Possible to Run OpenVPN Server and a PIA OpenVPN Client at same time?
-
Which guide for PIA setup have you followed?
Have you set up already an interface for the PIA client and add policy routing rules to direct outgoing connections to the PIA server?To get it work, you have to do this. Also go to the PIA client settings and check the "Don't pull routes" option. That will be the culprit here.
-
I used the guide from PIA for setting up their client on pfsense: https://www.privateinternetaccess.com/pages/client-support/pfsense
When I check the Don't Pull box, I no longer obtain a PIA IP address though…but the OpenVPN server works for a change. What Is My IP shows my IPS IP instead of one from PIA.
-
When I check the Don't Pull box, I no longer obtain a PIA IP address though
So you've just checked this option, but not add a PIA interface and policy routing rules as I suggested above. So you've only done a part of the solution!
Here is a video showing how to do this: https://www.youtube.com/watch?v=JdjWNpoktrw
-
When I check the Don't Pull box, I no longer obtain a PIA IP address though
So you've just checked this option, but not add a PIA interface and policy routing rules as I suggested above. So you've only done a part of the solution!
Here is a video showing how to do this: https://www.youtube.com/watch?v=JdjWNpoktrw
I followed the instructions in this video, and just like the guide from PIA's website, my PIA VPN is working…other than the video neglected to change the port to 1198 from 1194 (1194 won't connect to PIA). However, I still can't access my network via the OpenVPN server running on the pfSense router. It is probably a NAT ruls thing, but I can't find any guide on the additional NAT rules (or firewall rules) to get my iPhone to connect to the OpenVPN server. I can only access my OpenVPN server if I disable the PIA VPN Client. Any other ideas?
-
Is your iPhone using a separate internet connection for testing?
-
All remote iPhone tests used Verizon and not wifi. I've scrapped the whole PIA client and will try again at a later date…a much later date. For everything I got working, something else stopped working. Before reverting to a backup, I had gotten Plex remotely connecting, Blue Iris remotely connecting, PIA working, and Open VPN working. But then apps on my iPhone stopped working, even the weather app. My Ooma Telo stopped working as well. I set many devices to bypass and go straight to the WAN, but in the case of the Ooma and my iPhone...that didn't help. Shoot, the final straw was my earlier reply not being able to post since the site loading was horrible before reverting back. Back to the base router setup and OpenVPN server I need. The whole weekend was wasted fighting with PIA and the OpenVPN server, so I won't be repeating this anytime soon.
Thanks to those who tried to help, but there are so many settings that have to be just right that I would probably need a guide for my exact setup to get it to work right.
-
Ok, after more tweaking, factory resetting, and more tweaking…I have everything working except one thing. I can connect to my network via the OpenVPN server, I have the PIA VPN Client pushed to the network IP addresses I want going through the VPN. I can remotely access both Plex and my Blue iris surveillance server. However, there is one thing I cannot get figure out and I'm sure it has to do Firewall Rules or NAT Outbound rules. When remotely connecting to my OpenVPN server, I want those connections to be able to access the Internet as well. Currently, any remotely connected client to my OpenVPN server can access network IPs only and any attempts to connect to the Internet are being blocked. Anyone have a suggestion or guide on how to setup the needed rules?
Current NAT Outbound Rules:
Current Firewall Rules for WAN:
Current Firewall Rules for LAN:
I know there has got to be a way to do this.
-
Since you still pull the default route from PIA, there's no special firewall rule needed for the VPN clients going out to the internet. You're only missing the outbound NAT rule for that traffic.
Just add a rule to the PIA_VPN interface and set the source to your VPN access servers tunnel network. -
Since you still pull the default route from PIA, there's no special firewall rule needed for the VPN clients going out to the internet. You're only missing the outbound NAT rule for that traffic.
Just add a rule to the PIA_VPN interface and set the source to your VPN access servers tunnel network.Ok, adding this rule fixed one thing and broke another. Adding the above Outbound rule now permits my remote clients connected to my OpenVPN Server to now access the Internet, but now they can no longer connect to the LAN IPs. Is this a one or the other type or deal or is it possible to have both working at the same time, along with a PIA VPN client. Is there another rule I need to add in order to get both working?EDIT 1: Never mind, its an issue with the Remote Desktop app on my iPad only, as it works on my iPhone.
Here are my current Outbound Rules:
-
Greetings,
I'm curious if it is possible to run an OpenVPN server to permit remote connections to my network, via iPad and scuh, while also taking advantage of the benefits offered by Private Internet Access. I finally got my OpenVPN server up and running and remote connects now work flawlessly. However, when I installed PIA as instructed in the PIA pfsense router setup, the status shows as "down." The only step I skipped was deleting the various certificates required to make the OpenVPN server work.
I'd like the benefits of remote access to my network as well as the benefits provided by PIA. Any suggestions or guides that I've missed. My experience with pfSense consists of about a month, with MANY failures trying to get the OpenVPN server up and running.EDIT: Ok, after more tweaking, factory resetting, and more tweaking…I have everything working except one thing. I can connect to my network via the OpenVPN server, I have the PIA VPN Client pushed to the network IP addresses I want going through the VPN. I can remotely access both Plex and my Blue iris surveillance server. However, there is one thing I cannot get figure out and I'm sure it has to do Firewall Rules or NAT Outbound rules. When remotely connecting to my OpenVPN server, I want those connections to be able to access the Internet as well. Currently, any remotely connected client to my OpenVPN server can access network IPs only and any attempts to connect to the Internet are being blocked. The OpenVPN Server is assigned its own openvpn interface and the PIA Client is assigned its own unique PIA Interface. If I disable the PIA client, then my OpenVPN Server connections are able to access the Internet. Once I restart the PIA client, the Internet access of the OpenVPN Server connected clients stops. Anyone have a suggestion or guide on how to setup the needed rules?
EDIT 2: Well, the recently changed NAT Outbound (posted below) granted my OpenVPN Server remotely connected clients to access the Internet, but it broke their ability to access LAN clients. How can I get both Internet and LAN access for clients remotely connected to the OpenVPN Server?EDIT 3: Never mind, all is working correctly, but for some reason the remote desktop cliet on my iPad isn't connecting this morning where as the RD app on my iphone is.
Current NAT Outbound Rules:
Current Firewall Rules for WAN:
Current Firewall Rules for LAN:
Are these above your working settings? Can you please please share your current working settings? I can't get them to work together no matter what I tried. I've spent the better part of the past 3 days epxerimenting with all possible combinations. I did factory resets, installed the server first and then the client and vice versa. Played with all the possible rules I could think of. Duplicated the existing outbound NAT with values both for OpenVPN and PIAVPN.
I would be greatful if you could share the server's and client's config as well as the rules in WAN, LAN (or anywhere else) and also your NAT/outbound tab.
I have created separate interfaces for the PIA Client and the OpenVPN server while the ''don't pull routes'' option suggested by @viragomann disables completely the PIA client and then magically the OpenVPN server will accept the connection from my Android client.
I have already asked in several topics but failed to draw any attention so I'm hoping you could help me out.
Otherwise I'll have to open a new thread. I just did not want to do as there are many like us who had the same issue and the forum is full of similar threads…