Tutorial: Configuring pfSense as VPN client to Private Internet Access
-
Wonder someone could help me got a error
failed to writehttps://gyazo.com/ea1c1fa74b1b47e65e3a29afb9f27ada
i know it just user and password put it there stop people getting my info thanks ! if someone could help me or add me on skype joshhopey to show me and help me !
-
Yes. Just add the ports to the rule sending traffic to the VPN gateway. The rule won't match if the port is outside the set so the firewall will move on to the next rule.
I want to do the exact opposite and having trouble figuring it out…
I want all traffic from one IP to go thru the VPN except port 32400 (Plex). How can I adapt the current rules (or add another) that will send Plex traffic thru the WAN GW so the server can be reached remotely?
John
-
Make the rule match the characteristics. But Plex is weird and requires inbound connections.Just read this again.
Put a rule above the one that sends traffic to the VPN that matches the Plex traffic and has the default gateway set. Or, if you are pulling a default gateway from the VPN provider, the rule should policy route to WAN_GW.
-
OpenVPN/PIA link goes down; clients have no internet access. How do I fail over to the WAN if this happens? Configuration is DLSrouter->Pfsense giving dhcp (opvenvpn w/PIA)->clients Sometimes, believe it or not, PIA drops. What do I do to have pfsense or openvpn fail to the general Wan connection if this happens? Thanks!
-
That is the default behavior.
-
I set this all up today and had it working fine.
I'm using route-nopull because I actually only need 1 server to use the VPN.
I then got a message from pfSense to say that dyndns had updated, so must have had a dynamic IP change.
Then I realised that my true public IP was visible.
Restarted the VPN and still the same - although it appeared to be intermittent with some sites reporting my true IP and some reporting the VPN IP address.
I'm not sure what has happened so I've currently removed the route-nopull option and disabled the firewall rule which forces the server to use the PIA interface.
Any ideas?
-
Yeah your rules must be wrong. How about letting us see them?
-
It's disabled at the moment, but these are my firewall rules.
I would have preferred to keep it on everything but BBC iPlayer stopped working due to I presume the VPN address being blocked by them, and I couldn't figure a way to allow BBC iPlayer to bypass the VPN, since it seems to use multiple IP addresses I suspect.
-
Rule details :-
-
Doesn't show what we need to see. Just post your LAN rules list.
-
I did above it…
-
With the rule disabled it's not going to work.
-
Yes, I know. I disabled it because I removed the route-nopull since I needed the VPN to be working.
I'll try again with route-nopull and enable the rule again.
-
Ok, so I have the rule enabled. I have the route-nopull option.
privateinternetaccess shows my VPN address and says I am protected.
However, 2 other sites for showing IP addresses are showing my ISP public address, not the VPN one :-(
-
You sure your tunnel is staying up?
There's really nothing that can cause what you think you're seeing.
Unless there's something severely wrong with that beta version you're using.
-
I'm not sure. It seems to be staying up.
I realised that I also have a free ipVanish account, so I'll give things a whirl with that and see how I get on :-)
-
Which IP test sites are showing the VPN address and which are showing WAN address?
Is it consistent?
-
The ipvanish site shows that I am protected, and it is the correct VPN ip address.
The BBC iPlayer site refuses to work because it knows I am behind a VPN - which is expected behaviour.
However, www.whatsmyip.org shows my proper public IP address, and my ISP details.
Also, http://mxtoolbox.com/WhatIsMyIP/ shows my proper details, and not the VPN ip address.
Very odd.
I also deleted the config and reconfigured from scratch - same result.
If I remove the firewall rule and the route-nopull from the config, then I get consistent results that I behind the VPN.
Strange!
-
Don't know what to tell you.
I just ran updates to my betas and tried it and it works just fine.
You'll have to look at states or something to see what's going on. SOMETHING you have is routing traffic out the default gateway. Have you created any floating rules?
Are you positive about the source IP address?
-
Unless of course it is going out using IPV6, but it shouldn't be - I have IPV4 as preferred.
I don't know if it makes any difference that the 192.168.1.15 server that I want protected with the VPN a) it's a VM and b) it has teamed NICs
