Jump to content

OpenVPN over PFSense config failing: DNS issue?

BrinkGG
By BrinkGG
in Networking
 Share
Posted

Hey all, I posted this to a different forum, but I'm thoroughly stumped and hoping y'all can help. 

Here’s the issue I’m having:
I'm attempting to run some of my devices through a VPN at home, but want to do it on the router side so I can have more then the 5 device limit that PIA has. 

 

I follow the PIA website guide (and the Lawrence IT Systems YT video) to add PIA to OpenVPN on PFSense. Specifically this video , and this video and the PFsense 2.4.3 guide to attempt to get PIA running, selective routing so my gaming pc and consoles bypass it, and a killswitch, Pfsense never actually connects to PIA…

Whenever I go to check status, I see this instead of the status “up” that I was expecting to see:

fa6f9a35c7aa8bbefbb3830828ed5e6bf937a9b6_2_690x69.png.a6a1128664f8515c811c2d6b4c72d038.png

 

I have followed this guide almost perfectly, and have looked up other user guides for this as well to no avail. 

 

Any ideas? 

Fine you want the PSU tier list? Have the PSU tier list: https://linustechtips.com/main/topic/1116640-psu-tier-list-40-rev-103/

 

Stille (Desktop)

Ryzen 9 3900XT@4.5Ghz - Cryorig H7 Ultimate - 16GB Vengeance LPX 3000Mhz- MSI RTX 3080 Ti Ventus 3x OC - SanDisk Plus 480GB - Crucial MX500 500GB - Intel 660P 1TB SSD - (2x) WD Red 2TB - EVGA G3 650w - Corsair 760T

Evoo Gaming 15"
i7-9750H - 16GB DDR4 - GTX 1660Ti - 480GB SSD M.2 - 1TB 2.5" BX500 SSD 

VM + NAS Server (ProxMox 6.3)

1x Xeon E5-2690 v2  - 92GB ECC DDR3 - Quadro 4000 - Dell H310 HBA (Flashed with IT firmware) -500GB Crucial MX500 (Proxmox Host) Kingston 128GB SSD (FreeNAS dev/ID passthrough) - 8x4TB Toshiba N300 HDD

Toys: Ender 3 Pro, Oculus Rift CV1, Oculus Quest 2, about half a dozen raspberry Pis (2b to 4), Arduino Uno, Arduino Mega, Arduino nano (x3), Arduino nano pro, Atomic Pi. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
7 hours ago, cole0622 said:

Did you make a firewall rule to allow the connection?

OpenVPN creates an "Any" to "Any" rule for it's own traffic. It's still behind the default WAN rules though. 

Fine you want the PSU tier list? Have the PSU tier list: https://linustechtips.com/main/topic/1116640-psu-tier-list-40-rev-103/

 

Stille (Desktop)

Ryzen 9 3900XT@4.5Ghz - Cryorig H7 Ultimate - 16GB Vengeance LPX 3000Mhz- MSI RTX 3080 Ti Ventus 3x OC - SanDisk Plus 480GB - Crucial MX500 500GB - Intel 660P 1TB SSD - (2x) WD Red 2TB - EVGA G3 650w - Corsair 760T

Evoo Gaming 15"
i7-9750H - 16GB DDR4 - GTX 1660Ti - 480GB SSD M.2 - 1TB 2.5" BX500 SSD 

VM + NAS Server (ProxMox 6.3)

1x Xeon E5-2690 v2  - 92GB ECC DDR3 - Quadro 4000 - Dell H310 HBA (Flashed with IT firmware) -500GB Crucial MX500 (Proxmox Host) Kingston 128GB SSD (FreeNAS dev/ID passthrough) - 8x4TB Toshiba N300 HDD

Toys: Ender 3 Pro, Oculus Rift CV1, Oculus Quest 2, about half a dozen raspberry Pis (2b to 4), Arduino Uno, Arduino Mega, Arduino nano (x3), Arduino nano pro, Atomic Pi. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, BrinkGG said:

OpenVPN creates an "Any" to "Any" rule for it's own traffic. It's still behind the default WAN rules though. 

