How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
Рет қаралды 114,066
Күн бұрынPIA pfsense write up
www.privateinternetaccess.com...
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Our pfsense Tutorials
lawrence.technology/pfsense/
Related Forum Post
forums.lawrencesystems.com/t/...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video/techsupplydirect
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Timestamps ⏱️
00:00 pfsense privavy VPN Intro
02:00 Diagrams.net Lab Setup
04:33 Imoporting the CA
05:56 Create OpenVPN Client
09:10 Adding OpenVPN Interface
10:48 Gateway Monitoring
11:20 Outbound NAT Rules
12:16 Firewall & Kill Switch Rules
#pfsense #VPN #privateinternetaccess
@LAWRENCESYSTEMS 2 жыл бұрын
PIA pfsense write up www.privateinternetaccess.com/helpdesk/guides/routers/pfsense/pfsense-2-4-5-openvpn-setup Protect you privacy with a VPN from Private Internet Access 🛒 www.privateinternetaccess.com/pages/buy-vpn/LRNSYS Our pfsense Tutorials lawrence.technology/pfsense/ Related Forum Post forums.lawrencesystems.com/t/how-to-setup-pfsense-openvpn-policy-routing-with-kill-switch-using-a-privacy-vpn-youtube-release/12441 ⏱ Timestamps ⏱ 00:00 pfsense privavy VPN Intro 02:00 Diagrams.net Lab Setup 04:33 Imoporting the CA 05:56 Create OpenVPN Client 09:10 Adding OpenVPN Interface 10:48 Gateway Monitoring 11:20 Outbound NAT Rules 12:16 Firewall & Kill Switch Rules
@seetendrapanda 2 жыл бұрын
The link just does not work. Any other alternate link?
@johnarrington6292 Жыл бұрын
This video is a grand slam home run. I've learned so much about firewall rules, routing etc. from watching your excellent videos. Learning the power of aliases in rules was the biggest single game changer for me. Because of your videos not only have I got stuff working robustly, but I actually understand *why* it works with a lot of cool knowledge tidbits along the way. Tagging the packets and setting a floating rule was a truly elegant hack that I will be putting in my back pocket for future use.
@LAWRENCESYSTEMS Жыл бұрын
Glad it was helpful!
@Itay1787 2 жыл бұрын
You didn't explain about the DNS leak
@waynoinsaneo Жыл бұрын
Dude, you took a process that should have been annoying and make it straight forward. You have my gratitude.
@bitoiu Жыл бұрын
Amazing video, been watching this channel for ages, but today needed to apply this and it's so informative, practical, efficient. Great content.
@sjheeta 2 жыл бұрын
Yeah - I can’t believe how great this video was! Had tried another convoluted method to put some of my unraid containers onto vpn with no success. With this, I can put any ip on my network behind firewall, outstanding!! Thank you!
@jenniferw8963 Ай бұрын
I spent hours on this before watching this video. You make it so easy! Thank you so much! I now have my entire VLAN 30 going through PIA via pFSense router, with the kill switch! No chance for my IP address to accidentally appear on the internet :)
@uzairfarooqui3471 Жыл бұрын
Excellent video, thank you for taking the time to explain the kill switch and tagging. I applied this to opnsense firewall, and got everything working.
@WarrenAshton 18 күн бұрын
As always, this is so helpful and informative. I'll just add one note: when testing the killswitch my machine would keep the connection alive. Then I remembered ipv6. Had to duplicate rules and add the ip6 address to the alias for it to finally kill the connection.
@pedroporrasmedina 2 жыл бұрын
Amazing video! Very well explained and super functional one, I will put this in practice sooner for sure. Thanks Tom!
@janoserdelyi9879 Жыл бұрын
The is the best video i've seen on the subject. Thank you i learned a lot and i'm getting a better grasp of my pfsense firewall due to excellent tutorials like this
@wayne6220 2 жыл бұрын
Excellent video, I was only looking at pfsense and openvpn recently, very timely, thank you.
