Restarting PIA VPN Disconnects on VPN Users

sheen73

Good morning all,

I setup my PIA VPN following the below process.
https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide

Occasionally the service slows down and kids complain so I restart it. When I do this, it disconnects the internet for those bypassing the VPN. I am sure it is something I am doing but it never did this prior to 2.4.1 iirc and definitely never on 2.3.4

<nat>
		<outbound>
			<mode>advanced</mode>
			<rule>
				<source>
					<network>VPNByPass</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>wan</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<updated>
					<time>1561824522</time>
					<username>admin@xxxx (Local Database)</username>
				</updated>
				<created>
					<time>1561824522</time>
					<username>admin@xxx (Local Database)</username>
				</created>
			</rule>
			<rule>
				<source>
					<network>127.0.0.0/8</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823487</time>
					<username>admin@xxxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>127.0.0.0/8</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823501</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>::1/128</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823514</time>
					<username>admin@xxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>::1/128</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823540</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>xxxxxxxxxx/24</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823526</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>xxxxxxxxx/24</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823459</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
		</outbound>
	</nat>
	<filter>
		<rule>
			<id></id>
			<tracker>1561824380</tracker>
			<type>pass</type>
			<interface>lan</interface>
			<ipprotocol>inet</ipprotocol>
			<tag></tag>
			<tagged></tagged>
			<max></max>
			<max-src-nodes></max-src-nodes>
			<max-src-conn></max-src-conn>
			<max-src-states></max-src-states>
			<statetimeout></statetimeout>
			<statetype><![CDATA[keep state]]></statetype>
			<os></os>
			<protocol>tcp</protocol>
			<source>
				<address>VPNByPass</address>
			</source>
			<destination>
				<any></any>
			</destination>
			<descr></descr>
			<gateway>WAN_DHCP</gateway>
			<created>
				<time>1561824380</time>
				<username>admin@xxxxxxx (Local Database)</username>
			</created>
			<updated>
				<time>1561824647</time>
				<username>admin@xxxxxxxxx (Local Database)</username>
			</updated>
		</rule>
		<rule>
			<type>pass</type>
			<ipprotocol>inet</ipprotocol>
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
			<interface>lan</interface>
			<tracker>0100000101</tracker>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any></any>
			</destination>
		</rule>
		<rule>
			<id></id>
			<tracker>0100000102</tracker>
			<type>block</type>
			<interface>lan</interface>
			<ipprotocol>inet6</ipprotocol>
			<tag></tag>
			<tagged></tagged>
			<max></max>
			<max-src-nodes></max-src-nodes>
			<max-src-conn></max-src-conn>
			<max-src-states></max-src-states>
			<statetimeout></statetimeout>
			<statetype><![CDATA[keep state]]></statetype>
			<os></os>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any></any>
			</destination>
			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
			<updated>
				<time>1561783276</time>
				<username>admin@XXXXXXX (Local Database)</username>
			</updated>
		</rule>
		<separator>
			<wan></wan>
			<lan></lan>
		</separator>
	</filter>
	<shaper></shaper>
	<ipsec></ipsec>
	<aliases>
		<alias>
			<name>VPNByPass</name>
			<type>host</type>
			<address>xxxxxxxxxxxxxxxxxxxxxxxxx</address>
			<descr></descr>
			<detail><xxxxxxxxxxxxxxxxxxx></detail>
		</alias>
	</aliases>

Any ideas why?

Im using 2.4.4 currently.

KOM

It's much easier to read screenshots than an xml dump, and you can post images here directly.

Are you sure that your other users are actually going out WAN instead of the VPN? Anything in the System log when you restart the VPN?

sheen73

Thanks for reply!

I removed the VPN on current build so no screenshots. I'll build a lab and restore configuration then post some.

I cant say its definitively going out WAN other than the fact when I got to the PIA site it confirms I am not protected by VPN and my public IP address shows.

KOM

Sure, come back when you've got a config you can reproduce the problem with.