Ok. Did you try recopying the servers certificate? Also ensure that you have the right servers for the certificate. If those are not it, it could be something to do with the kill-switch, try disabling it to see if works

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 hours ago, cole0622 said:

Ok. Did you try recopying the servers certificate? Also ensure that you have the right servers for the certificate. If those are not it, it could be something to do with the kill-switch, try disabling it to see if works

Currently there's no kill switch enabled Bone stock PFsense other than this VPN. 

Fine you want the PSU tier list? Have the PSU tier list: https://linustechtips.com/main/topic/1116640-psu-tier-list-40-rev-103/

 

Stille (Desktop)

Ryzen 9 3900XT@4.5Ghz - Cryorig H7 Ultimate - 16GB Vengeance LPX 3000Mhz- MSI RTX 3080 Ti Ventus 3x OC - SanDisk Plus 480GB - Crucial MX500 500GB - Intel 660P 1TB SSD - (2x) WD Red 2TB - EVGA G3 650w - Corsair 760T

Evoo Gaming 15"
i7-9750H - 16GB DDR4 - GTX 1660Ti - 480GB SSD M.2 - 1TB 2.5" BX500 SSD 

VM + NAS Server (ProxMox 6.3)

1x Xeon E5-2690 v2  - 92GB ECC DDR3 - Quadro 4000 - Dell H310 HBA (Flashed with IT firmware) -500GB Crucial MX500 (Proxmox Host) Kingston 128GB SSD (FreeNAS dev/ID passthrough) - 8x4TB Toshiba N300 HDD

Toys: Ender 3 Pro, Oculus Rift CV1, Oculus Quest 2, about half a dozen raspberry Pis (2b to 4), Arduino Uno, Arduino Mega, Arduino nano (x3), Arduino nano pro, Atomic Pi. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, BrinkGG said:

Currently there's no kill switch enabled Bone stock PFsense other than this VPN. 

Have you tried a different server? did you set dns servers to 209.222.18.222 209.222.18.218?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 hours ago, cole0622 said:

Have you tried a different server? did you set dns servers to 209.222.18.222 209.222.18.218?

Yes. I have tried US west, US east, toronto, Swiss, and Norway, and general dns is set to that as well as DHCP dns

Fine you want the PSU tier list? Have the PSU tier list: https://linustechtips.com/main/topic/1116640-psu-tier-list-40-rev-103/

 

Stille (Desktop)

Ryzen 9 3900XT@4.5Ghz - Cryorig H7 Ultimate - 16GB Vengeance LPX 3000Mhz- MSI RTX 3080 Ti Ventus 3x OC - SanDisk Plus 480GB - Crucial MX500 500GB - Intel 660P 1TB SSD - (2x) WD Red 2TB - EVGA G3 650w - Corsair 760T

Evoo Gaming 15"
i7-9750H - 16GB DDR4 - GTX 1660Ti - 480GB SSD M.2 - 1TB 2.5" BX500 SSD 

VM + NAS Server (ProxMox 6.3)

1x Xeon E5-2690 v2  - 92GB ECC DDR3 - Quadro 4000 - Dell H310 HBA (Flashed with IT firmware) -500GB Crucial MX500 (Proxmox Host) Kingston 128GB SSD (FreeNAS dev/ID passthrough) - 8x4TB Toshiba N300 HDD

Toys: Ender 3 Pro, Oculus Rift CV1, Oculus Quest 2, about half a dozen raspberry Pis (2b to 4), Arduino Uno, Arduino Mega, Arduino nano (x3), Arduino nano pro, Atomic Pi. 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
14 minutes ago, BrinkGG said:

Yes. I have tried US west, US east, toronto, Swiss, and Norway, and general dns is set to that as well as DHCP dns

Can you connect to PIA on a different device while behind pfsense, if not what about in front of it?

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×