Streaming through the VPN



  • Not sure about this need some clarification. I have created a remote access VPN server. Now say I want to stream a movie on roku for instance or some other streaming device on my local network. If I configure the app on that device and connect it to the VPN would the traffic be hidden between Point A (Internet) to Point B (streaming device)?


  • Banned

    yes that's correct, assuming you can configure the device to use the VPN. Encryption takes processing power, something has to encrypt that traffic. On your home network, the computer you have pfsense configured to use VPN on will do all of that work for your connected and configured devices.

    If you take those devices off of your network, they then have to be individually configured to use VPN and they must encrypt their own traffic.
    Your smart phone almost certainly has the processing power to do this, but you will notice an impact to battery life.

    Roku, as far as I know cannot be configured to use a VPN on its own. Even if it could the CPU probably wouldn't be able to handle it.



  • Thanks. So if for example if I'm streaming or downloading a link from example.com then my ISP and folks on the net are oblivious as to what is happening? Right? BTW I don't have any Roku's they are junk in my experience. But I do use other Android devices which can be configured. I believe FireTv's can do this via the OpenVPN app. Correct me if I'm wrong.


  • Banned

    You got it, depending on your configuration they can probably see that you went to example.com via your DNS request.
    But all they will see is your IP transferring jumbled data to your VPN providers IP. They'll be able to tell how long you are connected, what time your were connected,  how much data is transferred, who your VPN provider is,
    And that your data is being encrypted, but they won't know what you are encrypting.

    The NSA will know everything 😊.



  • Ok I have installed OpenVPN on a fire tv. Connected to my VPN server (pfsense) on my local network. Pfsense shows the virtual IP for the connection. Not using a service like IPvanish just pfsense VPN. Streaming video via Kodi. Am I secure or am I at risk? FYI I am on my Local network connected to the VPN streaming via Kodi.


  • Banned

    If you are just using pfSense as a VPN server, then your connection between your VPN client (fireTV) and you pfsense box is secure (assuming that you configured your VPN server with a worthwhile encryption such as AES-128 or something, there is an option for no encryption.).

    If you are trying to hide what you are doing from the rest of the world, then you also need to configure your pfSense as a VPN client. If you don't then everything will be encrypted from your fireTV to your pfSense router, but the instant your connection goes out to the internet then it is in no way encrypted. Your ISP will see exactly what you are doing.

    Private Internet Access is a popular VPN provider if you are trying to encrypt all of your activity over the internet. It's about $4/mo and lets you run up to 5 clients. By default they encrypt at 128 bit, but you can configure for 256 bit. There is a lot of support in the pfSense forum to help you configure your router as a VPN client through Private Internet Access.



  • Ok. Thank you very much for your help. You have cleared up what I was thinking. Which was exactly I'm secure locally but not on the WAN.


  • Banned

    No worries, glad I could help!

    If I understand what you are doing it is worse than useless, you are actually wasting CPU cycles in order to encrypt traffic coming from your own LAN, then unencrypt it right back into your own LAN. You would be more secure and use less CPU/power to not use the VPN server in this way at all.

    VPN's have three general functions.

    1.) Securely connect to a network remotely
        i.e., You work away from home a lot, but need access to your home network while you are away. By configuring a VPN server on pfSense, then exporting the certificates to your laptop or cell phone, you can securely connect to your home network from the other side of the planet on Starbucks wifi. Everything you do from your laptop on Starbucks wifi on the other side of the world, to your home network is encrypted. If that traffic were to leave your home network, i.e., browsing the internet over this VPN, then it would be unencrypted). This is what you are describing in your current setup.

    2.) Hide what you are doing on the internet.
        i.e., You do things on the internet that illegal wherever you are, or maybe what you do is legal but results in your ISP throttling your connection, or maybe you are just a private person. In any case, you don't want anyone (your ISP) to know what you are doing on the internet. In this case you would configure pfSense as a client where a VPN service provider such as PIA is the server. This works because all (or some depending on how you set it up) of your traffic leaving your network is encrypted, your traffic then goes to a physical location where the VPN service providers servers are located, at this point your traffic is decrypted and sent out to the world unencrypted.
    You anonymity is based on two things.

    1. There are a crap ton of people using the same IP address, everyone that is using that VPN providers server is using the same IP address, and once it goes out to the rest of the world there is no way to tell where that traffic originated from beyond the VPN provider. So now when you download a torrent your IP shows up as the VPN providers IP, that thousands of other people are also using, instead of your own IP assigned by your ISP who only you use.

    2. Your VPN providers policy on keeping logs (or not) and whether they do or do not disseminate information to outside agencies. PIA has a good reputation for this, but ultimately no provider is perfect. Is your ISP going to get logs from your VPN provider in order to see what you are doing with all of that bandwidth you use? No. Is the DMCA? No, probably not? Is a federal agency if you are doing something f*cked up enough to get their attention? I hope so.

    3. Bypass area restrictions and/or censorship.
      A lot of services on the internet are restricted to regions of the world, a lot of countries censor, as do a lot of locations offering wifi. You can get around a lot of this with a VPN. This works because most VPN providers maintain servers physically located all around the world. So if you are in Brazil but want to access your BBC account from back home but it's not offered in Brazil, you can log into a UK VPN server and your connection will appear to be coming from within the UK and it will work. If you are using say a wifi connection that is censored, you can ge around that censor by connecting to a VPN because now your connection is encrypted and the censor software has no idea what you are doing. Neither of these things are fool proof as a lot of providers will simply block your VPN providers IP address, not allowing you to use their service at all while connected to a VPN. Netflix is an example of this.