Private internet access pfsense
Setting up pia vpn on pfsense for your whole network and
I’m trying to set up an openvpn client on a pfsense box that’s linked to a private internet connection (port 1198). Via the firewall, only ports 80 and 443 are available on the internet connection I’m using. Is it possible to configure port forwarding to route port 1198 from port 443 using TCP? Is it even possible?
The firewall’s only open ports are 80 and 443. How do I redirect traffic from 443 -> 1198 or 1198 -> 443 if port 1198 is linked on the outbound but the port is blocked on the firewall?
Yeah, if you followed the instructions, you shouldn’t have any problems. I used to have this setup and had no problems. Check that you have the correct CAs downloaded and imported, along with the appropriate port number in your list.
Thank you so much, xMAXIMUSx and neogrid, for your contributions and responses. I figured I’d share the information with you in case you run into a similar problem in the future and might maybe help someone else.
Set up private internet access openvpn on pfsense
This weekend, I set up a dedicated VPN VLAN for IoT and Firestick devices on my home network using the new version of pfSense (version 2.4.4 as of July 2019). I ran into some issues with older guides because a couple of the settings and menu options have changed, so I’m compiling my notes here for my own reference and for anyone else having trouble configuring VPN/VLANs with more recent pfSense updates.
The next step is to allocate the VLAN to an interface. On my modded WatchDog XTM appliance, I have a single WAN port and five open OPT ports to assign, and I send all of my VLANs down em1.
The corresponding ca.rsa.2048.crt certificate will be used. If that connection does not function, you can always find the most recent configuration files on PIA’s Client Support page under Advanced Router Setup, as well as on this Knowledgebase page. We’re using AES-128-CBC+SHA1 with the default UDP link over port 1198.
Next, enter your username and password that you received via email from PIA when you signed up in the User Authentication Settings section. Since it is not available from your account tab, you should have it in an email. If you’ve forgotten your password, you’ll need to reset it before proceeding to the next segment.
Update: configuring an opensource pfsense firewall to use
Copy the content between the ca>/ca> tags into the field Certificate Data in one of the *.conf files from the pfsense op24 udp v4 AES128CBC AU in ci.zip folder, as seen in the lower picture on the left.
Configure the OpenVPN client as follows (this documentation uses the Amsterdam server): Deactivate the function. Automatically create a TLS Key and paste the text from the *.conf file between the tls-auth>/tls-auth> tags into the field TLS Key. Tip: Depending on your router’s CPU performance, you may be able to get better speed and bandwidth by using the weaker encryption AES-128-CBC. In this case, the encryption algorithm to use is AES-128-CBC.
Click on the pen symbol to open the IPv4 rule (edit). Select VPN PP AMSTERDAM VPN4 as the Gateway by activating Advanced Options. The configuration should look like the lower picture on the left after saving.
Select the VPN Interface (VPN PP AMSTERDAM) from the Outgoing Network Interfaces menu under Services DNS Resolver. Note: By default, DNS requests are sent directly to your ISP, which is why, in order to avoid DNS leaks, you should use a VPN interface for outgoing DNS requests.
How to setup private internet access on pfsense / setup pia
I recently upgraded a LAN router with a J1900 CPU to version 2.5 of pfsense. After that, the OpenVPN client service failed to authenticate with PIA properly (Private Internet Access, a paid account). I was afraid they’d returned to their previously stated (but later withdrawn) threat of requiring AES-NI assistance, but that wasn’t the case. I had to disable (uncheck) the “Enable Data Encryption Negotiation” setting in the OpenVPN client. See https://www.reddit.com/r/PFSENSE/comments/lpd2k2/250 bug openvpn pia encryption negotiation/ and https://www.reddit.com/r/PFSENSE/comments/lpd2k2/250 bug openvpn pia encryption negotiation/. That solution isn’t my favorite (it sounds filthy), but it’s working for now. I’m thinking about digging a little deeper.
Thank you for your help; I’ve been meaning to look into it. It is supported by the Linux desktop PIA software, and they (PIA) suggest it. On the router side, I haven’t looked into it yet. I’ll take a look at it as soon as possible. Ish, it’ll be soonish.
It’s been a while, but AFAIK, Wireguard is only supported through their app, which is a real bummer. Also, I don’t believe it supports a port forward, which is needed by an unnamed common file transfer protocol. But the fact that it needs their application makes me wonder if I can look at other VPN providers.