Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PIA OpenVPN for specific traffic - possible?

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ekoo
      last edited by

      pfsense is the gateway on a 150/150 fibre line.  i have an account with PIA.

      Example:
      192.168.1.200 is dedicated seedbox for BT on a fixed UDP 60000. I want all of that traffic (in and out ) to be routed thru PIA.
      The rest of the traffic from the same computer does NOT go thru PIA

      is it possible?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Sure. Make an assigned interface for the PIA OpenVPN client and policy route that traffic to its gateway.

        The policy routing rules would go on the 192.168.1.0/24 interface.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • E
          ekoo
          last edited by

          I may need some "hand holding" in this department.

          Could someone provide a step-by-step approach to this?

          I understand this is a multiple step process.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Countless, and I mean countless, examples here on the forum.

            Also: https://www.infotechwerx.com/blog/Policy-Routing-Certain-Traffic-Through-OpenVPN-Client-Connection

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • E
              ekoo
              last edited by

              Thanks for the link.
              I've followed the above link. The result is i have no internet as soon as the client (pfsense box) is connected to any of the PIA servers.

              Please see attached.

              Am i doing something wrong?

              PIA_status.JPG_thumb
              PIA_routing.JPG
              PIA_status.JPG
              PIA_routing.JPG_thumb
              PIA_rules.JPG
              PIA_rules.JPG_thumb
              PIA_Rules2.JPG
              PIA_Rules2.JPG_thumb

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Check "don't pull routes" in the OpenVPN client.

                Your rules are all hosed and nothing will go over the VPN.

                Move the rule on LAN that sources 192.168.1.130 to the top and that traffic will go over the VPN. And while you are there change the protocol from TCP to any as that is probably closer to what you want.

                Also need to check outbound NAT which you didn't exhibit.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • E
                  ekoo
                  last edited by

                  see PIA_client.jpg.

                  This part?
                  checked or unchecked, didn't do anything.

                  PIA_NAT:

                  i didn't do anything here yet. but as soon as i assigned interface to the PIA and PIA client is connected, i have no internet on all devices on the network.

                  PIA_client.JPG
                  PIA_client.JPG_thumb
                  PIA_NAT.JPG
                  PIA_NAT.JPG_thumb

                  1 Reply Last reply Reply Quote 0
                  • XentrkX
                    Xentrk
                    last edited by

                    @ekoo:

                    I may need some "hand holding" in this department.

                    Could someone provide a step-by-step approach to this?

                    I understand this is a multiple step process.

                    You can see my post here.  I hope it helps.
                    https://forum.pfsense.org/index.php?topic=132784.0

                    pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
                    Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      No, I said to check Don't Pull Routes not Don't Add/Remove Routes.

                      Check Don't pull routes

                      Uncheck Don't Add/Remove Routes

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.