create PIA kill switch for pfswitch 2.4.5
-
Inside the openvpn client configuration, what is ticked in:
-
Check this link: https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/
-
Awesome. I will try it tomorrow. Thanks for your help. Someone gave me this netgate box and I have a four port protectli. Trying to determine which one I keep
-
no_wan_egress
is your keyword to search for ;)
-
@JeGr Thanks
-
This is very simple read on the remote host command
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ -
@kewe said in create PIA kill switch for pfswitch 2.4.5:
any guide on how to create the rules to make kill switch so if pia goes down my internet wont go out?
I thought a killswitch should make the internet go out.
-
@bcruze said in create PIA kill switch for pfswitch 2.4.5:
This is very simple read on the remote host command
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/That has nothing to do with the question the OP asked. Sorry :/
any guide on how to create the rules to make kill switch so if pia goes down my internet wont go out?
I thought a killswitch should make the internet go out.
I guess it was meant as "my internet will go out" :) Otherwise the kill switch makes no sense, I agree :)
-
@JeGr said in create PIA kill switch for pfswitch 2.4.5:
@bcruze said in create PIA kill switch for pfswitch 2.4.5:
This is very simple read on the remote host command
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/That has nothing to do with the question the OP asked. Sorry :/
any guide on how to create the rules to make kill switch so if pia goes down my internet wont go out?
I thought a killswitch should make the internet go out.
I guess it was meant as "my internet will go out" :) Otherwise the kill switch makes no sense, I agree :)
" if pia goes down my internet wont go out?"
that command fixes that exact request?
-
" if pia goes down my internet wont go out?"
that command fixes that exact request?
a) this is most likely a type and should mean "will go out" - otherwise makes no sense.
b) what has the "remote" statement to do with the solution either way? "remote" specifies your connection endpoint on the client side aka which server to connect to. What is that to do with "cut/don't cut connection if PIA goes down"? Perhaps I don't understand your intention but it makes no sense to me. :) -
@JeGr said in create PIA kill switch for pfswitch 2.4.5:
" if pia goes down my internet wont go out?"
that command fixes that exact request?
a) this is most likely a type and should mean "will go out" - otherwise makes no sense.
b) what has the "remote" statement to do with the solution either way? "remote" specifies your connection endpoint on the client side aka which server to connect to. What is that to do with "cut/don't cut connection if PIA goes down"? Perhaps I don't understand your intention but it makes no sense to me. :)i am posting what i use for a openvpn tunnel that goes down... it reconnects using the command i posted :
–remote host [port] [proto]
Remote host name or IP address. On the client, multiple –remote options may be specified for redundancy, each referring to a different OpenVPN server. Specifying multiple –remote options for this purpose is a special case of the more general connection-profile feature. See the <connection> documentation below.The OpenVPN client will try to connect to a server at host:port in the order specified by the list of –remote options.if i misunderstood feel free to delete my replies, but that is how i understood the question
-
i am posting what i use for a openvpn tunnel that goes down... it reconnects using the command i posted :
The remote command is always configured when setting up a client/server in pfSense. The question asked tells me the OP has already configured a PIA tunnel in pfSense as a client. So no need to configure anything with the "remote" keyword as pfSense already does that by default. As to the "reconnect", pfSense always reconnects a tunnel if it cans, that is per default, as with a client configuration, pfSense' defaults are "inactive 0; keepalive 10 60" so it will always try to reconnect.
What was (possibly) asked (we don't know for sure, as the OP worded the question a bit strange) is, how he can actively disable any traffic leaving pfSense to the internet when PIA is down (e.g. tunnel has a connection problem, PIA server is down, PIA has problems etc. etc.) so his VPN tunnel is down but his connection on WAN is up. In that case pfSense would normally route traffic via WAN and unencrypted. That is when (theoretically) information leakage is going to happen and a wire tap with your provider could e.g. listen to DNS calls being made from you.
That's why we recommended searching for NO_WAN_EGRESS, as there is a thread about how to setup VPN on pfSense with a "killswitch" that will block any traffic leaving WAN unencrypted (e.g. without going through the PIA tunnel).
if i misunderstood feel free to delete my replies, but that is how i understood the question
Misunderstandings happen, that's why I was asking what you mean by the "remote host" keyword as that is always configured per default by pfSense itself. :)
-
@JeGr yes my goal was if PIA goes down no traffic leaves my network. I used the settings pia gave me and it works, I have tested it a few times. Also I have added it port 1194 not to be block so pia can reconnect and I blocked any rougue DNS service from running.
