Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "Advanced" VPN connections?

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      motionthings
      last edited by

      First. What I'm talking about here is (so far) legal in Norway.
      If this is against forum rules I apologize.

      I'm a customer of PIA-VPN, and use it to access regional restricted content.
      I use it to access Norwegian content when I'm abroad.

      How to set up PIA in pfSense is pretty straight forward:
      https://www.privateinternetaccess.com/pages/client-support/#pfsense_openvpn

      And the excellent guide made by @Klaus F also helped me :-)
      PDF: https://doc.pfsense.org/Create-OpenVPN-client-to-TUVPNcom.pdf

      But, I don't want all my traffic going through the VPN connection.
      And this method only connects me to one regional server (In this case, us-east.privateinternetaccess.com)

      My "dream" is that when someone on my network visits BBC iPlayer they connect through the UK VPN-server, and if someone goes to svt.se they would automagically connect to the swedish server and so on.

      Is this even possible? Without "hours" of work?

      Could anyone point me in the right direction:
      https://doc.pfsense.org/index.php/Category:OpenVPN

      Would a service like Unblock.us (Only DNS) be a better choice for me?

      Intel Core i3, 8GB RAM, 2x Intel Gigabit NIC's.
      CURRENT network: https://cacoo.com/diagrams/1Fh6EcMdZLjGq3zj
      Planned network: https://cacoo.com/diagrams/y2rMw37kzlzcHzZy
      Read BOFH (Bastard Operator From Hell): http://bofh.ntk.net/BOFH/index.php

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        i don't see a way that you could automatically switch to different pia-servers.

        its probably possible to setup multiple vpn tunnels to different pia-servers … not sure if PIA allows for multiple simultanious tunnels, using the same credentials (ask them).
        with multiple tunnels, each with their own interface/gateway assigned, you could probably force all .uk stuff over the english vpn, and all .com stuff over the american vpn, and so on and so on.

        it'll take a while to get it all working as intended, but could be do-able.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Not easily doable, but it's doable. Probably the best way is putting up a proxy server on your LAN, configure it to DSCP tag traffic based on which path you want it to take, then do policy routing on the firewall using DSCP. There are people doing that in production networks for multi-WAN purposes, to differentiate which sites should use which ISP. Multi-VPN is functionally equivalent in that regard.

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            well yes  .uk was a bad example because it would be impossible to create an alias with every .uk domain listed in there.

            but you could create aliases for your popular services that have region restrictions applied. so 1 alias for the bbc video streaming, 1 for netflix , 1 for whatever.

            1 Reply Last reply Reply Quote 0
            • M
              motionthings
              last edited by

              And hence my "hours of work" remark.
              I would not even know where to start. hosts-file, firewall rules, NAT-table?

              I "know" a rulebased setup of some kind should work.

              if bbc.co.uk use ovpnc1
              if play.svt.se use ovpnc2
              if netflix.com, hulu.com use ovpn3
              else use WAN (em0)

              I have 5 client connections included with my PIA subscription (I can use it on 5 machines).
              So I'm thinking 5 regions on my pfSense box ;-)

              I'm going to try unblock.us today and see how that goes.
              This seems a bit easier.

              But you have to agree that it's a good thought, and if anyone has a working example of this, I would love to pick your brain?

              Thanks for your input, again.

              Intel Core i3, 8GB RAM, 2x Intel Gigabit NIC's.
              CURRENT network: https://cacoo.com/diagrams/1Fh6EcMdZLjGq3zj
              Planned network: https://cacoo.com/diagrams/y2rMw37kzlzcHzZy
              Read BOFH (Bastard Operator From Hell): http://bofh.ntk.net/BOFH/index.php

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.