在pfSense上为整个网络设置PIA VPN并配置选择性路由

40 comments

1. I’m having issues getting this working. In your first half, I notice you didn’t setup an OpenVPN interface or Gateway yet you’re routing traffic, how? I can’t create the NAT Outbound rule without first creating both … perhaps you skipped this step? When I setup an interface and gateway, my gateway shows an IP on the dash but always says offline with 100% loss, is it supposed to show this?

2. Great video. I set it up on my pfsense box. Only thing is, I get terrible speeds. When I use the VPN on my phone on the same server over my home wifi… I get over 110 Mbps down. When I turn on the open on client on the WAN. .. Everything drops to 5 Mbps. Anyone have any ideas?

3. Is it possible to specific traffic or some website through vpn not all

4. How can I do the reverse VPN so I can VPN from my office to my home network using pfSense? Do I still need to use the PIA server or can I just create pfSense VPN server?

5. I dont really understand why after setting up PIA VPN all traffic goes through PIA VPN and you must create specific rules to enforce WAN gateway for your computers IP address? Your WAN gateway is still the default in routing tables after all?

6. I follow these steps but for some reason my VPN server on the pfsense box is no longer working.. anyone else having this issue??

7. I found your instructions to be easy and concise when setting up my firewall with NordVPN. Now I would like to do selective routing based upon a port, so that traffic from that machine and port goes out on my regular connection. The service is Plex. Do you know if this is possible?

8. as of today june 2019 things are different. so check it out.

9. How do I create a dedicated interface for VPN without affecting devices on my LAN interface. Meaning LAN interface on Comcast, VPN interface on PIA?

10. I don't think this will work if the VPN goes down it'll get access via the WAN https://forum.netgate.com/topic/143814/rules-being-ignored-when-vpn-client-down

11. Thanks fior this walkthrough and info. It helped me setup VPN for KeepSolid! Have a great day

12. THIS SUCKS I WILL NOT PAY IT WILL SPAM ME https://pol.privateinternetaccess.com/pages/buy-vpn/ I WILL CLICK SOME TIMES IN GOOGLE CHROME THIS SUCCKS HELP ME

13. Is there any chance you can make a video of the exact thing but opposite? I'd like a single user to go through the VPN tunnel while all other traffic is on the open internet (Amazon/Netflix nonsense)

    I know that this should be intuitive using THIS video but I swear nothing I do actually isolates the VPN – stuff always leaks over to it and breaks certain websites

14. THANK YOU !!! I’ve been looking for a how to on selective routing. I am just looking to do a open VPN point to point between two PF sense boxes and only wanted to route Plex traffic over the VPN. This is so I could have a family member connect to my Plex server without needing to go through the Plex network on the Internet just to get to my Plex server. Once again thank you!

15. Great job. Thanks

16. Another good option that I use is having 2 LAN interfaces, one with your ISP connection (regular) and one for your VPN Provider so then you can have 2 Access Points and change from ISP to VPN simply by changing the Wi-fi that you are using, this is how you do:

    Follow this video until the end (you'll need the gateway),

    Go to Interfaces => Assingments and add your "LAN2" interface, enable it and give it a static IPv4, set yout IPv4 Address to something like 192.168.2.1 that does not interfere with your existing LAN.

    Go to Services => DHCP Server, select LAN2, Enable DHCP server on LAN2 interface and set a Range for your DHCP Server, also set your vpn provider DNS here.

    Go to Firewall => Rules => LAN and change the "IPvX * … rules" to use your WAN gateway.

    Go to Firewall => Rules => LAN2 and create the rules (if they are not present) for allowing IPvX* Source => LAN2 net and use the VPN Gateway.

    And there you go, everything that uses your LAN2 interface will be routed to your VPN.

17. Thank you for this video, this helped me a lot!

18. Hlo

19. Is it possible to set a pfSense firewall rule that allows a specific site to bypass the VPN? For example, my VPN (ExpressVPN) defaults to their Seattle router, which is fine. However, the ACORN.TV site for streaming won't allow me to watch their movies if I connect to Seattle. If I change the router location to the ExpressVPN New York router all is fine, but the latency is too much. I'd like to set a rule that while connected to Seattle, ONLY ACORN.TV web site is allowed to bypass the VPN.

20. great video!

21. I've got to say, you are the best youtuber regarding pfSense, you have helped me alot. You are also the person that made me start with pfSense, I have now configured it and it's working like a dream, it's so nice to be able to customize the router in so many ways. BIG THANKS!

22. Could you do one for ProtonVpn…The Best in my opinion..but I am only a baker…Doh

23. BAD BAD LAWRENCE! You left a few things out and I'm not very bright. That being said, Can you show me how to "bind the newly created PIA interface to the VPN connection?" Given someone already commented on it, I've already set the PIA IPv4 type to DHCP which you didn't show in the tut.
    Thanks ever so, I'm still a big fan….. :-/

24. Been trying to do this for months! Wish this video came up before, thank you so much!

25. Thanks Man! Worked so Great for me!

26. So before you added the details for PIA you had internet access via the WAN port ?, adding the PIA details stopped this hence the NAT route – is this correct ???

    Ok I watched your video again and when you turned off the VPN the internet was working. What part of OpenVPN settings turns 'OFF' the internet – until it's opened in NAT ??

27. Thanks for the video, really appreciated!

28. Followed every step, not working.

29. Many thanks for creating and sharing this tutorial Tom.

30. would you have a video on how to port forward plex on pfsense im having trouble getting mine working?

31. I think every gateway needs an 8320 cpu

32. Updated to 2.4.2:

    https://www.privateinternetaccess.com/forum/discussion/23712/bypass-vpn-on-pfsense

33. Thank you so much! Your tutorial in this issue is greatly appreciated! In my case, everything seems to be working fine on my PIA VPN, however, even though my vpn is getting an IP and my pc is showing a different ip than my isp would use, when I open the gateway status, it shows my vpn as being "offline" I have rebooted the pfsense firewall pc twice but it still shows offline. Do you or anyone know what might be causing this? Thanks again!

34. Challenge: PIA port forward on Pfsense 🙂

35. trying to setup mine but its missing some settings from your video like "Server hostname resolution: Ensure that "Infinitely resolve server" is checked." and "Disable IPv6: Ensure "Don't forward IPv6 traffic" is checked. should i not worry about this?

36. Many thanks for the thorough video. Very helpful.

37. Is it possible to run aside from a PIA client an OpenVPN server in order to get access to home LAN from outside networks? I mean, to run 2 different instances of OpenVPN – one client (PIA) and another server on the same pfSense hardware?

38. How To Confing Site To client
    Multi Client Login At Same Time in OpenVPN
    ( My Firewall Problem One Client is Login But second Client Not Login At Same Time )

    https://drive.google.com/file/d/0BwEcTHv8M8iJUFB3S3FzRkVZemM/view?usp=sharing

39. I followed your guide completely however it didn't work. It pretty much matches what PIA has on their support page now. For grins I went in and saw that there was a system update. I was on 2.3.4 and 2.4 released on Oct 10th. I have no clue if the update resolved some type of internal software issue however after going back in and having to redo the configs it is now working. Just figured that I would share for anyone that might be running into issues recently. Thanks for the tutorial. I will need to come back to it again for setting up a machine or two to skip using it.

40. Hi..

    After activating the PIA VPN I need to have a wan port XXXX open to view my sec cameras. How do I open up this WAN Port ?

    thks

Comments are closed.