Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN connection - unique situation with PfSense router behind ISP router???

    OpenVPN
    2
    2
    842
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LSxT325 last edited by

      Hi everyone,

      I've managed to setup an OpenVPN connection successfully with my pfSense router.  The connection is up and appears to be working just fine.
      (connecting to "PIA" VPN provider)

      My problem is getting the pfSense router to actually route traffic over the OpenVPN connection itself.  Once the connection is established, none of my pfSense LAN clients have any internet access at all.

      I've followed several different guides for establishing an OpenVPN client connection to a VPN provider.  For example, the ones stickied at the top of this pfSense OpenVPN forum (Guides: create an OpenVPN client connection to StrongVPN or TUVPN)

      After following these guides, I understand the need to make some settings changes (manual NAT) and some Rules to allow the traffic to route over the VPN connection.  Unfortunately, none of my LAN clients are able to access the internet with the VPN connection established.

      So, my question…

      I think my setup may be a bit unique... and perhaps requires some additional rules or changes that are not described in the guides.  Perhaps my problem is that my pfSense router is actually behind my ISP Modem/Router.  Please see the picture attachment for my setup.

      Does this setup (with a gateway of 192.168.2.1 on my ISP Router) require me to setup some of the pfSense Rules differently than what is shown in the guides?  I believe the guides, as written, assume the WAN connection on the pfSense router goes directly to the internet… whereas mine goes through the ISP router/gateway first.

      I'd love to turn the ISP router into a "modem" only, unfortunately this is not an option with my particular ISP.  I'm stuck using it in this fashion, where it establishes the PPPoE connection and then assigns an IP to the WAN side of my pfSense box.

      Really appreciate any help or ideas you may have.

      Thanks!

      I

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Should be no problem with pfSense behind your ISP router. As long as the PIA VPN link is up you are good.
        Feels like deja vu - sure I have typed this stuff before.
        Make sure PIA VPN client has an interface assigned.
        Make rules on LAN that policy-route traffic to PIA VPN GW.
        Firewall->NAT, Outbound, switch to Manual.
        On 2.1 you will get some rules generated for NATing out the PIA VPN. They should help, press save.
        On 2.1.1 and later, those rules are no longer generated (they were an inconsistent behavior). Add rules yourself to NAT out the PIA VPN GW.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post