Trying to setup pfsense as client to PIA VPN service…..need help

  • So I have a Private Internet Access account and can use the client on OSX to connect without issue.  I'm wanting to have my pfsense box make the connection and cover everything thats on my network.  So, I've tried the direction that were listed on PIA's website and then another tutorial located here .  The latter one seems more detailed and has helped more, but I still can't get it to connect to PIA.

    Here's what the status shows

    Here's the log

    Any ideas on what I need to do?

  • There are several threads in this forum dealing with PIA connections in particular. I don't use PIA, so I don't know the specifics but as far as I can understand PIA gives an extra challenge in that it assigns a random incoming port when you connect, that you somehow have to script both portforwarding rules and client program in accordance with. If you don't need port forwarding in your tunnel however, it should be pretty straight forward.

    Here are some threads dealing with the challenges after you get the VPN tunnel itself up and running:,57527.0.html,59158.0.html,65094.0.html

    From your screenshot however, it seems like you've stranded at an earlier stage. The AUTH_FAILED message pretty much speaks for itself. I'm assuming that PIA doesn't use PSK but uses certificate authentication, so you should probably go back to the tutorials and doublecheck you CA and Certificate (under System -> Cert Manager) and make sure that you assigned them correctly in the OpenVPN client configuration.

  • thanks for the assistance.  i'm currently installing a compact vm install of xp and think i'll just set it up as a gateway to feed pfsense.

  • I was having the same issue and opened a ticket with PIA on it.  I was basing my config off what was provided in the client support site and their instructuctions for pfsense and the openvpn config files.  What I learned was to ignore their instructions – i told them they should update them after we realized they were wrong.


    The first major issue I notice is that we don't use TLS auth, and LZO compression appears to be disabled, could you go ahead and correct these two things and try again? You should also only need to Auth-User-Pass line, everything else under advanced can be removed, as it's handled purely in the main configuration window.

    Thank you,
    Alexander B

    Tier II Technical Support/CSM

    Private Internet Access™


    Attached is a copy of my config that is working.


Log in to reply