? Are any guides or steps I can
follow to implement this?

Set up a gateway group Set up TIER1 and TIER2 choose a load balancing method between; policy based routing session based routing service based routing Activate class c net ips will be accepted at the wan setup for not to be blocked by default.

network 192.168.150.0/24 will use only ISP1
network 192.168.200.0/24 will use only ISP2

Both will have the same gateway! So it might be since 2.7.0
is out running like you want, but not now, as I am informed. It is also nice to know more about your network and/or devices.

Have you two modems in front of the pfSense or one router?

Is there one router only in front of the pfSense and I was not getting it right out how many pfSense boxes will be in that game! Anyway, what you was trying out in the first post will be able to set up since version 2.7.0 of pfSense will be out.

The second thing you should know, is how it works.

Set up a Gateway group Set up Tier1 and Tier2 Choose a load balancing method between three; policy based routing service based routing session based routing

Set up your load balancing and Gateway rules and marl the WAN interfaces accepting the "class c" IP addresses.

Read slow again, word for word, the last comment from @NogBadTheBad

You still have an overlap unless its a typo.

Switches with multiple auth. per switch port and/or radius
certification that this user (certificate) gets even the same ip number and doulbe numbers will be ignord by connecting.

Do you think they will be perhaps sort their own equipment
mostly smartphone, tablet and mobile computer with one certificate.

@chrcoluk Ok I already have an update on two of the issues.

I found this post on reddit.

https://www.reddit.com/r/PFSENSE/comments/e00han/no_wan_uptime_stat_on_dashboard/

It is correct in my case the /tmp/pppoe0up file was missing, so I manually cycled WAN from the interfaces screen and it appeared alongside with the uptime, as to why the file was missing dont know but its working now which is the main thing.

Another file also appeared which was previously missing which is the /tmp/pppoe0_ip file and I have observed now that using a gateway group for IPv4 no longer shows up the line with a blank gateway.

So the only issue left which is relatively minor is the ""/system_gateways.php: route_add_or_change: Invalid gateway dynamic and/or network interface" problem. The gateway IP been called dynamic is greyed out and automatically configured by pfSense itself.

@melcosoft You likely want to do WAN failover and have a Dynamic DNS entry committed to whatever your primary gateway is at the moment and have the Site 1 OVPNS configured to use the failover gateway group for your connection.

That's how my connection is set up (when I have Multi-WAN -- which is not the case right now) and the DynDNS record is set up for a 30-second resolution. Total overkill 99.9995% of the time but very helpful when you have a fail-over and you need an FQDN to resolve back to you when you connect to the remote host.

@johnpoz said in Routing through a gateway that is down, bypassing policy routing:

You can tell pfsense to consider that gateway up by disable monitoring

Thanks. But I don't want to do that because that gateway will be operational and become primary. But the service is only partially restored.

I guess the other way would be to assign Tier 1 to the backup gateway and Tier 2 to this one and disable monitoring as you suggested. But I thought there might be a way to force routing through a gateway that is down. I guess it goes against the logic.

@cmaffio

If I unplug the fiber to my modem, I can only get a "pending" status on dpinger. My site to site VPN's appropriately report down status.

Not sure if that's the same problem as you but something is different in gateway monitoring.

@thiag000

https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html

Set the trigger to Packet Loss or High Latency and set the default route to the gateway group.

@viragomann said in Issue with routing table propagating incorrect route:

@wspence
Stating a gateway here sets an according static route.
You can set the gateway to none, since there is a static route set for related subnet anyway.

Makes absolute sense, I just need to see who configured it that Way.

@dotdash Thanks a lot!
This PFSense is in production, so I need to schedulle the update task