Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Good OVPN client setting for PIA?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 362 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      axxxxe
      last edited by axxxxe

      Is anyone operating a speedy and reliable OVPN client to Private Internet Access with setting they could share? I've had a tunnel to them for years which worked fine until about 2 months ago. I now get occasional good performance (15ms ping, 100Mb) but mostly 500ms ping with ~5% packet loss and sub 1Mb throughput.

      Their support has been no help (telling me to reboot or upgrade my hardware), and all sources of OVPN config settings that I've found don't appear to work. Note that I am in Switzerland and trying to use their Swiss endpoint.

      Here is what I have in my OVPN client config in pfSense:

      Server Mode: P2P (SSL/TLS)
      DCO: unchecked
      Device mode: tun - layer 3
      Protocol: UDP
      Interface: WAN
      Local port: none
      Server: swiss.privacy.network (note that they tell me to put a static IP in here, but no static IP I have tried has allowed the client to connect).
      Server port: 1197
      Proxy: none
      Username: my username
      Password: my password
      Retry: unchecked
      TLS Config: unchecked
      TLS keydir: default
      CA: my PIA CA
      Client cert: none
      Algo: AES-256-CBC
      Fallback: AES-256-CBC
      Auth: SHA256
      HW Crypto: none
      Server cert key validation: unchecked
      Tunnel Network and Remote network: blank
      Limit bandwidth: blank
      Allow compression: Asymmetric
      Compression: Adaptive LZO Legacy
      Topo: Subnet
      Type of service: unchecked
      Don't pull: unchecked
      Don't add: unchecked
      Pull DNS: unchecked
      Ping inactive: 0
      Ping method: keepalive
      Interval: 10
      Timeout: 60
      Custom options (note that pfSense says to separate these by semicolon, which breaks the client for me, so I use spaces): pull-filter ignore redirect-gateway
      UDP Fast: unchecked
      Exit notify: disabled
      Buffer: 512Kb (their support recommended 300K)
      Gateway: IPv4 only

      ===============

      The below is at the start of the .ovpn config file they sent me, but when I try to use the file as-is or try to introduce any of the settings into the pfSense "Custom options" field I immediately break the client and it refuses to connect. I don't understand the interdependencies of any of these...:

      client
      dev tun
      proto udp
      remote swiss.privacy.network 1197
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      cipher aes-256-cbc
      auth sha256
      tls-client
      remote-cert-tls server
      auth-user-pass
      compress
      verb 1
      reneg-sec 0

      I'm also happy to leave PIA if there is a better solution.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.