@seannugent8141 2 жыл бұрын
I know I am way late on this one - but thank you for this video. It explained how to do what I was trying to do and as a result explained what I was doing wrong and more importantly WHY. So Thank you
@danonbrown2035 10 ай бұрын
Thank you for this. Easy to follow with great explanations rather than just clicking around.
@Darkk6969 2 жыл бұрын
Great use of the floating rule. I've always wondered how it could be used.
@willblanton3120 2 жыл бұрын
FYI another use of a floating rule is using redundant VPN tunnels. If a TCP session fails over to a different tunnel, the firewall will block that outgoing traffic because it didn’t see the handshake. Doing an outbound floating rule with quick match and allowing all TCP flags will allow that session to stay alive
@Canon1DMkII 8 ай бұрын
Man you talk fast - actually are the first person I needed to slowdown playback to follow. Thanks for the information.
@devinkraeker8841 Жыл бұрын
Man I love your videos, so comprehensive. Thanks!!
@neilwalker5119 2 жыл бұрын
Get on Tom! Very much appreciated. Legend as always.
@CaptainZedful 6 ай бұрын
Great video, I found it thoroughly useful. Thanks very much for putting it up. Got it all working well, I had setup a similar config about 5 years ago and recently went through and completed some big upgrades which broke a bunch of stuff - decided to do a bit of a refresh and rebuilt. This tutorial was excellent.
@gurulee73 9 ай бұрын
Thank you for sharing and putting this intuitive guide together. I found it very helpful
@robertbarrieault9297 Жыл бұрын
There were just a couple things different between 2.4.3 and 2.6.0 versions that were not covered by PIA in their directions. Watching this video I was able to catch what I needed to make it work. Thanks again for a great video
@drinkyt398 Жыл бұрын
what were the differences?
@GoldenTeeTV 2 жыл бұрын
haha noticed the I am Root shirt. 😁😁 especially with whats going on in the esport world right now. luv it nice vid always enjoy them
@jared4670 2 жыл бұрын
Wish I had watched this video first.... Always an excellent tut
@allaboutcomputernetworks 5 ай бұрын
Perfect, thank you for explaining these side by side!....👍
@redstonemason Жыл бұрын
I followed this video and together with the Netgate Documentation I got a very similar setup on ProtonVPN with WireGuard. This was invaluable. A wireguard video would be really nice for lots of folks. It is so fast and easy once the setup has been done. I did take the opposite approach and set the VPN to the default gateway and then my Firewall aliases are the list of clients that I do not want routing over the VPN but that is so that they are not broken. For instance my ISP installed a TV box for some of their bundled service that they call Rogers Ignite. The box gets blocked by Rogers if not coming from your native WAN connection. I know the video is old but it is still relevant.
@jonnypeace2810 2 жыл бұрын
Great video!! I did originally have problems making pfblocker and vpnservice work together, but think i've got that working, along with your genius with the tagging! Very clever, love it. Had to make a few adjustments to make sure no dnsleaks with pfblocker. Originally made my own VPN gateway with linux firewall rules (a lot of rules and scripts and crontab), but was always a little dubious, even though no dnsleaks etc. Really love the level of detail you go into, many thanks :)
@Skylinar 10 ай бұрын
Can you please give more insights how you've set it up to prevent dns leaks?
@jonnypeace2810 10 ай бұрын
@@Skylinar Hello. After passing my LFCS, i ended up overhauling my networking setup, to exclusively use Linux for networking/firewall, so my pfsense is no more. I think my original setup resolved locally, but i cant remember the name of it now, and if i remember right, i had issues when I wanted different routes to have different DNS, so I will guess that i changed the pfblockers DNS resolver in some way, to use the VPN provider for the web downstream rather than local/isp, otherwise it would have been leaks galore. Wish i could remember, or documented what i did, sorry
@miguellombana9847 Жыл бұрын
As alwasys thank you Tom... finally I don't have to remember to make sure my "special" machines are on Nord... now it's automatic and the killswitch feature is a huge plus!
