GUIDE: PFSense with Private Internet Access and Plex
-
The following is a guide on how to forward certain traffic through your regular internet connection, such as Plex, the Transmission Web UI, and other services when using a VPN service like Private Internet Access. I couldn't find a good guide on how to do this, but got everything working with some trial and error.
First, make sure you follow the guide for setting up PIA or your VPN provider through OpenVPN.
Guide for PIA users from their wiki: https://www.privateinternetaccess.com/pages/client-support/pfsense
PIA's tutorial has one issue: It just uses the generic OpenVPN option for its outbound rules, which is fine for more people, but has weird issues if you're also hosting a VPN connection to your firewall or have another VPN going somewhere else. I recommend you create a dedicated interface like this (http://i.imgur.com/CfYXVHf.png) and instead of using OpenVPN for the interface in the Outbound NAT rules, assign it to the interface you created. Make sure you choose the ovpnc interface that corresponds to your VPN client tunnel. It is probably ovpnc1 or similar. You may need to reboot after you do this change prior to it working correctly.
Then, setup your Outbound NAT rules to prioritize OpenVPN and then have your WAN as lower priority rules. Here is a picture of my setup.
Outbound NAT Rules: http://i.imgur.com/GiSi04l.png
Make sure you have your DNS set to PIA's DNS servers to avoid DNS leaks and high latency response times.
Under System –> General Setup, enter 209.222.18.218 and 209.222.18.222 for your first and second DNS server and make sure you have the "Allow DNS server list to be overridden by DHCP/PPP on WAN" unchecked.
Next, setup your port forwards like you normally would if you didn't have a VPN from the Firewall --> NAT --> Port Forward section. You'll want to redirect WAN to an internal IP address like normal.
Then, go to Firewall --> Rules and make a new rule for LAN. Enter the following, leaving everything else default:
Interface: LAN
Address Family: IPv4
Protocol: TCP/UDP
Source: Single Host or Alias [Enter your IP address of your internal device]
Under "Source", expand Advanced
Enter your source port range. For Plex, as an example, you want 32400 for the to and from.
Under "Extra Options" expand Advanced
Gateway: Choose your internet gateway
This will override your outbound gateway from OpenVPN to just your regular internet connection with no VPN.
IMPORTANT NOTE FOR PLEX: Make sure you have the port manually set in the Server –> Remote Access --> Show Advanced Options. For this example. we're using port 32400, so set it to that.
You should now be able to access things through normal port forwards without your VPN.
Hope someone finds this helpful!
[EDIT]
Something I learned during this: PIA's guide for building your VPN tunnels has one serious flaw: If you're running a VPN server using OpenVPN and using OpenVPN for PIA as well as a client, you want to assign an interface to OPT1 and enable it. Then specify that interface in your Outbound NAT rules. Otherwise, you might run into weird DNS timeouts because it tries to use your OpenVPN server for DNS requests for some reason. PFSense gets really confused when you just say "Use OpenVPN" rather than a specific OpenVPN interface. I've updated the guide to reflect the changes and updated me images accordingly.
-
I've posted on your Reddit thread, but I'd be grateful if anyone here has any views. Getting to grips slowly with pfsense. Mighty impressive and a hell of an upgrade from the consumer stuff I was using before.
I've tried following this guide and it's all working great, apart from the Plex Remote Access.
Here's what I've got so far.
Plex is running on my Linux server with an IP of 192.168.0.1
Pfsense on 192.168.0.254No VLANs or anything complicated yet. Still working up to setting that up in the future. :D
Here's my port forwards.
And the associated rules.
My outbound NAT
My LAN rules
My PIA Interface
And finally my Plex port forward (The IP address is that from the VPN)
I'm guessing I'm missing something simple, but after hours of head scratching, I can't work out what. So if anyone here has got any ideas, comments or suggestions, then I'm all ears.
-
So I managed to sort this out by adding an alias. It helped that I knew a couple of the Plex devs so could chat to them about how it all actually works. Put together a guide on our website if anyone wants to take a look. Credit to gamerpro2000 (/u/ChronicledMonocle)
-
That link solved my issues as well with remotely accessing Plex behind the router's PIA client.
-
That link solved my issues as well with remotely accessing Plex behind the router's PIA client.
Great, glad to hear it's working for you. Made another edit this morning. Clearly labelled at the bottom. ;)
-
So I managed to sort this out by adding an alias. It helped that I knew a couple of the Plex devs so could chat to them about how it all actually works. Put together a guide on our website if anyone wants to take a look. Credit to gamerpro2000 (/u/ChronicledMonocle)
Thank you, nice how-to that saved my day :)
-
This is an amazing thread. Kudos all around! Fixed my issue.
-
One of the best and well written guide I've seen in a while in regards to this! Extremely useful and to the point. Kudos and thanks to everyone here.
-
If I want it to go the other way around…... example, only PLEX to go thru VPN, i would just select the VPN interface in the rules instead of the regular WAN?
My goal is to pass all BT traffic on port 60000 to go thru PIA while everything else goes thru regular ISP
I posted my scenario in another thread, but couldn't get a step-by-step instruction like these. Thank you for this clear-cut instructions.
-
Excellent guide, especially the part to get Plex working correctly, much appreciated!
I just wanted to add a caveat I found regarding Plex. I had followed the guide and couldnt get Plex to connect remotely at first but I soon found out it was pfBlocker that was the culprit. Specifically, the geoIP blocks. Plextv uses AWS servers that are located in Ireland, so you must allow inbound connections from there in order to get Plex to connect remotely. Just FYI for anyone who may have a similar problem.