Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restarting PIA VPN Disconnects on VPN Users

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 284 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sheen73
      last edited by

      Good morning all,

      I setup my PIA VPN following the below process.
      https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide

      Occasionally the service slows down and kids complain so I restart it. When I do this, it disconnects the internet for those bypassing the VPN. I am sure it is something I am doing but it never did this prior to 2.4.1 iirc and definitely never on 2.3.4

      <nat>
      		<outbound>
      			<mode>advanced</mode>
      			<rule>
      				<source>
      					<network>VPNByPass</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>wan</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<destination>
      					<any></any>
      				</destination>
      				<updated>
      					<time>1561824522</time>
      					<username>admin@xxxx (Local Database)</username>
      				</updated>
      				<created>
      					<time>1561824522</time>
      					<username>admin@xxx (Local Database)</username>
      				</created>
      			</rule>
      			<rule>
      				<source>
      					<network>127.0.0.0/8</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<staticnatport></staticnatport>
      				<destination>
      					<any></any>
      				</destination>
      				<dstport>500</dstport>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823487</time>
      					<username>admin@xxxxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      			<rule>
      				<source>
      					<network>127.0.0.0/8</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<destination>
      					<any></any>
      				</destination>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823501</time>
      					<username>admin@xxxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      			<rule>
      				<source>
      					<network>::1/128</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<staticnatport></staticnatport>
      				<destination>
      					<any></any>
      				</destination>
      				<dstport>500</dstport>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823514</time>
      					<username>admin@xxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      			<rule>
      				<source>
      					<network>::1/128</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<destination>
      					<any></any>
      				</destination>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823540</time>
      					<username>admin@xxxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      			<rule>
      				<source>
      					<network>xxxxxxxxxx/24</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<staticnatport></staticnatport>
      				<destination>
      					<any></any>
      				</destination>
      				<dstport>500</dstport>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823526</time>
      					<username>admin@xxxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      			<rule>
      				<source>
      					<network>xxxxxxxxx/24</network>
      				</source>
      				<sourceport></sourceport>
      				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
      				<target></target>
      				<targetip></targetip>
      				<targetip_subnet></targetip_subnet>
      				<interface>openvpn</interface>
      				<poolopts></poolopts>
      				<source_hash_key></source_hash_key>
      				<destination>
      					<any></any>
      				</destination>
      				<created>
      					<time>1561823430</time>
      					<username>Manual Outbound NAT Switch</username>
      				</created>
      				<updated>
      					<time>1561823459</time>
      					<username>admin@xxxxxxxx (Local Database)</username>
      				</updated>
      			</rule>
      		</outbound>
      	</nat>
      	<filter>
      		<rule>
      			<id></id>
      			<tracker>1561824380</tracker>
      			<type>pass</type>
      			<interface>lan</interface>
      			<ipprotocol>inet</ipprotocol>
      			<tag></tag>
      			<tagged></tagged>
      			<max></max>
      			<max-src-nodes></max-src-nodes>
      			<max-src-conn></max-src-conn>
      			<max-src-states></max-src-states>
      			<statetimeout></statetimeout>
      			<statetype><![CDATA[keep state]]></statetype>
      			<os></os>
      			<protocol>tcp</protocol>
      			<source>
      				<address>VPNByPass</address>
      			</source>
      			<destination>
      				<any></any>
      			</destination>
      			<descr></descr>
      			<gateway>WAN_DHCP</gateway>
      			<created>
      				<time>1561824380</time>
      				<username>admin@xxxxxxx (Local Database)</username>
      			</created>
      			<updated>
      				<time>1561824647</time>
      				<username>admin@xxxxxxxxx (Local Database)</username>
      			</updated>
      		</rule>
      		<rule>
      			<type>pass</type>
      			<ipprotocol>inet</ipprotocol>
      			<descr><![CDATA[Default allow LAN to any rule]]></descr>
      			<interface>lan</interface>
      			<tracker>0100000101</tracker>
      			<source>
      				<network>lan</network>
      			</source>
      			<destination>
      				<any></any>
      			</destination>
      		</rule>
      		<rule>
      			<id></id>
      			<tracker>0100000102</tracker>
      			<type>block</type>
      			<interface>lan</interface>
      			<ipprotocol>inet6</ipprotocol>
      			<tag></tag>
      			<tagged></tagged>
      			<max></max>
      			<max-src-nodes></max-src-nodes>
      			<max-src-conn></max-src-conn>
      			<max-src-states></max-src-states>
      			<statetimeout></statetimeout>
      			<statetype><![CDATA[keep state]]></statetype>
      			<os></os>
      			<source>
      				<network>lan</network>
      			</source>
      			<destination>
      				<any></any>
      			</destination>
      			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
      			<updated>
      				<time>1561783276</time>
      				<username>admin@XXXXXXX (Local Database)</username>
      			</updated>
      		</rule>
      		<separator>
      			<wan></wan>
      			<lan></lan>
      		</separator>
      	</filter>
      	<shaper></shaper>
      	<ipsec></ipsec>
      	<aliases>
      		<alias>
      			<name>VPNByPass</name>
      			<type>host</type>
      			<address>xxxxxxxxxxxxxxxxxxxxxxxxx</address>
      			<descr></descr>
      			<detail><xxxxxxxxxxxxxxxxxxx></detail>
      		</alias>
      	</aliases>
      

      Any ideas why?

      Im using 2.4.4 currently.

      23.05.1-RELEASE (amd64) on 6100 MAX / Arris S33 Spectrum / Ubiquiti Networks 8-Port UniFi Switch, Managed PoE+ Gigabit Switch with SFP, 150W (US-8-150W) / Unifi U6LR

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        It's much easier to read screenshots than an xml dump, and you can post images here directly.

        Are you sure that your other users are actually going out WAN instead of the VPN? Anything in the System log when you restart the VPN?

        1 Reply Last reply Reply Quote 0
        • S
          sheen73
          last edited by

          Thanks for reply!

          I removed the VPN on current build so no screenshots. I'll build a lab and restore configuration then post some.

          I cant say its definitively going out WAN other than the fact when I got to the PIA site it confirms I am not protected by VPN and my public IP address shows.

          23.05.1-RELEASE (amd64) on 6100 MAX / Arris S33 Spectrum / Ubiquiti Networks 8-Port UniFi Switch, Managed PoE+ Gigabit Switch with SFP, 150W (US-8-150W) / Unifi U6LR

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Sure, come back when you've got a config you can reproduce the problem with.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.