@stuartscott6716 Жыл бұрын
Great video. it’s finally allowed me to get a specific vlan routing out over a vpn service
@FranciscoCosta Жыл бұрын
you are an amazing person! Thanks so much for this video! :)
@J-D248 Жыл бұрын
Thank you for this video! Great step by step instructions!
@zachhockey 2 жыл бұрын
Just a few days ago I gave this a go with Nord and couldn't seem to get PfSense to actually send data out that interface. I'll have to give it a go again. Thanks!
@marksparky Жыл бұрын
You’re a legend Tom many thanks
@KSherwoodOps 2 жыл бұрын
this was so helpful ty!
@StoshGalumpke 8 ай бұрын
This is great stuff ... Tommy, I know you're not a genius, but you seriously are ... using the firewall to route an alias to the vpn is sweet and elegant ... many thanks !
@Krojack76 Ай бұрын
Pretty good guide. I liked it. As someone using OPNsense now I wish there were more guides on how to do these things within that setup. I know they are similar and you can sorta follow along however OPNsense is changing very quickly and it's getting harder.
@captainhappy 3 ай бұрын
The video is good thanks. Something to be added to this is if you use more than 1 VPN connection (with all of them having the same rule based killswitches), you might want to make each of those VPN gateways (System / Routing / Gateways) to have also the "Disable Gateway Monitoring Action" checkbox ON. I believe I had issues from pfsense probably trying to route one VPN connection to another VPN connection, and to my understanding that happens when pfSense gateway monitoring notices the gateway is not working, so pfSense tries to find different gateway - and that checkbox ticked it should be prevented to do so. The video works fine with just 1 VPN connection because there is only one another gateway that is WAN. For more connections than just 1 WAN and 1 VPN, you probably need to make more settings, as the killswitch example works only for traffic trying to escape from VPN to WAN, and I believe that gateway monitoring action disabling should help there. It would be nice if this could be confirmed true by someone.
@dimaj1 2 жыл бұрын
Awesome video! Thank you!
@geoffpedder 4 ай бұрын
thanks for this, you're a great teacher
@fredlabosch6459 3 ай бұрын
Thanks man, it´s working perfectly !
@JasonsLabVideos 2 жыл бұрын
Not that i use Pfsense BUT DAMN good video as always ! Thanks sir !!
@nikolaybaranov2213 2 жыл бұрын
Cool solution! Thanks!
@cidercreekranch 2 жыл бұрын
I recently switch to PIA from another VPN provider and the rule that I had established for routing Netflix and Amazon Prime video were not working. All traffic was routing through the VPN. I'm guessing my previous provide did not pull and add routes but as you indicated that PIA, ticking the Don't Pull Routes and Don't Add/Remove routes fixed the problem. THANKS!
@Manu-oi4qc 2 жыл бұрын
Great video as usual ! Could you please make a complementary video describing how to set up PIA DNS servers over TLS ? Thank you for sharing your huge knowledge !
@ivanjuarez1412 2 жыл бұрын
Great video!
@erickalcala7649 Жыл бұрын
Great Video!!
@dolomit7517 Жыл бұрын
very useful thanks a lot!
@thejerseyshaun Жыл бұрын
This is gold thank you.
@LAWRENCESYSTEMS Жыл бұрын
🙂
@ITKudil Жыл бұрын
Thank you so mush very very useful Tips
@antoniostanss Жыл бұрын
Gr8 Video thnx
@OliverAllpress 2 жыл бұрын
Really great video thanks! I couldn’t get the kill switch to work though. It just wouldn’t block any traffic. Identical config from what I can tell to yours.
@playtime5423 2 жыл бұрын
Great info
@chrisjchalifoux 2 жыл бұрын
Ty for the grate video it helped me out a lot wth my vpn provider
@GilligansTravels 2 жыл бұрын
awesome!
