4. Restarting PIA VPN Disconnects on VPN Users

Restarting PIA VPN Disconnects on VPN Users

  • S

    Good morning all,

    I setup my PIA VPN following the below process.
    https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide

    Occasionally the service slows down and kids complain so I restart it. When I do this, it disconnects the internet for those bypassing the VPN. I am sure it is something I am doing but it never did this prior to 2.4.1 iirc and definitely never on 2.3.4

    <nat>
		<outbound>
			<mode>advanced</mode>
			<rule>
				<source>
					<network>VPNByPass</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>wan</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<updated>
					<time>1561824522</time>
					<username>admin@xxxx (Local Database)</username>
				</updated>
				<created>
					<time>1561824522</time>
					<username>admin@xxx (Local Database)</username>
				</created>
			</rule>
			<rule>
				<source>
					<network>127.0.0.0/8</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823487</time>
					<username>admin@xxxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>127.0.0.0/8</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823501</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>::1/128</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823514</time>
					<username>admin@xxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>::1/128</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823540</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>xxxxxxxxxx/24</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<staticnatport></staticnatport>
				<destination>
					<any></any>
				</destination>
				<dstport>500</dstport>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823526</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
			<rule>
				<source>
					<network>xxxxxxxxx/24</network>
				</source>
				<sourceport></sourceport>
				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
				<target></target>
				<targetip></targetip>
				<targetip_subnet></targetip_subnet>
				<interface>openvpn</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1561823430</time>
					<username>Manual Outbound NAT Switch</username>
				</created>
				<updated>
					<time>1561823459</time>
					<username>admin@xxxxxxxx (Local Database)</username>
				</updated>
			</rule>
		</outbound>
	</nat>
	<filter>
		<rule>
			<id></id>
			<tracker>1561824380</tracker>
			<type>pass</type>
			<interface>lan</interface>
			<ipprotocol>inet</ipprotocol>
			<tag></tag>
			<tagged></tagged>
			<max></max>
			<max-src-nodes></max-src-nodes>
			<max-src-conn></max-src-conn>
			<max-src-states></max-src-states>
			<statetimeout></statetimeout>
			<statetype><![CDATA[keep state]]></statetype>
			<os></os>
			<protocol>tcp</protocol>
			<source>
				<address>VPNByPass</address>
			</source>
			<destination>
				<any></any>
			</destination>
			<descr></descr>
			<gateway>WAN_DHCP</gateway>
			<created>
				<time>1561824380</time>
				<username>admin@xxxxxxx (Local Database)</username>
			</created>
			<updated>
				<time>1561824647</time>
				<username>admin@xxxxxxxxx (Local Database)</username>
			</updated>
		</rule>
		<rule>
			<type>pass</type>
			<ipprotocol>inet</ipprotocol>
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
			<interface>lan</interface>
			<tracker>0100000101</tracker>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any></any>
			</destination>
		</rule>
		<rule>
			<id></id>
			<tracker>0100000102</tracker>
			<type>block</type>
			<interface>lan</interface>
			<ipprotocol>inet6</ipprotocol>
			<tag></tag>
			<tagged></tagged>
			<max></max>
			<max-src-nodes></max-src-nodes>
			<max-src-conn></max-src-conn>
			<max-src-states></max-src-states>
			<statetimeout></statetimeout>
			<statetype><![CDATA[keep state]]></statetype>
			<os></os>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any></any>
			</destination>
			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
			<updated>
				<time>1561783276</time>
				<username>admin@XXXXXXX (Local Database)</username>
			</updated>
		</rule>
		<separator>
			<wan></wan>
			<lan></lan>
		</separator>
	</filter>
	<shaper></shaper>
	<ipsec></ipsec>
	<aliases>
		<alias>
			<name>VPNByPass</name>
			<type>host</type>
			<address>xxxxxxxxxxxxxxxxxxxxxxxxx</address>
			<descr></descr>
			<detail><xxxxxxxxxxxxxxxxxxx></detail>
		</alias>
	</aliases>

    Any ideas why?

    Im using 2.4.4 currently.

    0

  • It's much easier to read screenshots than an xml dump, and you can post images here directly.

    Are you sure that your other users are actually going out WAN instead of the VPN? Anything in the System log when you restart the VPN?

    0
  • S

    Thanks for reply!

    I removed the VPN on current build so no screenshots. I'll build a lab and restore configuration then post some.

    I cant say its definitively going out WAN other than the fact when I got to the PIA site it confirms I am not protected by VPN and my public IP address shows.

    0

  • Sure, come back when you've got a config you can reproduce the problem with.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy