PIA issues with pfsense

Hi Guys

I hope you are all well and staying safe.

I have an odd issue with my pfsense setup with PIA vpn, what my goal is is too route all traffic via my isp apart from one ip that routes via PIA. However when i enable pia all traffic get routed via PIA here are my settings below and i hope someone a bit smarter than me can see where i have went wrong:

Even when i force all lan addresses via the WAN_DHCP i lose all internet traffic on all devices and server.

If anyone can point me in the right direction on only passing one IP address at this time via PIA it would be a big help.

All other images are below

Regards
Eoghan

I think you might have to look at split tunneling.

However, setting up vLANs would be much easier to be sure of where traffic is going.

1 Like

How would I go about doing that?

I think if you get your current set up to work, you will get a DNS leak so your real IP addressed will be exposed. Perhaps I’m wrong.

Create another subnet for all your VPN traffic that way, if set up correctly, you avoid your IP addressed being exposed. There might be another way of achieving your goal but you really need to be certain there are no leaks.

Spend the money and buy a switch it will make your life much easier.

Can you recommend a good but cheap switch I have an 8 port unmanaged switch however the IP I need passed through a vpn is directly connected to a port on my network card that’s on my pfsense box.

If you use vlans, you can simply create an ISPvLan on one subnet then create another VPNvLan on another subnet. Connect your PfSense box to your switch and connect any devices to only the switch. Configure one port on the switch to use VPNvLan then it’s certain that it will route traffic to your VPN provider.

If budget is an issue find something on eBay. Personally I have
NETGEAR GS748Tv5 48 Port
Netgear ProSAFE Plus 16 Port Switch GS116Ev2
NETGEAR GS110TP 8 Port PoE

They all work fine, though I’d suggest reading the manuals for anything you want, making sure it does what you want. Look for the last firmware update, if it was 5 years ago perhaps find something else. I’ve bought DLink switches with insane fans, they went straight back to Amazon.

As you build out your network you might later find you need things like SNMP, port mirroring and other features you haven’t thought of right now but tend not to be on the cheapest switches.

Thanks I’ll order one of those and also research and watch LTS videos etc.