@MaheshDare 2 жыл бұрын
Great Video
@jeffm2787 2 жыл бұрын
Good video. I just use DNS over TLS and SSL based websites. If my ISP knows I'm hitting a website it just doesn't matter much. I see VPN's for a few uses, accessing a business network, accessing your home network, and everything illegal. The later I don't partake in.
@daveiooo Жыл бұрын
Great video! One question out of curiosity, since the only NAT outbound rules you created mapped LAN2 to the VPN interface, if the VPN interface goes down, doesn't that mean no traffic will be able to reach WAN, essentially creating a killswitch without the need for creating that tagging rule? I've done this method for a kill switch (Only creating a NAT Outbound rule to the VPN Interface) in the past and am wondering if I'm missing something. Thanks!
@thenanook 6 ай бұрын
thank you for the videos
@LAWRENCESYSTEMS 6 ай бұрын
My pleasure!
@lordbaboon1110 2 жыл бұрын
Dont pull routes did the trick,thanks ! :D
@tolskie31 2 жыл бұрын
Thank you Sir! 😭
@Astro-qk5xd Жыл бұрын
Hi, thank you for you video. Can I use pfsense to filter website so kids can be safe?
@StephenHarrisTrackMasterSteve Ай бұрын
I followed all of these steps. And I even rebooted all devices involved, including the router itself. And the device I am trying to tunnel through the VPN, still has the same IP address.
@JustinWallis Жыл бұрын
Would this be beneficial if you plan on hosting websites. Would you just not use the vpn for the website server?
@yogibear5695 2 жыл бұрын
Very interesting Topic. I tried applying this scheme and still having issues when adding a port mapping from the VPN Interface to a host on the IOT network. It appears the SYN is properly mapped to the IOT Host, but the Syn ACK is routed back through the WAN, preventing proper connection establishment. Any ideas how to get the SYN-ACK mapped to the proper state entry and routed back through VPN Interface?
@johnc2k2k Жыл бұрын
Thanks, I was able to replicate this on opnSense using your guide
@LAWRENCESYSTEMS Жыл бұрын
Excellent!
@sylvainlaflamme4653 2 жыл бұрын
Hi Tom, just noticed that your Draw.IO looks very different from the regular offline desktop version. Are you using a different version? Happy New Year! from Ontario Canada and always love your technical videos!
@LAWRENCESYSTEMS 2 жыл бұрын
There are different modes that change the layout
@luisveloz5068 2 жыл бұрын
Hi Tom, great content, thanks. Going a little furder on your settings, is it possible to have 2 wans with 2 different vpn providers at the same time with pfsense? Is it possible? Ex. ISP 1 - pia vpn , ISP 2 - nord vpn. I tried it but pfsense becomes unstable, the gateways freak out.....you´ve tried?
@GryphonM Жыл бұрын
I would love if you could do a couple of videos on Sophos XG firewalls.
@captainhappy Жыл бұрын
Have you used 2 VPN connections in same network 16:20 so that while the floating rule in WAN blocks the WAN connections, the pfsense can inadvertently start routing through the other VPN connection when the first VPN happens to go offline? Basically, do just like you do in this video, but instead of having just one VPN connection, have two VPN connections, lets say France and Brazil, and have several computers. Some use the France and some use the Brazil connection. If the computer configured to France VPN loses its connection, then pfsense might try to start routing that France VPN connection to Brazil VPN, the floating rule on WAN side doesn't prevent the switching from one VPN connection to another VPN connection?
@emanbuoy7673 Жыл бұрын
thank you so much for this,it works amazing on my opnsense, but im unable to access home assistant over wifi on my phone when im running vpn,but as soon as i stop the vpn services it works as usuall.. im not sure what im doing wrong .. can you help with what i can trouble shoot.(my homeassistant in running on it own bare metal computer connected via lan to my opnsense).... ty
@Chris-hy6jy 2 жыл бұрын
I found that setting System > Routing > Default Gateway to 'None' stopped VPN traffic from bypassing the VPN gateway when the VPN went down.
