Both PIA and remote access VPNs - interesting oddity
-
Hi Guys,
I've done a lot of reading since I finally found out what was going wring & knew what question to ask…but haven't found an answer yet.
I got PIA openVPN working fine, very nice, almost never dies. (config as the PIA instructions, nothing clever), NAT tables working fine & Rules to bypass the VPN for devices like TVs which need to be in-country etc. Great!
Since then I implemented a remote access openVPN config, according to the wizard, (no pfsense expert, just followed all the advice on the forum!), and it would appear that things broke a bit but I didn't notice for a while...because not 100% broken - just flaky!
My phone (on wifi) saw poorer performance, very slow dns lookups & connections, didn't connect the two events!
If I go to the other wlan, (ie not through the PIA) it works fine, so something was up, but had no time to investigate.
Until today, when I finally got around to it.
Eventually found that PING worked about 50% of the time, and when it worked, it carried on working. pause & new ping, failed.
Packet capture showed that for the 50% working, pfSense NAT rule used the source address of the PIA openVPN interface.
The ones which didn't work used the source address of the OpenVPN Remote Access interface - which won't go up the PIA tunnel.
So - searched everywhere to try & pin down the NAT rule, or the FW rule, but nowhere can I do that.
The only option in NAT rules is "OpenVPN Interface" which could be either IP Address - hmmmmAny suggestions on how to be more specific about which IP Address to use for the NAT rule(s) please?
I'm going to have to disable the remote access VPN until I get the answer. ;-(
Thanks in advance.
-
Colleague advised "create interface for the PIA VPN" without specifying IP Address, just set the name.
Did that & then adjusted the NAT rules to use PIA interface, & now it's all good.Nice.
;-)