Tutorial: Configuring pfSense as VPN client to Private Internet Access
-
Which rule do you think you have to change? What, exactly, is the problem?
-
I have to disable that top rule to reply.
When all the rules are enabled, on the BJENVY pc, it doesn't seem to have internet for some time, then it comes for a few seconds, I can check the ip and it is my WAN IP and then it stops responding.
Should I be concerned about the Gateway showing offline?
scratching my head… ???
-
Thanks to Derelict for keeping me at it. I got the separate IP's working out thru the VPN and all others thru normal gateway/router.
bj24 - Follow the steps in Derlict's post for making an alias. Add the IP's you want going out thru the VPN to it. Give it a name like 'IPs_Out_VPN' or something you will recognize.
Then go to Firewall-Rules-Lan
Click the plus to create a new rule based on LAN net
Action=Pass, Interface=LAN, TCP/IP=IPv4, Protocol=any, Source=Type:Single host or alias, Address: IPs_Out_VPN; Destination=any, Description=LAN PIA_VPN Specific IP address Out
Advanced features: Gateway=PIAVPN_VPN4-some.ip. (this should be in the list if you followed the tutorial)
Save, Apply Changes
In Firewall: Rules - LAN Click the rule you just made in the checkbox on the left; Then point at the Arrow to the right of the LAN net rule, and move your IP out rule above it. It should now be the first rule.
Go to Status-Services, Restart DHCP, Restart OpenVPN.
Give your computers 1-2 minutes to get a refreshed IP and see if your computers are running thru the interface you want.
**** Mine Didn't*** Because I had to go change this:
Firewall-Rules-LAN
Choose your IPv4 LAN net (gateway should be '*') click Edit
Advanced features - Gateway: Choose 'WAN_DHCP - 192.168.x.x'
Save- Apply changes.
Go to Status-Services, Restart DHCP, Restart OpenVPN.
Give your computers 1-2 minutes to get a refreshed IP and see if your computers are running thru the interface you want.
If all works, save this to your notepad along with the tutorial and you're good to go!
Let me know if you need the individual steps for making the Alias list, it's pretty straightforward but until you do it you can be poking around.
Thanks Derelict and others for getting us going! -
This is very frustrating.
I have it as you two have said as far as I can tell and it does not work as expected.
Should I be concerned that the Gateway for the VPN shows offline?!
What logs should I be looking at or screens? I have found another laptop to use as a tester so I stop losing internet when I test on myself. I have added its IP to the list with a Alias of IPs_Out_VPN.
I have made a Lan rule with the Gateway selected to use the VPN.I restarted the 2 services.
I test the computer, it still has my ISPs IP address and after a less than 2 minutes internet stops completely on it.
Should I start to suspect PIA? Like I've wondered, the Gateway keeps going from online to offline.
puzzled….
-
Disable gateway monitoring on that gateway.
-
Thank you, that has solved the gateway offline issue.
However still no routing of IPs_Out_VPN to go out the VPN.
progress!!…
-
Why are your NAT entries back here: https://forum.pfsense.org/index.php?topic=76015.msg500950#msg500950 for 192.168.1.0 and your policy route is for 192.168.0.102?
-
I hope thats the issue. I corrected that to 192.168.0.0 but still nothing.
Here is my updated NAT list, do I need to keep all 7?
tested it now and still on the ISP IP.
-
oops, heres the NAT list
-
What are the contents of alias BJENVY?
What is the IP address of the host you're testing from?
Is the VPN up?
Please post evidence so we can see everything is as it should be.
-
I have changed the alias name to IP_out_VPN, it has 2 ips in it 192.168.0.102 and .115
I am testing from both of those 2 IPs, 192.168.0.102 and .115
What is the best evidence that the VPN is up? I believe it is as far as I can see.
-
I guess I don't know. You've got something wrong somewhere. Delete it all and start over maybe.
-
:)
-
Will start fresh and see how it goes… cross your fingers ;)
-
HOLD UP. My last post I noticed my IP address in the lower right corner and it wasn't mine, it was the IP of the VPN!! So something is working.
I go to speedtest.net and it shows my current location and ISP IP.
I go to whatismyip.org and it shows my ISP IP and location.What is going on? Why did my post or this forum recognize the VPN but nothing else seemingly?
steps forward…
-
There is nothing in your config that cares about the destination unless you're not telling us everything. Is your VPN going up and down? Lots of sites report IP addresses. What does www.ipecho.net say? What does www.wimi.com say?
-
Derelict,
What do you imply that I wouldn't be telling?
Every time I check the status of the VPN it is up and well. When I use the PC application the VPN is very stable. The logs for openVPN don't show anything strange.
Both of those site showed my ISP IP.
Any other logs I should be looking at?
-
Status > OpenVPN has a connected since column.
I say there's something else afoot because if there wasn't it would be working.
-
I checked the connection time and it was up for almost a day now.
I tried unchecking the "Don't add/remove routes" box. To my amazement when I checked the IP it was my VPN! How ever when I checked it on a PC that should be on the ISP is was showing the VPN. I changed it back.
I tried checking "Don't pull routes" too but that didn't seem to help.
-
If I use the website ipleak.net I get these results…
Showing my ISP IP 50.*** and also my VPN IP 104.***
what gives?