@deciodasilva3960 2 жыл бұрын
This was a very nice video man, just curious can I use this to bypass CG-NAT ISP configuration...
@LAWRENCESYSTEMS 2 жыл бұрын
That is not the use case for this.
@mshrem 2 жыл бұрын
How about a video of how to do this with wireguard?
@JJ_Doc 2 жыл бұрын
Thanks for video. I followed all the settings and checked over them several times. The kill switch works but when the VPN comes back after being out a few minutes the network VPN users are still blocked. I need to reload the filters and then all VPN users get unblocked. Anyone have any ideas? Thanks.
@marcelw3099 2 жыл бұрын
Hi Tom, thanks for this and your other videos.I have one issue though with rule based routing which i am unable to solve, so i really hope you (or somebody else) knows the trick. It is with ovpn site-to-site tunnels. I have 1 ovpn server, and multiple ovpn clients (sites) connecting to me. For the tunnels to work on the server side, I have a 'client specific override' for each client/site. So far so good, tunnel works perfectly. On the server side, for some devices i want to do rule based routing, so that the device goes to the internet, at a sites location. But since I am the ovpn server/host, I have only 1 interface & gateway for all sites/tunnels. How on earth can I instruct pfSense to route specific traffic to a dedicated site/tunnel? Tried so many different things, but none of them worked. On the client side, this issue does not exist, because each client has a gateway for his own tunnel to me. I really hope anybody knows how to do this. Thx.
@noranoxica 10 ай бұрын
My dad bragged, when inquired about his home security, that he was using the Norton VPN. This has led me to the conclusion that modern vpn solutions are more akin to a police escort, rather then a balaclava.
@AliB333 2 жыл бұрын
Can't this be set up to just block all traffic from a particular subnet if the VPN interface goes down, without tagging packets? I'm struggling with this problem because I've managed to set it up where, if my VPN interface goes down, it'll stop my subnet going out over the WAN (by enabling the option in System > Advanced > Miscellanious > "Skip rules when gateway is down"), but when the VPN comes back on, none of my traffic starts flowing again? Do I just need to turn on that service monitor?
@marksmith8142 2 жыл бұрын
Got VPN up and Online using AirVPN. When I start to route IP's out over it, maybe after a few hours or so, the VPN gateway goes down (latency?) then that seems to cause my default WAN to fail. I then have to reboot router and it will fail again within random times. I am not sure why....it seems if I don't route any devices, it seems to stay online. Do I have to add any firewall rules to the OpenVPN or the VPN Interface I created so this doesn't happen? Any thoughts?
@gomez758 Жыл бұрын
Great information, Would any firewall rules be needed on the vpn gateway for security reasons? like no access to firewall port, ect...
@LAWRENCESYSTEMS Жыл бұрын
Only if you want to limit what the VPN has access to.
@kc0eks 2 жыл бұрын
Thanks for this! Any chance you can do a video on restoring a pfsense to new unlike hardware? Every time I do this it doesn't go well. Assigning interfaces and vlans and such just doesn't restore when interfaces are different unless you rebuild it all. I'm sure there's a better way.. a tom way.
@LAWRENCESYSTEMS 2 жыл бұрын
Download the XML backup, search and replace the interface names to match the system you are restoring to.
@TheADiggins 2 жыл бұрын
I have done what Lawrence says here going from a pfsense 2100 to a 6100 as long as you know your interface names it’s really easy.
@michnl1772 Жыл бұрын
For preventing DNS leaks: to get the VPN over the DNS provided by the VPN: 1. Go to Services → DNS Resolver 2. Scroll up to Outgoing Network Interfaces and select the VPN Interface (the one you've made). Please note that this setting is very important as it prevents DNS leaks). 3. Disable DNS query Forwarding if it's enabled because this wil use the defined DNS at the General page (that you don´t want Leaks DNS). That´s it!
