He 6-4 tunnel and openvpn - Private Internet Access



  • Hi,

    I am having trouble setting my firewall such that all traffic goes over my vpn. I followed http://swimminginthought.com/netflix-and-isp-throttling-bypassed-by-vpn-solved/ to set it up, and it works fine for about 20 minutes (whatsmyip shows a different ip). After an hour, my speed grinds to crawl, and my ping goes through the roof (500ms)

    Second, I was wondering how to get my HE 6-4 tunnel to go over either the wan or the vpn, because it seems to stop working when I enable the vpn client.

    Again, the vpn provider I use is privateinternetaccess.com
    I do have a bunch of nat rules set up too, and it seems those stop working when I enable the vpn.

    And finally, I have dynamic dns set up for my domain. Which interface should I be monitoring such that queries are resolved and pointed to travel through the vpn?



  • Can you provide a how-to for PIA and pfSense?  I used the one on their site as a starting point but it seems to be written for 1.2.3, not 2.0, and even after tinkering with it and getting it to connect, I can't seem to send any traffic through it.



  • I got the vpn initally working using this guide
    http://www.komodosteve.com/archives/232

    specifically this paragraph

    Firewall Config:

    At this point the OpenVPN service is running but you aren’t using it. You may not even be able to access the Internet in this state. While there’s a lot you can do to tailor your firewall access, here’s a quick way to route all your outgoing traffic through your new VPN connection.

    Go to Firewall and select NAT, then click the Outbound tab. Select any existing rules and delete them. Select the “Automatic” option at the top and click Save, then select “Manual” and click Save. You should see a new set of rules which you can activate by clicking Apply Changes.

    however, there are still traffic problems trying to get my ipv6 tunnel working



  • Yeah, I did end up getting it working using that method.  Unfortunately, it's basically useless for me as the vast majority of the web traffic doesn't go anywhere.  I can ping and tracert over icmp just fine, but traffic on port 80 rarely makes it to anything but Google.  Installing their OVPN client on my computer works just fine.



  • The instructions at http://www.komodosteve.com/archives/232 are almost perfect, however, are missing a crucial (but easy to fix) element.

    The author fails to mention (close to his final step) that under "firewall: NAT: Outbound": https://192.168.1.1/firewall_nat_out.php

    After doing all the steps for NAT (set it to"manual" and hit "save" followed by "apply"), you need to edit the mapping that has the description "Auto created rule for LAN to WAN " (the middle one, out of 3).

    Then change "Interface" to "OpenVPN". Or, if you followed his instructions on creating the extra interface "OPTn" (my was called "OPT1"), selecting "OPTn" will also work.

    I'm not quite sure why he suggested creating that extra interface "OPTn".

    BTW, the way I figured out the above is I first read http://doc.pfsense.org/Create-OpenVPN-client-to-TUVPNcom.pdf, which described the above instructions, about setting the mapping interface to "OpenVPN".

    Also, he mentions that his connection slowed down considerably on his virtual machine (he doesn't state his specs). But for me, using hyper-v, on a 50Mbit connection, I get full speed with a max CPU usage of 12% for a single client/connection –haven't tested out with more than 1 machines trying to access over OpenVPN.

    My specs:
    Windows 8 Pro (built in Hyper-v)
    i7 @ 2.66
    12GB RAM
    128GB Crucial SSD
    Intel PRO/1000 PT Dual Port Server Adapter

    Used Zootie's hyper-v iso (I didn't apply any patches he lists a couple posts down)
    http://rapidshare.com/files/1592931654/pfSense-LiveCD-2.0.3-PRERELEASE-amd64-hyperv-kernel-20130119-0048.zip

    from here:
    http://forum.pfsense.org/index.php/topic,56565.msg309595.html#msg309595

    Anyhow... I just finished setting this up, so I don't know how well this hyper-v build will hold up long term. And I'm planning on trying his 2.1 build next:
    http://rapidshare.com/files/4194997857/pfSense-LiveCD-2.1-BETA1-amd64-hyperv-kernel-20130119-0948.zip


Log in to reply