PIA / pfSense gateway not working

I have 2 VLANS and 2 VPN gateways using Open VPN (PIA).

A simple rule detects if it is internet bound IP then routes it over the VPN.
This same rule is on each VLAN to allow internet access.
There are no rules on the WAN / VPN interface.

Both VLANs use the same VPN gateway and work fine.
If I then swap them to the second VPN gateway, Internet on one VLAN stops working but the other continues.

All the rules remain the same, all I am doing is swapping the gateway on the rule.

I seem to be able to resolve DNS and ping out from the VLAN but cant browse the internet. It’s as if HTTP traffic is having trouble getting out or coming back for this VPN connection when on this particular VLAN.

I’ve looked at gateways, interfaces, etc and see no obvious issue, but I feel I must be missing something obvious.

Any pointers or questions that might help identify the issue?

My guess would be that you might need to restart OpenVPN client when you swap the gateways.
There might be something that needs to be reset.

You could also try to put the clients into a gateway group, to see if it works.

Personally I use a gateway group, so I always get the optimal connection.

I have even tried restarting then entire pfsense box thinking something was cached or “stuck”. Are there any states saved beyond restarts that might be relevant and be can manually flush?

I haven’t played with gateway groups. I’ll add it to the “todo” list, but it feels I’m a stones throw away from this working.

I did wonder if I had stumbled on a bug. I copied the VPN client to create another just with a different exit server. I also copied the VPN rules. I wondered if some sort of internal reference might be the issue, but wouldn’t know where to look.

I think it is more likely something stupid I have overlooked or forgotten.

No I meant if you go to Status > OpenVPN you can restart just the OpenVPN client connection, not pfSense.

yeah, I’ve done that and a complete restart.
Had a quick look at Groups. It’s not what I’m after. I’m just trying to exit my traffic on different VPN exit servers. I was testing the new VPN client by switching over the known existing and working rules because I’ve been scratching my head.

On my windows machine with Edge it is saying timeout. I wonder if it is a state issue.


this works …

I KNEW IT ! It was human error.

Okay. I don’t know how I bumped in to this but I needed out outbound NAT rule.

FFS. I’ve lost hours of my life to this.

I feel there should be some sort of idiot detector / warning for this.