Hi There,
followed the guide and got my pfsense router working great with PIA and also got selective routing working so that my main gaming machine isnt routed to the VPN. Couldnt be happier and the youtube videos worked great.
I have one small question. So i added 2 VPN client pointing to 2 different locations. I then created copies of my NAT outbound rules pointing to OpenVPN. I then confirmed that i was getting routed correctly to my VPN so everything is working fine. But how do i know which Client my router is using? Does it just use the first online one in the list going from top to bottom?
As the rules work from top to bottom I would guess that the first rule that is fulfilled is the route it takes.
However, I I don’t trust my networking skills to do what you’ve done, DNS leaks, if the VPN servers go down, does traffic go out via the ISP etc. hence I prefer that a vlan for the VPN is running with a kill switch. If the VPN servers go down then no traffic leaves the WAN.
If you setup your VPN gateways in a gateway group you can apply fixed criteria which then directs traffic. I’ve set mine up such that if a VPN server is down or slow it will take the fastest available.
Admittedly, in the past I did think of setting up multiple country VPNs but could not work out an easy non-manual way of routing traffic. Everything I could think of meant going back to pfsense and enabling / disabling VPN servers.
Yeah i have juste enabled my OpenVPN with a kill switch. Again i followed the Laurence systems youtube videos. I had to play around with it a little bit tho. Everything was beeing routed to my VPN. I want it to set it so that all ip’s in my alias would go to my VPN, everything else would go to WAN. So my top rule routes ip’s in my alias to my VPN and is tagged for my kill switch. Second rule below it just routes ANY ip to WAN. So if the VPN rule/kill switch doesnt have a given ip in its alias, it goes straight to WAN.
They way its explain in the video is everythign goes to the VPN, but only those in the alias are affected by the kill switch. The way i set it is everything goes to WAN, exept for those in my alias. Whom they go to VPN and are still protected by the killswitch.
One thing i would like to know. How are you able to set it so it connects to the fastest VPN?
In pfsense you can set both VPN gateways to the same priority value and also set it to periodically run tests on which one is most optimal to use. So your network will offload bandwidth to both equally, but still try to use the quickest gateway with the highest bandwidth.
In a terminal run the command
ping -c 3 IP-address-of-VPN-server
add those servers to pfsense which come back with the fastest response times.
Then add your VPN interfaces to a gateway group, set it to Tier 1, with the trigger level at Packet loss or High latancy. Then in your rules ensure you have selected the Gateway Group as your gateway.