@gertjan I think I've discovered the answer for my problem...

I came across a note about comcast blocking traffic which pings and the answer was to turn off monitoring on the gateway. Voila. That worked.

I tested it by turning monitoring back on and it still worked. That seems a little flaky to me and I suspect it will come back to haunt me... but for now i'm clad it's framed up pretty well.

I did create the 4084 vlan and assigned it to a default Interface OPT1. Then in the Interface settings I renamed the OPT1 to WAN2.

I also created a gateway for WAN2 manually and had to set a NAT in outbound for WAN2.

Thank you for your help.

@ben_p In the UI, Diagnostics Menu | Command Prompt | Execute Shell Command

so upon disabling and re enabling the WAN interface this is when i see the issue occur. the only action that can be taken it seems is to manually select the gateway removing it off the automatic option. restarting the gateway service nor reboot changes its behaviour.

Running on 2.6.0-RELEASE (amd64) wonder if anyone else is getting the same issue?

@bob-dig
yes destination is internet.

So this is why I get the NAT3 on the ps4 right?
in short, because the vlan's gateway is not exposed to internet but is behind the wan.. right?

sorry what you mean with If the destination is at your place then number 3
another vlan or the lan?

thanks again

Make sure you have the Don't pull routes option checked in your OpenVPN Client configuration:
pfSense_Dont_pull_routes.png

-Rico

For my site the issue has been resolved now. Been running smoothly for more than a week after increasing Router Lifetime in services_router_advertisements.php?if=lan

@jack7076 transparent squid does not work with policy routing. Squid binds to wan. Policy routing is done before it reaches wan

Do you see it being routed in packet captures or the state table when you try to reach 1.1.1.1?

Where does it fail?

@JeGr said in Multiple Gateways on same subnet:

Why not simply reconfigure those routers

Because some devices (not mine) directly connected to router 1 have in their routing table certain rules to redirect traffic through 10.1.0.4. Hence those routers need to be on the same subnet.

These routers are shared by around 20 people, in 4 rooms on single floor. Hence I cannot change settings on those routers.

That is a layer 2 issue. Either that NIC is not passed through to pfSense correctly or the ONT is rejecting the MAC address. Rebooting would normally reset that bit not always.

Try some other device using the public IP directly. If that also fails and the Netgear is the only thing that works you will need to spoof the MAC address or call the ISP and have them reset it.

Steve

Yes the netmasks are all /24. For now it is 1 peer for testing. But in the future i would like to have the possibility to add more clients. The following is what I'm trying to accomplish:

test.png

Ok, if you only have a firewall rule with the OpenVPN gateway set it will force all traffic out that way which will break connectivity to the LAN.
Add a rule on the new interface above any rules with a gateway set to pass ping traffic to the LAN.

Otherwise check the firewall logs. Check the state table while you're pinging.

Steve

@xyzzyz said in VLAN question for noob moving from Cisco ASA:

My question: On my pfSense replacement for the ASA, is there any advantage to setting up a VLAN for the WAN port?

No.

@Overclock said in Non local gateway IPv6:

I let you inform about OVH response.

Ask them how SLAAC is supposed to work with a /56. You may be able to get a single /64 to work, but the other 255 will be unusable.

Olha, olhando o problema superficialmente, com as informações que você passou, já levando em consideração que você verificou cabos e etc, digo que sim o problema pode ser na placa de rede.

Não é normal ter problema de conectividade entre o pfsense e o modem, é um cabo, não é pra perder ping nem muito menos perder o MAC da tabela.

Even in the logs, I can see that the server is pushing its own address as the gateway, yet pfSense does not use it as the gateway IP:

Dec 21 02:45:36 openvpn 67745 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.27.120.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.27.120.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

I had this same issue and what worked for me is creating a floating rule on the downstream PfSense to allow WAN to LAN connections. YMMW.

Merci @ccnet pour votre retour.

Alors depuis mon espace OVH je vois bien une passerelle mais sur mon VPS, il n'y a aucune passerelle de configurer...

2001:41d0:0305:2100:0000:0000:0000:0001

Effectivement le but de ma démarche et d'obtenir une passerelle afin d'interconnecté mon VPS avec un réseau exterieur.

@grimm-spector Exactly, it will work just fine :)