@stephenw10 I deleted the WireGuard tunnel then I set it up all over again. Done the same thing at VPS. Rebooted remote VM and pfSense and it started working. I have no idea what happened before but I thanks you for all the support you provided!! Thanks a lot :-) kind regards

@m229m Either set up the OpenVPN server on the router (default gateway) or set up a transit network on the router and move the VPN server into it. Your setup ends up in asymmetric routing issues.

@adminproconer And how about you remove the link aggregation.. If still slow then I would sniff - but if you have full speed, and ping is 1ms - your issue is not network related, but most likely server or performance related. Sniff to see what is slow, nothing the network the router can do if server answers slowly.

@gertjan The suggested system patch fixed the issue. Thank you!

For anyone else finding this thread. I've found the solution. Create a port forwarding rule INTERFACE: WG0 PORT: 44158 DESTINATION: WG0 DEST PORT: 44158 REDIRECT TARGET IP: MINER IP REDIRECT PORT: 44158 Then everything works as expected.

@mdomnis I have since upgraded to 22.01 with FRR version 1.1.1_6. In my preliminary testing, the routes seems to be working closer to what is expected. I still have a weird issue where sometimes the neighbors don't like to peer fully and I have to force restart FRR, but from some quick tests, it looks like at least the route is being added to the table correctly. For now at least.

Thank you all for your answers and discussion. Unfortunately it’s a “real problem”. There is a person who I trusted before but this person is now in suspicion for a bad deed. While changing my passwords (way too late I did that) I saw a log in to my personal account that was definitely not made by myself. It’s possible that that person had an auto login but I also had the hunch this person spied my personal mailbox (which is of great concern because I was in touch with official entities). Well I think the chance is quite low I forgot to logout somewhere and that that device has the same /56 prefix as that person. So I can just hope that was an auto login or that person did not found anything. Thank you all.

@johnpoz excatly , so i can change the gateway in routing of this isp , and under interface assimgnets, change the ip ,and add the new gateway that was given by isp.

@mpcjames glad I could help.

@SteveITS From what I can tell, drivers are up to date.

Make sure you have the Don't pull routes option checked in your OpenVPN Client configuration: [image: 1633882835356-pfsense_dont_pull_routes.png] -Rico

Very thankful for this discussion. Provided a much greater understanding of many things and overall. For those reading: As to this specific issue, one that I saw many posts about, but this solution I have not seen: Just found this under logs-->firewall-->settings. I tested it and worked for the noise. Just don't know if will be losing any other and important logging with it. Looking at default block rules I do not think so, but not sure. [image: 1632842562916-screen-shot-2021-09-28-at-08.20.10.png]

Nevermind. It was traffic shaper mucking me up.

If they are different interfaces and not switch ports - then no there is no way to put them on the same network without bridging them. But the only reason you need for them to be on the same network is broadcast traffic.. They could be on different networks and still access everything on the other network. Just create any any rules. Do these devices use some broadcast/multicast discovery or protocol that is required that they are required to be on the same network.. If want to leverage your ports for individual devices - ok... But why do you need to bridge them.. Just use 192.168.1/24 on 1 and 192.168.2/24 on 2.. And use an any any rule - there you go these devices can talk to each other for anything other than broadcast traffic. Bridge is only going to complex up the config, and more overhead for what? Are you doing something that requires broadcast to work? Then get a switch... Really the only time it makes sense to leverage a bridge is media conversion... Or I had something that required the devices to be in the same broadcast domain, ie the same L2 network.. But I also wanted to be able to firewall between them for some stuff. In that case you would use a bridge (transparent firewall) and be able to do such a thing. But just wanting to leverage the ports on your pfsense box.. I don't see the point of trying to bridge them?

You do not need to create a nat - but if your policy routing, then yes you need a rule above that policy route rule that allows where your trying to go before you policy route out a vpn. https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

@vlan1 said in Mapping WAN IP's from a VPS directly to local Host ?: The question for me is, how do I assign the pfsense my WAN IP's ? The WAN IPs have to stay on the VPS, where you run an OpenVPN server. Your pfSense connect to this server and set it as default gateway. So any outgoing upstream packet from your home is dericted over the vpn and goes out to the internet with the static public IP of VPS. The other way around you can use the public IP for your services like you do already, but incoming traffic on the VPS is forwarded directly to your server at home. So you have only one time to nat the traffic in each direction like you was having the VPS public IP at home.

@kiokoman Thank you Sir. You're correct. I can see from here - https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=29&cip=155.70.7.55&ctype=ipv4&printit=0&x=109&y=13 - that the first usable is 155.70.7.49, which will be the ISP router (pfSense default gateway) set into the WAN interface. Can I rather use 155.70.7.48, the network address in a bid not to waste IP addresses? Invariably, is this how to reuse IPs (network and broadcast addresses)? Pardon me, it was indeed 155.70.7.56/29. And sorry, I'm trying to learn the IP addresses by heart. In this case, can I use 155.70.7.56 in the WAN as against 155.70.7.57, the first usable IP? I'm trying to maximize the IP addresses.