OpenVPN & XBox One Strict question

  • hi
    I have a VPN service I am protected.. I followed steps I was given and found from the Gaming forum on here.
    Xbox One keeps giving me strict double nat when I have VPN service enabled.

    but when I disable VPN service.. then the steps I did already in the other forum work fine and Xbox is Open..

    is there an extra step when you have Vpn service running and you want your xbox one not to be double nat'd
    I done this enable upnp & nat-pmp I have done group aliases etc
    but just doesn't like it when VPN is running and I even specified to be on the WAN interface so traffic it to the WAN and not through the vpn… and I tried through the vpn interface but still didn't work..

  • Netgate

    You are probably NAT to the provider then they NAT out to the internet so.. Double NAT.

  • ah ok I was able to remove the double nat for pfsense not the xbox
    it used to
    Modem would do PPPOE and then pfsense would dhcp (this worked for nordvpn) but not the local pfsense OpenVPN for remote access

    when It was modem would do PPPOE and the pfsense would do PPPOE this stopped nordvpn but allowed OpenVPN to remote access server work fine

    now I have modem in a bridge mode.. pfsense doing pppoe I can do both nordvpn and remote access pfsene but I cant get xbox to work

    if I disable nordvpn reboot pfsense then xbox works open nat if I don't login to nordvpn

    but what I was thinking not sure if it works??
    3 nics in the pfsense comp..
    1 wan

    1. vpn computers
      1 bypassed vpn for xboxs ps4s things I don't care are behind the vpn
      can this be done?
      that u can make it bypass with it also have vpn

    I tried this with Vlan options but I couldn't get that to work

  • Netgate

    How to fix it depends on whether or not you are accepting default routes from the VPN provider.

    Do you have Don't pull routes checked in the VPN client configuration?

  • I not at the computer but I think that is set don't pull routes not sure what all that means

    its setup like this if this helps

  • Netgate

    Well you are either pulling default routes and need to policy route the exceptions out the WAN or you are not pulling default routes and need to exclude the exceptions from policy routing out the VPN.

  • ah ok and how would I do all that any examples by chance

  • Rebel Alliance Global Moderator

    well they have you pulling routes
    Don’t pull routes: uncheck;
    Don’t add/remove routes: leave unchecked.

    So then you have to route the exceptions you don't want to go out the vpn. I personally would change this to not pull routes and policy route what you want out the vpn.

  • ok so I if set those 2 things unchecked that will then

    well what id like out of the vpn or least pfsense is have the xbox and ps4 to be open nat
    id like my internet secure so I can have not my isp log on my activity and stop those cookies things when I goto a website look at a item.. then facebook or I get emails saying are you still interested in this item.
    plus id like to have my own vpn working perfect to access my network
    and last I have a couple websites I host on my unraid.. so I wanna be able to access it

    so id like all that to go through vpn if possible and then leave xbox outside so it can be an open nat

    and I find doing online chat supports the websits pop up chat support doesn't work through vpn do you know if they use an other port of 80 or its just by chance I unlucky

  • @comet424 said in OpenVPN & XBox One Strict question:

    id like my internet secure so I can have not my isp log on my activity

    So you rather prefer to give some random VPN provider the ability to log your activity.

    @comet424 said in OpenVPN & XBox One Strict question:

    and stop those cookies things when I goto a website look at a item.. then facebook or I get emails saying are you still interested in this item.

    VPNs have absolutely nothing to do with cookies, actually a firewall itself has nothing to with cookies. That is something you have to deal with in your browser setup.

    Again please educate yourself before you follow some random shit you read on the internet.

  • Rebel Alliance Global Moderator

    @grimson said in OpenVPN & XBox One Strict question:

    Again please educate yourself before you follow some random shit you read on the internet.

    You can Scream that from the Hill tops buddy ;) And still they do not listen.. OMG -- my isp might know I went to p0rnhub.. the sky is falling the sky is falling.. But hey there store your going to give me 1% back if I use your "track me" card.. Sure... Oh CC sure here is everything I buy..

    Here you go vpn, here is everywhere I go and some extra $ ;) Oh and can you make my internet slower than what I pay for.. Sweet! thanks!!! You clearly have to be more trust worthy then my ISP.. Because it says right there on your website you are! Can I pay you extra so my console games will not work, and can you stop netflix from working too because they know its a vpn and I might be some other region..

    edit: Hehehe look at that, perfect example of another one without a clue wondering why their shit doesn't work..

    Your netflix doesn't like your vpn connection... Who would of thunk it...

  • ah ok so you guys don't recommend vpn's as I was going to sign up for Private internet access or NordVPN because all you ever hear is you need to protect yourself... and I been using NordVPN now... and I don't use Netflix I was just using it as an example.. and since I in Canada I wanted to goto websites that geolocked me since usa doesn't allow me do it all..

    plus I had to watch what my son downloads as he got me in trouble with bell downloading stuff so they told me 2 emails from Sony has bell logging my info... so I stopped he was downloading a music and a game torrent, that didn't want to get in trouble told him he has to ok downloads from me first.. but I see lots of place they say you want a vpn service so your secure.

    well I appreciate the help guys.. ill just skip the vpn and make sure my son doesn't do anything bad on the comp don't need more emails

    and since I have dyslexia and you guys didn't read my question right..
    I was stating what I wanted Pfsense to do if It could.. I don't know if a VPN can stop those stupid cookies and then they email your email from a site you been on or what not
    but like I stated after I wanted Webserver to run behind the vpn as well and have a xbox stay open.. have internet trafficed encrypted and such from nordvpn or private internet access..

    but thanks anyways guys most appreciative of the feed back

  • Rebel Alliance Global Moderator

    You gave 2 examples where vpn make sense - circumvention is the key... If what you are looking to protect yourself is your isp saying hey you can not do that p2p because you shared xyz whatever. Ok then sure vpn works..

    If you want to circumvent some geographic restriction, again sure vpn can make it look like your coming from region A while your really in B..

    But lets be clear here - your not protecting yourself ;) Your hiding shit you could get in trouble for or trying to break someones policy on where you can come from.

    So you policy route your this traffic, and this traffic only. If your son wants to p2p.. then policy route his p2p traffic out the vpn. If you want your media player to stream something from region B, then policy route that connection out vpn in region B..

    Lets be honest here, your not "protecting" yourself from big bad isp here ;) To be honest if you want to download p2p stuff you be much better off getting a seedbox somewhere in a country that has lacker laws and doing it all there, and then just use secure channels to that box to move what you want to and from it, https, sftp, etc.

    Routing all your traffic through a vpn is just nuts.. Paying some company X$ to protect you is nuts - better off just getting a box somewhere else and routing/doing what you want to do that is ?able there..