Recently I have been trying to improve my online security. I have a box running pfsense that is acting as my router and I have squid + havp running and have learned a good bit on how to work with pfsense.
My question is I have been running Private Internet Access on my desktop but I would really like to get it running on my router to encrypt everything on my network. I have searched for many online guides and forums on the subject and I have gotten the openVPN client running and working on the pfsense box.
HOWEVER, as soon as the openVPN service begins to run I lose all internet access and cannot even get my connection working again without reverting to a backup of my router configuration.
Has anyone set something up similar to this or know of a good comprehensive online tutorial about how to get this working.
Thank you.
I've got this to work.
Once you have the clinet connection working you need to create an interface for the VPN. Go to the interfaces menu > assign then create a new interface select the network port (it will be called ovpns1 or something like that. Then configure the new interface by going to interfaces > opt1 (or whatever it's called) click enable, rename it if you like and leave everything else blank. The ipv4 configuration should be set to none,
At this point you should restart the openvpn client. Once this restarts the new interface should get an IP address and apear as a gateway. If you want to you can edit the gateway configuration to add a monitor IP so you get the gateway status and quality the same as your WAN connection (this may work by default by in my experience it doesn't). To do this go to system > routing and edit the VPN interface gateway (the IPv4 one) and add something for the monitor IP address (I use 8.8.8.8, the google dns server).
Now go to firewall > NAT and go to the outbound tab, change the radio button at the top from auto to manual and click save the apply changes. If you're already using manual then select auto, delete all the rules then switch back to manual and it should make new rules for the VPN gateway. Once you've done that you might have to restart the VPN client again.
Now all your traffic should be going through the VPN, you can also make firewall rules to force traffic from specific IPs to either the WAN or VPN gateway. to do this create a new rule for the LAN interface, make it an allow rule, choose the IP of the source computer and select any for the destination, then in the advanced section choose the gateway you want to use.
Let me know if you need any more help with it