Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound PIA, Inbound OVPN Server - how to get both working at same time?

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      Hi Guys,

      I've been through every flavour of software firewalls that I can think of and pfSense beats them all for my purposes hands down.

      Anyway, I've got an outbound OpenVPN client configured for Private Internet Access - this works good!
      I've also got an inbound OpenVPN server configured so I can remote to my LAN from Work. This also works good!

      The problem is, I can't get both working at the same time. As soon as the PIA connection is up, my openvpn server isn't listening on the WAN IP (I assume it's listening on the PIA Outbound IP).

      Anyway, i'm guessing it has something to do with either firewall rules or NAT, however, i've turned a bunch of stuff on, allowed logging, and I still can't see where the issue is (note: I've undone all the changes for security reasons).

      Can anyone help me out or point me in the right direction?

      1 Reply Last reply Reply Quote 0
      • H Offline
        Hakon74
        last edited by

        Hello.
        You should do some reading on "selective vpn"

        I have VPN from PIA but only route 3 or 4 devices trough the VPN. this way I can connect to my OpenVPN server from work on my wan ip

        1 Reply Last reply Reply Quote 0
        • ? This user is from outside of this forum
          Guest
          last edited by

          The outbound routing through PIA is OK though - it's getting both to work at the same time that's the issue?

          I actually want everything on the LAN side to travel outwards via PIA - not selecting specific devices.

          Wouldn't your suggestion only be for specific devices?

          1 Reply Last reply Reply Quote 0
          • H Offline
            Hakon74
            last edited by

            Yes i suggest VPN only for specific devices or at least bypass your openvpn server port from vpn.
            If not you have to open a port on PIA and redirect it to your vpn server port (advanced) https://www.privateinternetaccess.com/forum/discussion/23431/new-pia-port-forwarding-api

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              Thanks mate..

              I looked into the port forwarding via vpn and that doesn't suit my needs..

              I'm happy to bypass the openvpn server from the vpn - just not sure how to do it?

              Can you draw me a mud map?

              1 Reply Last reply Reply Quote 0
              • H Offline
                Hakon74
                last edited by

                hello.

                You have to create a firewall rule on your openvpn port.

                go to firewall -> Rules

                Interface: LAN
                Address Family: IPv4
                Protocol: TCP/UDP
                Source:Any
                Destination: Any
                Destination Port Range: you openvpn port

                Advanced Options -> scroll down to "Gateway" and select WAN
                Save

                This is not how I do, but i think it should work.

                try connecting on your wan ip

                1 Reply Last reply Reply Quote 0
                • gtjG Offline
                  gtj
                  last edited by

                  @Hakon74:

                  hello.

                  You have to create a firewall rule on your openvpn port.

                  go to firewall -> Rules

                  Interface: LAN
                  Address Family: IPv4
                  Protocol: TCP/UDP
                  Source:Any
                  Destination: Any
                  Destination Port Range: you openvpn port

                  Advanced Options -> scroll down to "Gateway" and select WAN
                  Save

                  This is not how I do, but i think it should work.

                  try connecting on your wan ip

                  I have the exact same problem. Do I have to alternate anything in the outbound tab except from the rules above?

                  I can't for the life of me get to use both client and server at the same time!
                  Many thanks!

                  1 Reply Last reply Reply Quote 0
                  • H Offline
                    Hakon74
                    last edited by

                    you could try the above rule on your PIA Interface.

                    If not I would configure the  VPN -> OpenVPN -> Clients  "Don't pull routes"
                    And the add firewall rules to the devices you want to use VPN

                    1 Reply Last reply Reply Quote 0
                    • gtjG Offline
                      gtj
                      last edited by

                      @Hakon74:

                      you could try the above rule on your PIA Interface.

                      If not I would configure the  VPN -> OpenVPN -> Clients  "Don't pull routes"
                      And the add firewall rules to the devices you want to use VPN

                      Thanks for your answer.
                      The only working solution for me was to downgrade to 2.3.5 and install everything from scratch. Since then everything's working fine.

                      The ''don't pull routes'' option under the PIA client configuration, was stopping the PIA encryption completely(I was getting my ISP's IP) while remote access was working OK. Therefore, it was essentially like if I was disabling the client.

                      1 Reply Last reply Reply Quote 0
                      • H Offline
                        Hakon74
                        last edited by

                        that is what "don't pull routes" do.
                        You then have to set up rules on LAN to push devices and ports you want out the VPN interface.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.