PIA VPNtunnel broken since upgrading to 2.5

dsheehan · February 23, 2021, 12:58pm

Hello folks first time caller

I have having a really strange issue with creating a vpn tunnel between PIA and myself. I have had these tunnels established in the past however they broke overall routing post upgrade.

When I create the tunnel and it establishes, I lose streaming media services as if they are trying to use the tunnel before I establish the tunnle as a gateway and apply firewall rules.

The tunnel establishes just fine, but appears to break some default routing on normal lan traffic.

Any thoughts? I cannot see in the firewall or routing logs where his goes sideways.

Any help would be greatly appreciated,

Dan

neogrid · February 23, 2021, 2:35pm

I don’t use PIA but I know that OpenVPN in the new pfSense release has been upgraded to 2.5 you might want to try switching to a server also running 2.5 and see if that makes a difference.

You can also see if setting you a new client works.

dsheehan · February 23, 2021, 8:04pm

Wow I am feeling really ignorant as I am not sure how to tell what version of OpenVPN I am on. I am on the latest version of PFSense and the screenshot is from the same.

All these tunnels worked just fine in 2.45.

neogrid · February 23, 2021, 8:12pm

No I meant the VPN server hosted by PIA.

It’s probably better to stick with 2.5 on the server and the client, just to rule out versioning.

I use AirVPN and can see the versions of OpenVPN they are running on their servers.

dsheehan · February 23, 2021, 8:24pm

oh ok I will look at that. thank you for the quick responce.

Pete · February 23, 2021, 10:28pm

Hi There,
I recently had a similar problem after upgrading from 2.4.5 to 21.02. After ripping hair out for a few hours and finally re-adding the vpn client configuration I noticed a new option, previously not available in the 2.4.5 configuration - “Don’t Pull Routes”. After enabling this option, everything appears to have returned to normal operation.
YMMV however

dsheehan · February 24, 2021, 2:16pm

Pete,
Thank you the tunnel is up and stable without impact to the primary routes. I still need to configure routes and rules however this is much further ahead than previous attempts. Thank you very much for your help. I need to dig into this topic further to understand what was “enhanced” by default.

I have completed full config and everything is back to normal. thank you again Pete!

neogrid · February 24, 2021, 5:47pm

Actually that’s in 2.4.5, but I suppose on upgrade it has been unchecked. Yeah difficult to spot unless you are comparing side by side.

Pete · February 24, 2021, 10:06pm

Apologies, thanks for confirming - i swear one of the options, either don’t pull, or don’t add was not there previously?
I’m positive however that its state definitely changed between 2.4.5 and 21.02(why?!)

neogrid · February 24, 2021, 10:17pm

That is there too

I’ve actually taken 200 screenshots of my build on 2.4.5, so that when I eventually make the leap to 2.5 I can see what I had before

A while back it took me the best part of 8 hours to replicate my build on a 2nd pfsense box in a remote location. Ideally upgrading would be easier but I see many people having problems, so I think it will need a clean build.

I’m spending time documenting my build, I think few people will do this simply because of the time required, but I think it’s handy to keep notes on the little tweaks done at the very least.