PIA - Not resolving to VPN server

LK1202

Not sure if this is a OpenVPN or DNS Issue

Hi, I'm new here but have been struggling with this for a while and cannot get it figured out. I'm running PIA VPN via pfSense. Under VPN > OpenVPN > Clients > Server host or Address, I currently have this pointing to a PIA static IP address and my internet works fine. However, if I try to change it to one of PIA's VPN servers such as, "us-florida.privateinternetaccess.com" it does not work. I can't seem to figure out why.

I would like it pointing to a server picking from a range of IP's rather than a static IP so that I do not have the same IP address 24/7. Any help is greatly appreciated!

TheNarc

Do you have the DNS resolver configured to use only your VPN interface for outgoing queries? If so, it's a chicken-and-egg problem. The DNS resolver can't resolve us-florida.privateinternetaccess.com until the VPN is up, and the VPN can't come up until the DNS resolver can resolve us-florida.privateinternetaccess.com.

LK1202

So I have the Outgoing Network Interfaces set to all if that's what you were referring to.

The rest of the DNS Resolver Page is setup with the following:

Enable DNS Resolver: Checked
Listen port: 53
SLS/TLS Cert: Web Config Default
SLS/TLS Port: 853
Network Interfaces: All
Outgoing Network Interfaces: All
Sys Domain Local Zone Type: Transparent
DNSSEC: Checked
Rest of the options on the page below DNSSEC: Unchecked

Custome Server Options:
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853

TheNarc

Sorry for not getting back to you sooner. If the resolver is set to use all interfaces for outgoing then it's not immediately clear to my why it would fail to resolve that hostname, if indeed that's what's happening. What do your OpenVPN logs look like when this failure occurs? Anything at all informative?

johnpoz

Do a simple dns lookup in the gui and post your output

example

Do that without the vpn up, and have you have cleared the cache. Restart unbound service.

Are you running anything like pfblocker? IPS?

LK1202

Thank you for the help. Here are the screenshots. The first one is with the VPN up. The second is with the VPN off. I have a kill-switch setup so with the VPN off it won't connect to anything. I'm not sure how to clear the cache but after changing the server to us-florida..... I restarted the VPN and router multiple times with no success.

LK1202

Not running pfblocker or IPS. Here are the VPN logs when I try to switch the us-florida...

VPN Logs.png

TheNarc

How do you have your kill switch set up? Because at the point you're trying to establish the VPN connection, it's obviously not yet established, so is your kill switch blocking the resolver's attempts to resolve us-florida.privateinternetaccess.com? It seems likely, since your test manually resolving with VPN off failed.