VPN up, but IP address still exposed.

drhans

I'm running pfSense 2.6 with pfblockerNG and wanted to setup the device as a VPN client. First tried NordVPN and then PIA, but after setting up both (separately) my real IP address is still visible when testing on "what is my IP". OpenVPN status shows "up" and no other errors were generated during the OpenVPN setup processes. I triple checked the official setup guides accurately for both VPNs. Not sure if there is a proper order when setting up OpenVPN and pfblockerNG on the same device. Not sure if one can even effect the other either. I'm a newbie with the whole pfSense device and therefore not sure how to troubleshoot. Any help would be appreciated. Thanks!!

TheNarc

@drhans What guide(s) did you follow for configuration? Can you post screen shots of your OpenVPN client configuration? I know from experience than Nord should route all traffic through it by default unless the "Don't Pull Routes" client option is set. Is that what you're looking for, or do you want to use policy routing so that you can dynamically include/exclude various devices using firewall rules?

drhans

@thenarc
I used the "official" guides off the Nord and PIA websites. I was going to start with all traffic until I see devices or website failing and then get more dynamic on round two. I just wanted to get it working at all first. I'll edit this post with some screen shots when I get back home.

Bob.Dig

@drhans pfblocker is not related to this.
DNS is another question but not for whatsmyip.

TheNarc

@drhans Here are screen shots of my client config for a Nord UDP client connection that is up and working as expected. Note that if you want to start out with all traffic being routed through the VPN connection, un-check the "Don't Pull Routes" option that I have checked. The full set of "Custom Options" I have, which is not fully visible in my screen shots, is:

tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
ping 15;
ping-restart 0;
ping-timer-rem;
reneg-sec 0;
remote-cert-tls server;
auth-nocache;
pull-filter ignore "redirect-gateway";
pull-filter ignore "dhcp-option";
auth-retry nointeract;

Note that you will NOT want the line:

pull-filter ignore "redirect-gateway";

if you want all traffic to be routed through the VPN. And in fact I probably don't need it myself with "Don't Pull Routes" enabled. You also may or may not want the line:

pull-filter ignore "dhcp-option";

which prevents the server from pushing DNS servers to use. I have pfSense configured to use unbound but with the outgoing interfaces set to my VPN client interfaces.

Some of the other things I have in my custom options are redundant to options set up by the GUI, but not harmful; it's just been a while since I've cleaned them up, but I know that these work for Nord.