Restarting PIA VPN Disconnects on VPN Users



  • Good morning all,

    I setup my PIA VPN following the below process.
    https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide

    Occasionally the service slows down and kids complain so I restart it. When I do this, it disconnects the internet for those bypassing the VPN. I am sure it is something I am doing but it never did this prior to 2.4.1 iirc and definitely never on 2.3.4

    <nat>
    		<outbound>
    			<mode>advanced</mode>
    			<rule>
    				<source>
    					<network>VPNByPass</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>wan</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<destination>
    					<any></any>
    				</destination>
    				<updated>
    					<time>1561824522</time>
    					<username>admin@xxxx (Local Database)</username>
    				</updated>
    				<created>
    					<time>1561824522</time>
    					<username>admin@xxx (Local Database)</username>
    				</created>
    			</rule>
    			<rule>
    				<source>
    					<network>127.0.0.0/8</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<staticnatport></staticnatport>
    				<destination>
    					<any></any>
    				</destination>
    				<dstport>500</dstport>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823487</time>
    					<username>admin@xxxxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    			<rule>
    				<source>
    					<network>127.0.0.0/8</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<destination>
    					<any></any>
    				</destination>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823501</time>
    					<username>admin@xxxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    			<rule>
    				<source>
    					<network>::1/128</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule for ISAKMP - localhost to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<staticnatport></staticnatport>
    				<destination>
    					<any></any>
    				</destination>
    				<dstport>500</dstport>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823514</time>
    					<username>admin@xxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    			<rule>
    				<source>
    					<network>::1/128</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule - localhost to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<destination>
    					<any></any>
    				</destination>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823540</time>
    					<username>admin@xxxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    			<rule>
    				<source>
    					<network>xxxxxxxxxx/24</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<staticnatport></staticnatport>
    				<destination>
    					<any></any>
    				</destination>
    				<dstport>500</dstport>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823526</time>
    					<username>admin@xxxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    			<rule>
    				<source>
    					<network>xxxxxxxxx/24</network>
    				</source>
    				<sourceport></sourceport>
    				<descr><![CDATA[Auto created rule - LAN to WAN]]></descr>
    				<target></target>
    				<targetip></targetip>
    				<targetip_subnet></targetip_subnet>
    				<interface>openvpn</interface>
    				<poolopts></poolopts>
    				<source_hash_key></source_hash_key>
    				<destination>
    					<any></any>
    				</destination>
    				<created>
    					<time>1561823430</time>
    					<username>Manual Outbound NAT Switch</username>
    				</created>
    				<updated>
    					<time>1561823459</time>
    					<username>admin@xxxxxxxx (Local Database)</username>
    				</updated>
    			</rule>
    		</outbound>
    	</nat>
    	<filter>
    		<rule>
    			<id></id>
    			<tracker>1561824380</tracker>
    			<type>pass</type>
    			<interface>lan</interface>
    			<ipprotocol>inet</ipprotocol>
    			<tag></tag>
    			<tagged></tagged>
    			<max></max>
    			<max-src-nodes></max-src-nodes>
    			<max-src-conn></max-src-conn>
    			<max-src-states></max-src-states>
    			<statetimeout></statetimeout>
    			<statetype><![CDATA[keep state]]></statetype>
    			<os></os>
    			<protocol>tcp</protocol>
    			<source>
    				<address>VPNByPass</address>
    			</source>
    			<destination>
    				<any></any>
    			</destination>
    			<descr></descr>
    			<gateway>WAN_DHCP</gateway>
    			<created>
    				<time>1561824380</time>
    				<username>admin@xxxxxxx (Local Database)</username>
    			</created>
    			<updated>
    				<time>1561824647</time>
    				<username>admin@xxxxxxxxx (Local Database)</username>
    			</updated>
    		</rule>
    		<rule>
    			<type>pass</type>
    			<ipprotocol>inet</ipprotocol>
    			<descr><![CDATA[Default allow LAN to any rule]]></descr>
    			<interface>lan</interface>
    			<tracker>0100000101</tracker>
    			<source>
    				<network>lan</network>
    			</source>
    			<destination>
    				<any></any>
    			</destination>
    		</rule>
    		<rule>
    			<id></id>
    			<tracker>0100000102</tracker>
    			<type>block</type>
    			<interface>lan</interface>
    			<ipprotocol>inet6</ipprotocol>
    			<tag></tag>
    			<tagged></tagged>
    			<max></max>
    			<max-src-nodes></max-src-nodes>
    			<max-src-conn></max-src-conn>
    			<max-src-states></max-src-states>
    			<statetimeout></statetimeout>
    			<statetype><![CDATA[keep state]]></statetype>
    			<os></os>
    			<source>
    				<network>lan</network>
    			</source>
    			<destination>
    				<any></any>
    			</destination>
    			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
    			<updated>
    				<time>1561783276</time>
    				<username>admin@XXXXXXX (Local Database)</username>
    			</updated>
    		</rule>
    		<separator>
    			<wan></wan>
    			<lan></lan>
    		</separator>
    	</filter>
    	<shaper></shaper>
    	<ipsec></ipsec>
    	<aliases>
    		<alias>
    			<name>VPNByPass</name>
    			<type>host</type>
    			<address>xxxxxxxxxxxxxxxxxxxxxxxxx</address>
    			<descr></descr>
    			<detail><xxxxxxxxxxxxxxxxxxx></detail>
    		</alias>
    	</aliases>
    

    Any ideas why?

    Im using 2.4.4 currently.



  • It's much easier to read screenshots than an xml dump, and you can post images here directly.

    Are you sure that your other users are actually going out WAN instead of the VPN? Anything in the System log when you restart the VPN?



  • Thanks for reply!

    I removed the VPN on current build so no screenshots. I'll build a lab and restore configuration then post some.

    I cant say its definitively going out WAN other than the fact when I got to the PIA site it confirms I am not protected by VPN and my public IP address shows.



  • Sure, come back when you've got a config you can reproduce the problem with.


Log in to reply