Changing VPN provider
-
@Dudleydogg As I said in a previous post, the dhcp from pfsense will automatically give your pc it's IP as the dns lookup. What your missing is telling pfsense what external dns ip to forward requests to and on what interface.
Go to System->General and go down to dns and enter the external dns ip there and three boxes to the right select your vpn interface from the drop down list.
There are lots out there which can be used here are some better than google (not secure)
1.1.1.1
1.0.0.1
208.67.220.220
208.67.222.222You can put them all in and punt them out all the interfaces if you want including the unencrypted ones but if your using a vpn for security best to punt 1.1.1.1 out the single vpn. This has the added benefit that if the vpn goes down and pfsense re-routes the data out via an none encrypted gateway, which it will do, nothing will work as the is not dns lookup unless the vpn is up.
You can stop the traffic even trying to go out the unencrypted gateway by setting up lan rules to force all traffic from the lan to the vpn gateway.Pfsense is a very flexable and powerful tool, love the control it gives me. My wife's tv traffic to amazon prime and bbc iplayer is routed out via the wan port and these don't like vpns. Also Lan rule for this has a timer set so it cuts the traffic at 11pm which blanks the wifes screen and her tv shuts down. She is asleep by then and gets a better sleep in the dark.
FEEL THE POWER!!!! -
@oggydoggy said in Changing VPN provider:
It seems to depend on which city you connect to
I gave another one a try and so far so good. I've also tried their windows app and it doesn't work with openvpn just IKEv2. I'm waiting to here back from Privado tech support.
@oggydoggy said in Changing VPN provider:
You can stop the traffic even trying to go out the unencrypted gateway by setting up lan rules to force all traffic from the lan to the vpn gateway.
I tried this setup
@oggydoggy said in Changing VPN provider:
You can put them all in and punt them out all the interfaces if you want including the unencrypted ones but if your using a vpn for security best to punt 1.1.1.1 out the single vpn.
I use the tag/tagged command per https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN
to kill the internet if my VPN goes down. -
Don't understand why but changing the gateway for the DNS servers broke my plex remote access. So I switch back to a prior config
-
@NasKar I can't help you with your plex issue as I removed it once it required an online account as this was not secure anymore, it was a "nice" thing to have but I can easily survive without it.
Lookup the system logs and see if there is something being blocked on the firewall, filter for traffic going to the plex server ip.
Interesting thing the tagging of the packets on the vpn I will implement this today. I do worry that the vpn is not proven to be reliable and the more things I put in place to force the traffic only through the vpn, I then have to undo them if the vpn goes down, even to just trouble shoot it.
I think I will save the current config, remove the vpn and get it all running and save that. Then restore the current and apply the tagging and save again . So if the vpn goes down I just restore the non vpn config. -
@NasKar OpenVPN client for windows is working on my pc. Install tap drivers, make sure you select a city different from the one in your pfsense OpenVPN and create a rule in the lan to catch your pc ip and OpenVPN port and push it out the wan not the default OpenVPN.
IE your windows OpenVPN should not authenticate to the same servers as another instance. Also a vpn doesn't need to go through a vpn, not saying it can't just saying I currently don't. -
@oggydoggy
My current setup to have an alias for IPs to go thru the VPN on pfsense and a rule before that one that allows another alias (nonvpn) of websites to not go thru the VPN. Maybe problem with windows client is it was set for same VPN server. Will leave windows VPN client off and see how long the openVPN client stay up on pfsense.BTW I added my plex server to the alias to go out the WAN gateway and now remote access stays up. I had to specify the WAN gateway in the novpn alias rule as it wouldn't work with the gateway being set as default.
-
@NasKar I know bbc iplayer, the lottery, amazon prime and other just won't connect if it goes through a vpn.
I would not expect Plex to do this. If the videos are on your local network and your accessing it from outside via plex's own online system then Plex online would require a fixed ip to connect to. If all the traffic going out was forced out the vpn and plex's incoming requests are coming in another fixed ip, IE Plex comes in the wan and goes out the OpenVPN, then I doubt plex's server would like this.
Perhaps a Dynamic ip setup, which is built into pfsense. Services->dynamic dns. I'm in the process of setting up OpenVPN clients to allow family to access files from outside and I wanted this to come in the OpenVPN which connects to privado.So I signed up for freemyip and set this up on pfsense. I have not got this working yet as I have been distracted by prep for the covid-19.
In theory plex online server could be given your freemyip url which pfsense will update the ip of automatically, it would then remain to setup rules incoming on the OpenVPN interface routing the plex ports to the plex pc ip on the ports for plex.
This all assumes the functions of Plex as I said I removed it as I only used it on my local network as a server with no logon account or connection to plex online. So I'm guessing how it might work. -
I think I figure out the PLEX problem. My Plex rule created by the NAT port forwarding was located below my VPN rules on the WAN port. I moved it to the top of the WAN rules above the VPN rules and now remote plex works as does the client VPN.
I'm not clear on why I had to change this as it all worked with the old VPN client from Usenetserver below the VPN rules. My nextcloud port forward WAN rule is below the VPN rules and it still works.
EDIT: Plex remote access went down again. Don't know what the issue is with the VPN tunnel and why if goes down in a delayed fashion.
-
Is there a guide for PrivadoVPN and Pfsense ?
-
Privado never made one. You can plug in the settings in their supplied ovpn file into PfSense. If u need help send screen shots of your settings and I try to help you.
-
Thank you!
We got it to work!
Life is gooooder :)
-
@stevemosher Although I did also get it to work or Connect I should say, it never worked very well. on the end point I had to manually assign dns or no one could surf. Was no where near as good as the usenet vpn.
-
@Dudleydogg said in Changing VPN provider:
@stevemosher Although I did also get it to work or Connect I should say, it never worked very well. on the end point I had to manually assign dns or no one could surf. Was no where near as good as the usenet vpn.
Something changed and now I don't get DNS if the VPN Client is turned on. Can you explain how you manually assigned DNS?
-
@NasKar I almost forgot about all this, I have since totally removed this from my PFsense because it never worked correctly. While having the VPN configured the same as USENET I would randomly lost ping ability to 8.8.8.8 among other issues. to answer y our question I would go to the Guest System or the comptuer that is connected to that VPN via wifi in my case. and just configure th e network and manually put in Dns. This does not work for me since i am on a domain and don't want to use public dns need to use my domain controllers.
so I have let this VPN go away till someone posts that its working as good as Usenet used to work. -
@NasKar We set DNS here in the General Setup tab to a public DNS server IP.
Privado and NordVPN are both OpenVPN clients used here. -
@stevemosher send me instructions on how to configure NORD if you have it ?
-
@Dudleydogg hi there. I just followed this doc.
https://techshielder.com/how-to-setup-and-use-nordvpn-on-pfsense