Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Both PIA and remote access VPNs - interesting oddity

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 470 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      salvadordalisdad
      last edited by

      Hi Guys,

      I've done a lot of reading since I finally found out what was going wring & knew what question to ask…but haven't found an answer yet.

      I got PIA openVPN working fine, very nice, almost never dies. (config as the PIA instructions, nothing clever), NAT tables working fine & Rules to bypass the VPN for devices like TVs which need to be in-country etc. Great!

      Since then I implemented a remote access openVPN config, according to the wizard, (no pfsense expert, just followed all the advice on the forum!), and it would appear that things broke a bit but I didn't notice for a while...because not 100% broken - just flaky!

      My phone (on wifi) saw poorer performance, very slow dns lookups & connections, didn't connect the two events!
      If I go to the other wlan, (ie not through the PIA) it works fine, so something was up, but had no time to investigate.
      Until today, when I finally got around to it.
      Eventually found that PING worked about 50% of the time, and when it worked, it carried on working. pause & new ping, failed.
      Packet capture showed that for the 50% working, pfSense NAT rule used the source address of the PIA openVPN interface.
      The ones which didn't work used the source address of the OpenVPN Remote Access interface - which won't go up the PIA tunnel.
      So - searched everywhere to try & pin down the NAT rule, or the FW rule, but nowhere can I do that.
      The only option in NAT rules is "OpenVPN Interface" which could be either IP Address - hmmmm

      Any suggestions on how to be more specific about which IP Address to use for the NAT rule(s)  please?
      I'm going to have to disable the remote access VPN until I get the answer. ;-(
      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • S
        salvadordalisdad
        last edited by

        Colleague advised "create interface for the PIA VPN" without specifying IP Address, just set the name.
        Did that & then adjusted the NAT rules to use PIA interface, & now it's all good.

        Nice.
        ;-)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.