PiVPN and pfsense as Client



  • -WARNING SELF TAUGHT AMATEUR HERE-

    I have a RPI3b+ in UK that runs for me PiVPN. Works perfectly with my Android phone - I can access the network and internet at the site.
    On my pfSense machine I have been trying to connect it and create a dedicated gateway for it. I have succeeded in:

    1. Establishing the connection as OpenVPN client
    2. Establishing an interface that pulls the IP address from the OpenVPN client.
    3. I can ping for example google from the OpenVPN interface that I have created.

    But I still cannot get the gateway up and running, constantly it is offline. I am attaching pictures of my NAT rules, OpenVPN client settings and lan rules. Maybe someone here can educate me where and what I doing wrong.
    Is it routing tables? Does the PiVPN model not work with pfSense (did it a couple years ago with DDWRT and it worked).

    I will be grateful for your suggestions.

    nat.jpg Rules.jpg summary.jpg VPN settings.jpg



  • I find the NordVPN pfSense setup instructions quite good. Can you compare the routing steps you did against this?



  • @nirmalts said in PiVPN and pfsense as Client:

    he NordVPN pfSense setup instructions quite

    Thanks for this, I read it before and applied it partially. The only thing that I had not applied were the custom options. Tried them now and I still cant get the gateway up (half of them I don't understand)

    tls-client;
    remote-random;
    tun-mtu 1500;
    tun-mtu-extra 32;
    mssfix 1450;
    persist-key;
    persist-tun;
    reneg-sec 0;
    remote-cert-tls server;

    Could it be that RPI's PIVPN does not provide routing? I remember adding such rules on my DDWRT OpenVPN connection and then it worked. When I added these here my interface stopped getting the local VPN address (10.8.0.X).

    Best



  • Anyone any more suggestions?



  • @NiDeMa said in PiVPN and pfsense as Client:

    tls-client;
    remote-random;
    tun-mtu 1500;
    tun-mtu-extra 32;
    mssfix 1450;
    persist-key;
    persist-tun;
    reneg-sec 0;
    remote-cert-tls server;

    These settings are not related to routing. As you have the connection "up" already, you don't need to add/change these.

    If you follow the NordVPN instructions, you do not need to add "IPv4 Tunnel Network" and routes in Advanced Options as you have done. It works for me without these. Can you try by removing these?

    If it still doesn't work please share your routing table?

    netstat -rnW from console or Diagnostics -> Routes



  • Thanks for you reply! I admit I am stuck on it completely.

    I tried it without the extra commands and same things. It seems like for some reason all packets in are stopped.

    Just for reference - I don't have a bridged connection on the WAN. routing.png



  • Just to reconfirm: Are you using a public VPN service here, like NordVPN?



  • No, I am using my own VPN service based on Raspberry Pi (called PiVPN). I left in London a Raspberry with all the software - it works on my phone, just pfSense is problematic.



  • Here is a quick diagram... Untitled Diagram.jpg


Log in to reply