[solved] VPN Tunnel via PIA seems not to be working.
-
@stig-joergensen said in VPN Tunnel via PIA seems not to be working.:
Currently my lan interface is .2 - later i want to have 2 ips on that interface - one that routes trafic directly to the internet, the other that routes traffic via VPN, so i can chose how to route, either by the default gw on the client, or via outbound rules defined on the fpSense box, which is running on vmware.
It want work that way. You can do the routing with policy routing firewall rules, but you can only decide the route on the basis of source or destination addresses, not on the gateway address it uses.
If you want to do it that way, you have to use different interfaces on pfSense.For policy routing you have to add a firewall rule or edit an existing one, open the Advanced Options, go down to the gateway section and select the particular gateway you want. For PIA select OPT2 here.
-
Ok, then ill add a new interface when that time comes.
But right now, i cannot get it to route via the VPN tunnel. Im not sure the tunnel works, it show as up, but i cannot ping the lower address on the far side (but ive read somewhere, that ping might not be the best choise to troubleshoot the vpn tunnel).
So how can i even validate the tunnel is working?
-
Check out your public IP, e.g. here: https://whatismyipaddress.com
-
Yes, and thats what i do - but i get connection timeout when the outbound nat rule is using the VPN interface - but if i change that to use the external interface, then it works as expected.
Which is why i dont think the tunnel is working, even though it states it up.
-
I guess it's on the policy routing rule. Have you configured it?
Post a screenshot.Which PIA do you use? The interface assignments screenshot shows two, but only one has an interface assigned.
-
That might be what i have missed, i cant recall anything about policy routing, will check when i get home.
Im using the California one (i made two, to see if it was the server end that had an issue - with different server addresses, but same settings)
Will post once i get home to check up on this.
Thanks.
-
@viragomann said in VPN Tunnel via PIA seems not to be working.:
I guess it's on the policy routing rule. Have you configured it?
Ehhh, where do i find these policy routing rules?
Under firewall/rules or ?
-
@stig-joergensen said in VPN Tunnel via PIA seems not to be working.:
Ehhh, where do i find these policy routing rules?
@viragomann said in VPN Tunnel via PIA seems not to be working.:
For policy routing you have to add a firewall rule or edit an existing one, open the Advanced Options, go down to the gateway section and select the particular gateway you want. For PIA select OPT2 here.
-
but PIA or OTP2 dont have a gateway
There is only the external gateway defined here:
and i cannot edit the interface OPT2 (otherwise i would have renamed it) due to Chrome autofill
-
If you assign an interface to the OpenVPN instance and activate it, it will appear.
You didn't enable it. -
Hmm, here is where chrome autofill messes stuff up
The MAC Adress is prefilled with username but clearing this is apperently not enough
I think a hidden field exists - will see how i can get chrome to ignore autofill on this page..
-
Never seen this error on OpenVPN interfaces.
Maybe it helps if you change the interface assignment to something else the check if the field are filled and delete if, then switch back to the OpenVPN instance.
-
By using guest browsing i was able to make it work:
but sadly it sais gateway offline:
with this config:
-
@stig-joergensen said in VPN Tunnel via PIA seems not to be working.:
but sadly it sais gateway offline:
That means that the gateway address doesn't respond to pings. Maybe the outbound traffic works anyway.
-
Damn, you are right - it does infact work - just not with ping... tracert works just fine - and internet browseing also
Thanks a million - i knew i was something very simple...
Is their a method where I can change how it discovers if the gateway is up?
-
is there a way i can mark this as solved?
-
@stig-joergensen said in VPN Tunnel via PIA seems not to be working.:
Is their a method where I can change how it discovers if the gateway is up?
You may entering any other public address which responses on ping in the gateway settings at monitoring. System > Routing > Gateways. E.g. 8.8.8.8.
However, I don't know if pfSense automatically routes that over the VPN. So you may test it first. Otherwise you can additionally set a static route.Marking as solved is only possible by editing the topic manually AFAIK.
-
Yep
Setting the monitor IP on the gateway made it green - Happy days :
-
And edited the title
Thanks again for all your help and time, Much appreciated