Trying to setup pfsense as client to PIA VPN service…..need help
noremacyug last edited by
So I have a Private Internet Access account and can use the client on OSX to connect without issue. I'm wanting to have my pfsense box make the connection and cover everything thats on my network. So, I've tried the direction that were listed on PIA's website and then another tutorial located here http://www.komodosteve.com/archives/232 . The latter one seems more detailed and has helped more, but I still can't get it to connect to PIA.
Any ideas on what I need to do?
Nadar last edited by
There are several threads in this forum dealing with PIA connections in particular. I don't use PIA, so I don't know the specifics but as far as I can understand PIA gives an extra challenge in that it assigns a random incoming port when you connect, that you somehow have to script both portforwarding rules and client program in accordance with. If you don't need port forwarding in your tunnel however, it should be pretty straight forward.
Here are some threads dealing with the challenges after you get the VPN tunnel itself up and running:
From your screenshot however, it seems like you've stranded at an earlier stage. The AUTH_FAILED message pretty much speaks for itself. I'm assuming that PIA doesn't use PSK but uses certificate authentication, so you should probably go back to the tutorials and doublecheck you CA and Certificate (under System -> Cert Manager) and make sure that you assigned them correctly in the OpenVPN client configuration.
noremacyug last edited by
thanks for the assistance. i'm currently installing a compact vm install of xp and think i'll just set it up as a gateway to feed pfsense.
vacantsouls last edited by
I was having the same issue and opened a ticket with PIA on it. I was basing my config off what was provided in the client support site and their instructuctions for pfsense https://www.privateinternetaccess.com/pages/client-support/#pfsense_openvpn and the openvpn config files. What I learned was to ignore their instructions – i told them they should update them after we realized they were wrong.
The first major issue I notice is that we don't use TLS auth, and LZO compression appears to be disabled, could you go ahead and correct these two things and try again? You should also only need to Auth-User-Pass line, everything else under advanced can be removed, as it's handled purely in the main configuration window.
Tier II Technical Support/CSM
Private Internet Access
Attached is a copy of my config that is working.