pfSense - Active PIA VPN Connection kills Port forwarding

Hi all,

I would like to start by thanking Tom for his great YouTube content which I know helps so many of us do what we are trying to get working and I personally have learned a lot!

I have been working on a little homely project that has been hitting a snafu though and hoping someone can help.

I have setup port forwarding on my pfSense box for services like Plex and HAproxy to route to a web server, etc. and this works no problem. Insert great video here: Toms Video: How To Create pfsense Let’s Encrypt Wildcard Certificates using HAProxy


I move into my second project,

I want certain users on the network to have their internet requests be routed over a VPN service like PIA or Astrill with a Kill Switch. This was also easy enough to setup Insert great video here: Toms Video: pfsense OpenVPN Policy Routing With Kill Switch Using PIA / Private Internet Access .

However, the issue I have been hitting no mater what VPN provider I use is that when the connection is active port forwarding becomes dead. I have go through logs and the routing tables and haven’t been able to figure it out… Also I have tried with 3 separate installs of pfSense and 2 of those were clean installs with only these 2 configs setup.

I would appreciate any help that anyone can provide and would also like to hear ideas from Tom as well if you have the time.

Thanks in advance to the LTS community

On your port forward rule, have you set the destination to be WAN address rather than WAN net?
I think that’s the option. Else because the VPN is also on the WAN zone, it may cause issues??

That’s just a logical guess… So sorry if its completely wrong!

The problem is that when you tell a system to use a gateway to go out a certain VPN this causes that system to also send replies from port forwards out that same VPN. One solution might be to attach multiple NICs / subnets to that system to each one can have it’s own routing rules.

I should clarify the systems that are receiving the port forwards are not a party to the PIA VPN connection.