Different PIA locations using PFsense


I’ve just watched/followed Toms video on PIA on PFsense and all is working well in setting up the VPN user … still need to look further into the NAT and Firewall rules to get it completely up and running though … but already halfway there I guess :slight_smile:

But I have a related question : Is it possible to have users (devices in the house) connect/switch to different VPN locations in an easy way ?

Let me explain why :

Ths missus is Japanese and she wants to connect to a Tokyo VPN in order to see Japanese streaming TV on het iPad (region restrictions, you know)

But sometimes she/we also would want to look BBC iPlayer (still need to set it up, anyone have experience with this ?), and then she’d need to connect to a UK VPN in order to see BBC content …

So we need an easy way to switch between these server locations on a device …
I made 2 VPN clients in PFsense with the different server locations.
But is there now an easy way to switch between those VPN locations ?

Any help very much appreciated !


I have not done a video about this yet, but what you are looking for is outbound policy routing,

What you would have to do is create a firewall rule that matches the traffic you want coming from each VPN and create a rule and choose the outbound gateway for that rule.

1 Like

looking forward to your video on this … meanwhile I will RTFM on the netgate site …
I’ll also look at the Mark Furneau video on NAT and rules, maybe I’ll learn more there also …

there is 1 thing that I don’t understand in your PIA video :
after setting up the connection to PIA you create an outbound rule (first set “manual generation” and then copying and editing the WAN rule) for sending traffic to it, because without it isn’t routing any traffic outside anymore …

… but in my setup, and when I follow your tutorial, after creating the PIA connection (and before creating a specific outbound rule for it), it still routes to WAN … yours stopped routing, but mine still does … am I doing something wrong ?

… and then, when I copy and edit the specific outbound rule for PIA it still routes traffic to the WAN over the ISP connection (and not over the PIA) …

actually quite logical if I think about it, because there is nowhere you (and I) disable the normal (ISP without PIA) outbound rule, so doesn’t it make sense that it still sends traffic out via this (old) rule ?

… so I wonder what part I didn’t understand … looked at the video many times but can’t figure it out, I even noticed that someone is asking the same question in the youtube comments, but no answer …

so apparently I’m not the only one that didn’t understand it …

I think there has been some changes in pfsense since I made that video so I will be doing an updated one in the next week or so time permitting.

I wonder how much speed do you get with PIA VPN vs without?

They have the speeds listed by location on their site https://www.privateinternetaccess.com/pages/network/

I was thinking of real users’ feedback.
Last time I’ve tried configuring vpn on rougher level, I lost about 80% of my 1Gb network

Tom, I had the same issue as Pascal with PIA and Pfsense so looking forward to the updated video with Pfsense 2.4.4 r1. Please include some selective routing so I can steer the Rokus thru the WAN port so Netflix can work but the computers thru the VPN.

Thanks for the great work…love the YouTube channel!