@SpaceCadet23 11 ай бұрын
Hey, in the video you switch between tabs. What interface or desktop are you using to be able to do that?
@LAWRENCESYSTEMS 11 ай бұрын
I use POP_OS
@Tom-jo8fu Жыл бұрын
Hi Tom, Great video but I have some trouble with the DNS LEAKS. My devices get a different IP from the VPN I provided but when I do a DNS leak test it's failing. How can I fix that?
@michnl1772 Жыл бұрын
Hi Tom, to get the VPN over the DNS provided by the VPN: 1. Go to Services → DNS Resolver 2. Scroll up to Outgoing Network Interfaces and select the VPN Interface (the one you've made). Please note that this setting is very important as it prevents DNS leaks). 3. Disable DNS query Forwarding if it's enabled because this wil use the defined DNS at the General page (that you don´t want Leaks DNS). That´s it!
@Tom-jo8fu Жыл бұрын
@@michnl1772 Hi Mich, I have forwarding mode enabled because most of my devices are routed out over the WAN with DoT configured. I want a couple of devices as Tom has shown in the above video to route out over Pia without DNS leaks. Do you have a solution for that as well? thx for your response!
@brendensmith3325 2 жыл бұрын
I've just given this a go but I can't get the floating rule to work. If I disable the VPN then it goes out the WAN. I'll keep working on it.
@chriseee86 Күн бұрын
Using this method, can websites see that you’re connected via VPN? Or would they only see the IP that you’re connected to?
@JonLinde 2 жыл бұрын
I was wondering if it is possible to apply the same principles of using aliases, to set different VPN gateways based on geographic destination - leveraging pfblocker geoip aliases... Based on this video, it seems doable - or am I missing something?
@LAWRENCESYSTEMS 2 жыл бұрын
Not sure if that is possible
@AceBoy2099 10 ай бұрын
By the sound of this (so far, im not too far in) it sounds like what im looking for. I want to route a program through a secondary nic (bound to it) through a vpn without having to mess with the vpn software messing up my pc that said program is on. Im assuming it would have to be a vlan of its own on my unifi/opnsense?!?
@LAWRENCESYSTEMS 10 ай бұрын
Yes, it can be done with a VLAN / Separate subnet.
@quangmango7776 2 жыл бұрын
After follow your setup, which is working. But for some rease, I can't Ping my default WAN gateway IP and can't access WebUI of my ISP modem anymore. Yes I did set this gateway default WAN on System->Routing already. Does anyone know how to fix that?
@MadAboutTutorials Жыл бұрын
at 10:48 as soon as I add a monitor address to my VPN in routing, it shows 100% loss and offline, tried quad 9, quad 8 and quad 1 just to troubleshoot but got the same result. any ideas?
@nickeby Жыл бұрын
Great video, but I just can't get it to work. I either get all traffic going through the tunnel or no traffic.
@random_tech_stuff 2 жыл бұрын
Some websites don't accept traffic from my IPv4 because I'm running a Tor relay so I set up rules on pfSense to route said traffic over an external VPN provider. My specific use case would have been useful to include in this video.
@Michaelp715 Жыл бұрын
Shame on Tom for not checking with you first!
@gxr3633 2 жыл бұрын
How do you handle DNS leaks? Do you create a nat rule and forward dns requests to PIA's DNS servers? Is there a preferred way?
@LAWRENCESYSTEMS 2 жыл бұрын
Assign public DNS instead of pfsense via DHCP reservations to the devices that you want using the VPN
@charlineregolina3560 4 ай бұрын
@lawrencesystems could you please redo this with WireGuard in place in the same setup now instead of OpenVPN?
@LAWRENCESYSTEMS 4 ай бұрын
Eventually I will
@byarea 2 жыл бұрын
Hi Lawrence, great video, however you said you were gonna cover DNS leaks but i didnt see it in the video. Did i miss something? If no could you pickup that topic please. Thanks
@LAWRENCESYSTEMS 2 жыл бұрын
I forgot to add it to the video, just assign public DNS to the devices that want behind the VPN. This can be done via DHCP reservations
@byarea 2 жыл бұрын
@@LAWRENCESYSTEMS thanks for the reply, when doing so will the DNS query’s go through the tunnel or will they be resolved by the regular wan?
