Both PIA and remote access VPNs - interesting oddity

  • Hi Guys,

    I've done a lot of reading since I finally found out what was going wring & knew what question to ask…but haven't found an answer yet.

    I got PIA openVPN working fine, very nice, almost never dies. (config as the PIA instructions, nothing clever), NAT tables working fine & Rules to bypass the VPN for devices like TVs which need to be in-country etc. Great!

    Since then I implemented a remote access openVPN config, according to the wizard, (no pfsense expert, just followed all the advice on the forum!), and it would appear that things broke a bit but I didn't notice for a while...because not 100% broken - just flaky!

    My phone (on wifi) saw poorer performance, very slow dns lookups & connections, didn't connect the two events!
    If I go to the other wlan, (ie not through the PIA) it works fine, so something was up, but had no time to investigate.
    Until today, when I finally got around to it.
    Eventually found that PING worked about 50% of the time, and when it worked, it carried on working. pause & new ping, failed.
    Packet capture showed that for the 50% working, pfSense NAT rule used the source address of the PIA openVPN interface.
    The ones which didn't work used the source address of the OpenVPN Remote Access interface - which won't go up the PIA tunnel.
    So - searched everywhere to try & pin down the NAT rule, or the FW rule, but nowhere can I do that.
    The only option in NAT rules is "OpenVPN Interface" which could be either IP Address - hmmmm

    Any suggestions on how to be more specific about which IP Address to use for the NAT rule(s)  please?
    I'm going to have to disable the remote access VPN until I get the answer. ;-(
    Thanks in advance.

  • Colleague advised "create interface for the PIA VPN" without specifying IP Address, just set the name.
    Did that & then adjusted the NAT rules to use PIA interface, & now it's all good.


Log in to reply