Two Gateways for the same destination

silviub

Hello,

I have an issue that I can't seem to figure out. I've got two locations, with two routers in each location, connected to each other. See below:

to keep it clean, I've excluded the details that are not important (inter-router IPs and stuff). those are set, and are working - tested with static routes and it was all fine.

My problem is that, since I've got two gateway (loc 1: 10.10.10.2 and 10.10.10.3 for example), I need to use them both. I saw that PFSense has the concept of Gateway Groups, and I thought "Great!". I've created on each PFSense the security rules, on the LAN interface to use the gateway groups I've created before and, it seems that I also needed to create a rule in the inter-locations interface, to allow traffic from LAN to the other location.
Now, the problem: I can ping from behind PFSense-1 to a device behind PFSense-2 and tcpdump shows the icmp request ending up on that device. I can also see that the device replies, and I can even see that reply on PFSense-2 LAN interface. I would expect that icmp reply to be forwarded on the inter-location interface and be send to PFSense-1. Instead, the reply gets routed on the WAN interface and gets lost. Why is that? Since it's an already established connection, shouldn't it follow back the route?
P.S. on both PFSenses I've got a LAN rule saying "Allow from LAN to other-location-lan via gateway group" and another rule saying "Allow all on inter-location interface".

Can anyone shed some light on this, please?

Thank you!