Setting up PIA VPN on pfSense for your whole network and Configuring Selective Routing


1st time poster but a long time reader and avid watched of the YouTube channel, hoping someone can point me in the right direction of where I’ve gone wrong.

I have followed the video " Setting up PIA VPN on pfSense for your whole network and Configuring Selective Routing ", very informative and useful, I run a few vpn clients and decided this would be ideal for my use, but seem to have missed something.

Everything seems to work but for one issue, with the vpn on everything goes through the vpn, I have created a firewall rule to allow only 1 IP and this is at the top of the list, but everything still goes through the vpn including the 1 IP

When I do a IP check, all the devices are shown in the map as the same location, including the traffic that is setup not use the vpn.

My Vpn provider is Private Internet Access, same as the video

Running the current PfSense build 2.5.2

Hopefully someone could shed some light on where I am going wrong, any help would be thanked

Is your default gateway setup correctly under System / Routing / Gateways?

Thanks for the reply

I believe so, I have included a screenshot of my gateway setup for your reference.

Try setting the default gateway from Automatic to WAN_PPOE. When no gateway is selected in the advanced options of a firewall rule, the default gateway is used. All your traffic going through the VPN suggests that the VPN is used as the default gateway, which you don’t want.

Thanks for the replying.

Sadly this did not change anything, I have attached some more screenshots for your reference, in case they are of help to anyone.

In the 2nd screenshot, the machine ip ending in 115 is the test PC which should be the only one using the vpn, but, everyone seems to be using the internet via the VPN.

In your middle rule, the one with the advanced settings that direct traffic to the VPN gateway, add a destination. The destination should be your private networks, and it should be an INVERSE match for that destination. That way, if your traffic is destined for your local networks, it will skip the rule and go to the Default allow LAN to any rule. The reason for this is that when you set a non-default gateway in advanced settings, all traffic is directed to that gateway, even your local network traffic. This behavior is different from when the gateway is kept at default. In the latter case, local traffic is permitted and non-local traffic is directed to the default gateway.