Issue with OpenVPN and PIA


#1

Hello Everyone, I am a bit of a Linux N00B, and need a bit of help.
I have a VM that is running Ubuntu 16.04 Server for Sonarr and SABNZB which I have connected to PIA Locally using their guide on how to connect to PIA using CLI. When I’m home on my network, I can access everything great. (My Local LAN is 192.168.150.0/16)
I often travel for work so I use OVPN thru my PfSense box, which assigns IP address in the 10.8.5.0/16 range. I can access everything, except for my Ubuntu VM above when it’s conencted to PIA. If I disconnect it from PIA I can access it fine. (I can also access it if I use TeamViewer into a computer locally)
I can access all other PC’s/Servers over my OVPN without an issue, I’m almost certain this is an IPtables issue, since it’s probably not allowing the 10.8.5.0/24 address. (I do have a rule in Pfsense that allows this subnet to talk to the 192.168.150.0 subnet)

Hopefully that made sense, But I guess in short, Can’t Access Ubuntu Server that’s connected to PIA over OVPN.

Any Help Would Be Appericiated

@Tom Love the content brother, keep it up.


#2

I think you’re on the right track, but I’m not quite sure how to fix it. I think that the PIA client has settings for allowing communication with the local network. I’m guessing that is where the problem is.

They way I do it is to have a subnet that goes out through the PIA connection in pfsnese. That way the firewall rules are the only thing I have to worry about and not PIA client issues. The other advantage is that the entire subnet only counts as one of your PIA connections rather than each client. Hope that makes sense.


#3

Makes Complete Sense,
I’m not using the PIA client unfortunately since the server is CLI only.
And I was going to set it up the subnet way, but I ran into issues, and this is the only computer that’s critical go thru a VPN for my use cases.


#4

I was banging my head against the wall for a while getting everything going the subnet way as well. I wish I could remember what I had to do to get it working.


#5

I feel ya there, I’ve came very close to setting up a “helpdesk” type notation system for my home setup so I can remember what the hell I do, and how I have things set up.
I’ll be working on a project, leave for a week or two for work, get back, won’t even remember what IP I set the VM to lol.


#6

Not sure what problem you were having with the PIA subnet, but I found the thread about my issues. Maybe it’ll help you.


#7

Maybe you can try add an outbound nat rule on pfsense like this so you ll make it think is a lan connection from pfsense .

Interface : LAN
source network: 10.8.5.0/16
protocol: any
destination network : your ubuntu server ip /32
protocol: any

That is the lazy way :stuck_out_tongue:


#8

I am doing something similar with Deluge on a Ubuntu VM. I followed the guide linked below for a split tunnel VPN.
Force Torrent Traffic through VPN Split Tunnel Debian 8 + Ubuntu 16.04