@Elrick75 said in Does pfsense generate internet traffic on the second connection if first connexion is operational?:

Thanks for your answer, it doesn't seems simple to recover this information from 4G supplier...
So much person who are not technical, like many hedlpdesk in this case, too lame...

Why not try it for a few days and see what happens, it will be cheaper in the long run.

I can't see them charging for a ping to the gateway as its non internet traffic.

@skullnobrains said in gateway group : ending up with no default route after a network restart while the gateways where ok:

any way to instruct pfsense to keep the first gateway active at all times ?

errata : i mean stick in the first gateway whenever pfsense detects none are working

looks like it does
https://wiki.freepbx.org/display/FPG/Firewall

Did you enable that module?

@jbredereck I got same problem. I was trying to use IPsec tunnel with routed(VTI) mode. I stuck with same situation that machine behind vpn get incoming packet, but reply was going out through wrong interface (default instead of tunnel).

Your solution saved my time.
Thanks!

Regards,
Jacek

@Ximulate Hi,
great news!!
Regards
Crysion

So post your routing table, please. Diagnotic > Routes

Why would you not just use that as an AP..I am not aware of the native firmware being able to turn of natting and just route.. If you did that then your 192.168.150 would have to be a transit network or your going to run into asymmetrical routing issues.

Your better option here would be to just have it be an AP, and then hang that 192.168.20 right off pfsense.

In your current setup you would just setup port forwarding on that soho wifi router and then hit the 192.168.150.11 IP to get forwarded to what you want to use behind it.

You are right! I have overseen a mistake in VLAN configuration on the esxi host. This was the problem. pfsense is working in the described configuration.

Thank you for your support.

@mrpijey said in Routing LAN networks:

went on for so long without a single clear answer of how to setup pfSense to allow traffic between networks.

As already stated there is NOTHING to do for routing.. NOTHING!!!! I mean ANY router that has directly attached interfaces will know how to route between them.. PERIOD!! The only time you would have to add routing info would be if you have specific upstream networks that need to go somewhere different than your default router, or you have downstream networks via a transit network.

Your also running a firewall - so yes you will have to create a firewall rule to allow the traffic. Pfsense only put default any any rule on your lan, any other interfaces you create will have zero rules out of the box.

Your thread turned into asking about vlans and hyper-v.

You were told less than 30minutes after your post that you would have to create firewall rules to allow traffic between interfaces.

A lot of ISPs run private networks that route public addresses to their customers. My WAN IP is 209.x.y.z and my upstream is also on 209.x.y.z-1, but it all connects to a 10.230.0.0 network.

Port forward rules for the inbound connections. Outbound NAT for the outgoing connections. It works.

@dragoangel said in Routing to another subnet off WAN interface:

Why not configure IKEv2 site-to-site IPsec? It easy 5 minute job Karl!

As the traffic is still on our network we didn't need the encryption/overhead of the VPN (traffic could be ~500 Mb/s). I did consider just a tunnel if I couldn't get the routing to work but have now got it sorted as above.

hehehe - yeah thats is what I figured ;)

There are methods available that let you do this such as MLPPP which pfsense can do.. (if your connection uses pppoe and your ISP is on board) and other bonding type services.. But it takes cooperation by your ISP and special equipment if you are not pppoe.

https://forum.netgate.com/topic/143156/is-dual-wan-possible-maybe-with-aggregation

It's an upstream issue in FreeBSD, so we do not know.

@johnpoz Im using he about 2 years with multi wan in office. Im ok with it, but native is little quicker. This case is data center. I want provide my services over ipv6 too. And i don't need many /64 due there is will be not much networks (lan and vpn thats all). I read about npd proxy before when have "luck" to configure ovh servers and end up too use he.net. this another dc and hope I can explain that their ipv6 networking work only for one dedicated server and not for dedicated l2 segment with routed gateway... Thanks