Open VPN Client on PFsense



  • Hi all.

    I hope some one can help me to a solution.

    i have a Pfsense box on two locations with a IPsek tunnel,
    The local PFsense also is a OpenVPN server for eksternal/mobile clients.
    Now i´m trying to make a OpenVPN tunnel thru PIA (privateinternetaccess.com) for some internal clients (Lan) bot when teh OpenVPN client on the local PFsense box connects alle internal clients looses internet acces.... Any clue ?



  • @boss_001 said in Open VPN Client on PFsense:

    OpenVPN tunnel thru PIA (privateinternetaccess.com) for some internal clients (Lan)

    So what you have configured?

    Outbound NAT?

    Checked "don't pull routes" in the VPN client settings?



  • I have alle up and running for a long time, the new thing is the PIA VPN.
    This is the setup i made...
    https://www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-3-setup-guide



  • I'm talking about the PIA client.
    I can't see the images on the link, so I cannot verify.

    Also I'm missing the "adding interface" part there.
    So have you already an interface to the PIA VPN client instance? If not come back.

    Assuming the interface exists, you have to add an outbound NAT rule to it. Ensure the outbound NAT is in hybrid or manual mode, add a rule:
    interface: the PIA VPN client
    source: your internal networks, or maybe any
    dest: any
    translation: interface address

    In the PIA VPN settings you have to check "Don't pull routes" to avoid getting pushed the default route.
    Then put all the LAN client IPs which are intend to be routed over PIA to a new alias and add a policy routing rule to your LAN interface allowing upstream traffic from that alias using the PIA gateway. Put that rule to the top of the rule set to ensure it matches.



  • @viragomann Thank you SO mutch.

    It wass the : Don't add or remove routes automatically
    Do not execute operating system commands to install routes. Instead, pass routes to --route-up script using environmental variables. that did all the messing up.

    All working flawlessley :-)



  • This post is deleted!

Log in to reply