OpenVPN No LAN Access using PIA
-
@KOM:
OK, so you want to tunnel in to your PIA provider, and then tunnel inside that tunnel to your home VPN? Sorry, I got nothing. Never did that before and have no idea how.
So basically your saying that using a VPN provider there is no way to access your home LAN? So I would need to setup my own openvpn server in order to do this?
-
I didn't say anything of the sort. I said I have no idea how to do that. I'm fairly new to pfSense and am still feeling my way around. I was trying to help you in any way I could, but I lack the knowledge to solve your problem. For all I know, what you are trying to do is very simple, but I have no idea myself as to how to do it. Perhaps it's impossible.
-
@KOM:
I didn't say anything of the sort. I said I have no idea how to do that. I'm fairly new to pfSense and am still feeling my way around. I was trying to help you in any way I could, but I lack the knowledge to solve your problem. For all I know, what you are trying to do is very simple, but I have no idea myself as to how to do it. Perhaps it's impossible.
I understand and appreciate the help, I am also new to PFSense. It may be that it is not possible, I tried searching this forum and online but could not find a definitive answer. It seems as if other people are able to access their LAN, but this may just be because they are using the openvpn server feature in PFsense and not the client option. Hopefully I can figure this out before Monday because I only have 7 days to get a refund with PIA. If I cannot access my LAN with the VPN service then, for my purposes its pointless.
-
Yes, from what I have seen here, most people use OpenVPN to allow external access to their LAN from a standard Internet connection via OpenVPN client.
The fact that you're connected through some ISP's VPN doesn't mean you have some magic universal VPN connectivity. If you want to get into your LAN, I believe that you will have to run the OpenVPN client that has been specially-configured to connect to your LAN through the OpenVPN server that you set up. I'm not sure it's possible to run multiple VPN clients on top of one another, as I believe each installs itself as a virtual NIC and changes the routing table when enabled & connected. WHat you are trying to do may well be impossible, or require an end-to-end solution.
-
@KOM:
Yes, from what I have seen here, most people use OpenVPN to allow external access to their LAN from a standard Internet connection via OpenVPN client.
The fact that you're connected through some ISP's VPN doesn't mean you have some magic universal VPN connectivity. If you want to get into your LAN, I believe that you will have to run the OpenVPN client that has been specially-configured to connect to your LAN through the OpenVPN server that you set up. I'm not sure it's possible to run multiple VPN clients on top of one another, as I believe each installs itself as a virtual NIC and changes the routing table when enabled & connected. WHat you are trying to do may well be impossible, or require an end-to-end solution.
I wonder if I could setup a OpenVPN server on my PFsense instance and then connect my client to that server. Then create a firewall rule to allow all traffic to move freely between my own VPN server, the LAN and the PIA service.
-
Like I said earlier, I don't know if it's possible to run multiple VPN clients concurrently but I doubt it. You might try contacting your VPN ISP and see if they can help in any way.
-
@KOM:
Like I said earlier, I don't know if it's possible to run multiple VPN clients concurrently but I doubt it. You might try contacting your VPN ISP and see if they can help in any way.
Well it wouldn't be multiple VPN client's technically. The PFsense instance would be running a server and also a client.
-
Set up an OpenVPN server on your pfSense and you can connect in to it from a "road warrior" client on your laptop wherever you happen to be. If you have only a dynamic IP from your ISP, then you will also need to register with a dynamic DNS provider so you can have a name that always translates to your current public IP.
Then if you want anonymity, to be seen as the PIA-allocated public IP, whatever… then you can send traffic from your road warrior laptop through the OpenVPN tunnel to your pfSense. Then pfSense can send it on through the tunnel to PIA and PIA can put it back on the real internet.
If you actually do not care about tunneling outgoing traffic to a VPN provider, then do not bother with PIA.
If you want to access from LAN to an OpenVPN "Road Warrior" server+clients you will need to put a rule on LAN before your policy-routing "all to PIA gateway" rule, that passes traffic for the OpenVPN road warrior subnet to the ordinary routing table (i.e. with no gateway specified in the rule) -
Set up an OpenVPN server on your pfSense and you can connect in to it from a "road warrior" client on your laptop wherever you happen to be. If you have only a dynamic IP from your ISP, then you will also need to register with a dynamic DNS provider so you can have a name that always translates to your current public IP.
Then if you want anonymity, to be seen as the PIA-allocated public IP, whatever… then you can send traffic from your road warrior laptop through the OpenVPN tunnel to your pfSense. Then pfSense can send it on through the tunnel to PIA and PIA can put it back on the real internet.
If you actually do not care about tunneling outgoing traffic to a VPN provider, then do not bother with PIA.
If you want to access from LAN to an OpenVPN "Road Warrior" server+clients you will need to put a rule on LAN before your policy-routing "all to PIA gateway" rule, that passes traffic for the OpenVPN road warrior subnet to the ordinary routing table (i.e. with no gateway specified in the rule)But in order to setup pfsense this way I would still need two public IP addresses, correct?
-
But in order to setup pfsense this way I would still need two public IP addresses, correct?
No, the OpenVPN server will be listening on the public WAN IP, port 1194 by default (you can choose a different port number if you like). Set it up the same as any ordinary "Road Warrior" OpenVPN server. Then you can connect home by OpenVPN from anywhere (well, anywhere with Internet :) ).
-
But in order to setup pfsense this way I would still need two public IP addresses, correct?
No, the OpenVPN server will be listening on the public WAN IP, port 1194 by default (you can choose a different port number if you like). Set it up the same as any ordinary "Road Warrior" OpenVPN server. Then you can connect home by OpenVPN from anywhere (well, anywhere with Internet :) ).
I guess I am still confused on how I can get Pfsense to run both PIA and my own openvpn server and still have all internet traffic go out of PIA with only one public IP. When using my openvpn server, how would my laptop be able to find the VPN connection coming from PIA since it would be coming from a different IP address and most likely a different port. I also still want to have access to my own LAN at home when I am on the VPN also.
-
You would connect in from OpenVPN client on your laptop, from anywhere on the internet to the OpenVPN server running on pfSense at home. The traffic from your laptop back home to your home network would not be going through PIA.
You can set your laptop-to-home OpenVPN connection to "redirect all traffic through the VPN". Then when you browse the internet from your laptop, that traffic will go from laptop to home pfense, then out of home pfSense to the internet by whatever way the rest of your home LAN gets out to the internet.
For that, you can have an OpenVPN client on pfSense connected to the OpenVPN server on PIA. And you can send all traffic through that.
So you pfSense would have an OpenVPN listening for connects from your remote laptop, and an OpenVPN client connecting out to PIA.