@LAWRENCESYSTEMS 2 жыл бұрын
@@byarea everything originating from those devices is forced over the tunnel, including DNS.
@TheLizardNerd 2 жыл бұрын
Hi! I have a question about the Virtual IP of PIA interface. For the purpose of the video the IP is a private IP, but on a real case it should be a public IP? Otherwise I don't understand how a private IP can go outside to network to the remote PIA VPN server. I hope I have explained my doubt clearly. Thanks for the video!
@LAWRENCESYSTEMS 2 жыл бұрын
That is the tunnel IP for OpenVPN assigned to pfsense.
@TheLizardNerd 2 жыл бұрын
@@LAWRENCESYSTEMS Thanks! But what is the source address and destination address of a pdu going through the VPN tunnel?
@LAWRENCESYSTEMS 2 жыл бұрын
I don't understand the question.
@ishk8314 2 жыл бұрын
Hi, great video. I'm new to this and your videos are extremely help full. I was wondering... is there any way to chain VPN's using pfsense. Example Linux --> ISP-->VPN1-->VPN2-->Online server
@LAWRENCESYSTEMS 2 жыл бұрын
possibly depending on how you set things up. You can do lot's of overly complicated things with pfsense, not that they are all good ideas, but you can do them.
@ishk8314 2 жыл бұрын
@@LAWRENCESYSTEMS I have it setup like shown in your video. How would I chain a 2nd VPN?
@shamilkhalidov6571 2 жыл бұрын
I've tried to install Express VPN to pfsense many times in different ways, also official guide on Express VPN website, but no success. Would be great if you make a video about this installation. Thank you
@majoraslayer64 Жыл бұрын
This video is INCREDIBLE. I've been fighting with this all day, and the floating rule works GREAT for a simple and reliable kill switch. Thanks a ton for posting this! A couple of tips I'd like to add: * You WILL have a DNS leak if you stop here, which is my one criticism of this video. The router configuration is fine, but you HAVE to prevent DNS leaks by manually setting your DNS settings on the machine you're connecting to the router. In my experience this tends to be true of any OpenvVPN-on-a-router setup, but it's something that often gets overlooked in setup guides. Manually set your DNS in Windows/Linux/Mac etc. and you should be good. * In my case, my "hosts" are actually a series of Docker containers that are assigned their own IP addresses on a macvlan Docker network. These can be secured against DNS leaks as well by setting "--dns [your vpn's DNS IP]" in your "docker run" command. I struggled to learn this tip, so I hope it helps someone else. * If you're translating this to OPNsense like I am, a few options have been renamed but can be matched up by context clues. For setting tags, the first field assigns tags to packets and the second watches for tags that match what you put there. OPNsense is a little more vague in how they label these unless you turn on the "Full Help" toggle and see descriptions. * OPNsense Watchdog settings have been renamed to "Monit"
@piperfect Ай бұрын
Why does PIA show as 0ms on the gateway monitor?
@Elliot9874 2 жыл бұрын
Has anyone got port forwarding to work? I know when you use the PIA app they have port forwarding.
@briankfree 2 жыл бұрын
Would be nice if a video like this could be made for Unifi Dream Machine lineup, if it even supports policy based routing with a VPN Client. Not sure it does, but would be nice if it did.
@LAWRENCESYSTEMS 2 жыл бұрын
I can't make a video on something not supported on the UDM.
@briankfree 2 жыл бұрын
@@LAWRENCESYSTEMS Yes I know, just over here wishing it was. :/ Great video on the pfsense PBR.
Jason Derulo
Рет қаралды 123 МЛН
Lawrence Systems
Рет қаралды 99 М.