• Hello,

    I have a project for school where the goal is to have a VPN between 2 networks and another interface on both pfsense which are on another network as backup so they they always have a connection between the networks so when one of them is down it still works.
    Both are in a gateway group as tier 1.
    The routes have to be made manual so I can't fill in the ip addresses in the openvpn server/client tab.

    The IP of the machine connected to pfsense 1 is and the pfsense is
    The IP of the machine connected to pfsense 2 is and the pfsense is

    Machine 1 and 2 can always connect to the router of the other network.
    The problem is one minute machine 1 can ping machine 2 and vice versa but not the routers.
    The other minute machine 2 can ping the other machine and pfsense but machine 1 can only ping machine 2.
    and there are more possibilities where only machine 1 can ping machine 2 etc…

    I thought adding ICMP rules would fix this problem but it didn't

    Does someone know what I should do so they can always ping each other?

    Thank you
    ![machine 1 rules.png](/public/imported_attachments/1/machine 1 rules.png)
    ![machine 1 rules.png_thumb](/public/imported_attachments/1/machine 1 rules.png_thumb)
    ![machine 1 outbound 1.png](/public/imported_attachments/1/machine 1 outbound 1.png)
    ![machine 1 outbound 1.png_thumb](/public/imported_attachments/1/machine 1 outbound 1.png_thumb)
    ![machine 1 outbound 2.png](/public/imported_attachments/1/machine 1 outbound 2.png)
    ![machine 1 outbound 2.png_thumb](/public/imported_attachments/1/machine 1 outbound 2.png_thumb)
    ![machine 2 rules.png](/public/imported_attachments/1/machine 2 rules.png)
    ![machine 2 rules.png_thumb](/public/imported_attachments/1/machine 2 rules.png_thumb)
    ![machine 2 outbound.png](/public/imported_attachments/1/machine 2 outbound.png)
    ![machine 2 outbound.png_thumb](/public/imported_attachments/1/machine 2 outbound.png_thumb)

  • you are loadbalancing and something is problably wrong with ONE of the two routes/connections between the network.
    test both individually to figure out which one is causing the issues.

    if you are natting either of them, then stop natting vpn's between private subnets ;)