Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All internal devices seen as same IP for PIA VPN tunnel

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 449 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zebethyal
      last edited by

      I recently setup an OpenVPN tunnel with PIA on pfSense 2.5.0, the documentation from PIA, LTS and elsewhere is somewhat out of date and does not cover the latest version of pfSense, plus I see many complaints of this functionality not working for many people after upgrading, so persuading it to connect was a challenge, but I got there in the end.

      I then setup a firewall rule on my LAN interface to only allow use of the PIA VPN tunnel for a single IP (my desktop), which appears to work just fine for my desktop, except that as a side effect it also seems to think that every other device on my LAN has the same IP as my desktop and also passes those through the VPN.

      If I enable logging for the rule, it logs the same source IP regardless of which device I use.

      If I had wanted a 'whole house' VPN, then this outcome would have been fine, however I only want selected devices to use the VPN tunnel - hence the rule.

      Any suggestions on where I may have messed up?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @zebethyal
        last edited by

        @zebethyal said in All internal devices seen as same IP for PIA VPN tunnel:

        If I enable logging for the rule, it logs the same source IP regardless of which device I use.

        So you might have a router in front of pfSense from the view of the devices. Otherwise it's not possible to route response packets correctly.

        Is it a wifi AP in router mode?

        Z 1 Reply Last reply Reply Quote 0
        • Z
          zebethyal @viragomann
          last edited by

          The router from my ISP is setup in 'modem only' mode, it does not perform any routing or wi-fi functions, its only connection is t othe WAN port of my pfSense unit.

          I run Unifi switches and access points all of which sit behind the pfSense unit.

          I am guessing that since I only have the one WAN IP, once the VPN tunnel is opened from the pfSense firewall, the VPN IP is now perceived by all clients to be their external IP, whereas previously when I ran a VPN on an individual device, the VPN IP only applied to that single device.

          In effect running a PIA VPN tunnel from the pfsense firewall can only act as a 'whole house' VPN, regardless of what firewall rules I may use.

          I have also noticed a severe drop in bandwidth when using the PIA OpenVPN tunnel on the pfSense firewall.

          All tests were performed from my iMac desktop:

          Test Case               down/up
No VPN                  386/20.8
pfSense + London        152/19.8
pfSense + Southampton   205/19.4
VPN app + London        303/19.5
VPN app + Southampton   293/19.6

          The PIA app based firewall is using wireguard, although until recently it was using OpenVPN, the results using the app are usually within 50-60Mb/s of the figures with no VPN (they are a bit down today), but never as bad as those shown for OpenVPN on pfSense.

          Looks like I may be sticking with local VPNs for now.

          For comparison, I ran a speedtest from my media server using a wireguard based PIA tunnel to the same London server and recorded speeds of 317/19.6 with the VPN tunnel and 322/21.1 without. The media server is connected to the same switch as my iMac, both with 1m cables.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.