Enctrypting all WAN TRAFFIC



  • Hello everyone.

    I would like to let everyone know that this is my first post and I am very new to this community. I have done some research and Google digging to see if I can find an answer to my question but I am afraid I am at a loss :-[ I was wondering if it is possible to run all my internet traffic over a service like BTGUARD. I believe it is a VPN service and in a sense it would make pfsense a client instead of a server. Would this be called a VPN bridge? I have become somewhat paranoid about my privacy online and I wish to protect myself better online. It would be nice to have all my internet encrypted and routed so my ISP keeps their nose out of my internet traffic.  If anyone could help out or point me in the right direction I would kindly appreciate the time. Thank you all.

    Running PFSENSE 1.2.3 (for stability)
    SNORT on WAN



  • If you aren't doing site to site VPN and just want to protect your WAN traffic from being snooped then look into http://www.strongvpn.com/

    Here is the link on how to set it up for PfSense V2.0.

    http://forum.pfsense.org/index.php/topic,29944.0.html

    Darkk



  • Thank you for your reply. I will look into it. So I guess I have to upgrade to 2.0 in order to set this up? Also will this service be able to support large bandwidth usages, like netflix and some p2p like bt? And will dyndns record the vpn ip or my isp ip?



  • http://www.strongvpn.com/packages_usa.shtml

    strong-vpn offers unlimited bandwidth. one month i pushed/pulled almost 700 gigabytes through them.

    the dynamic DNS client in pfSense 2.0 at least allows you to select what interface to monitor.



  • Oh wow. That's awesome. Thanks for all your replies.  :D


  • Netgate Administrator

    Of course with a service like that you have to trust the operators of the vpn gateway. They could equally be sniffing all your traffic.

    Steve



  • Yea I guess so. Still I find it more comforting than trusting my ISP. The fact thet at&t among other ISPs are in bed with mpaa and riaa just makes me sick. What's next? This at least puts one more barrier between me and them. Its not that I illegally download lots of contentent, its the fact that my privacy is being trampled on. I only have one isp but I have vpn alternatives. Sometimes you just have to trust for a while to see where it takes you.



  • I tried StrongVPN but was unable to push more than 10Mbit/s.  With VyprVPN I can max out my 35/35.



  • I've heard of VyprVPN. I didn't think Pfsense would work with it.  :o Do you have a how-to on it as well?



  • @ukr_888:

    I've heard of VyprVPN. I didn't think Pfsense would work with it.  :o Do you have a how-to on it as well?

    Requires 2.0.

    http://forum.pfsense.org/index.php/topic,35292.0.html



  • Great! Thanks. I will post my finding and let everyone know how it went.



  • So installed pfsense on another machined and followed the first tutorial by ericab and it worked perfectly. So far I noticed a slight difference speed drop but nothing major. I am ok with losing .3 megabits. Thanks guys for your help.


  • Netgate Administrator

    @ukr_888:

    I am ok with losing .3 megabits.

    Out of what? What bandwidth are you getting?

    Steve



  • I am on a 6.0 / 0.5 DSL package from at&t. (fastest I can get in my area) average speed straight to throught ISP without the VPN encryption I would be 5.8 to 5.5 megabits testing to boston. My DSL hub is across the street from me  ;D With vpn I only drop to 5.2 - 5.1 or so average. The CPU on my pfsense is running rather well. Usenet w/ 20 SSL connections saturating the WAN i get about 5.2 megabits  stable with about 30% cpu usage and thats a 350 MHz PII we talking here.



  • @ukr_888:

    I am on a 6.0 / 0.5 DSL package from at&t. (fastest I can get in my area) average speed straight to throught ISP without the VPN encryption I would be 5.8 to 5.5 megabits testing to boston. My DSL hub is across the street from me  ;D With vpn I only drop to 5.2 - 5.1 or so average. The CPU on my pfsense is running rather well. Usenet w/ 20 SSL connections saturating the WAN i get about 5.2 megabits  stable with about 30% cpu usage and thats a 350 MHz PII we talking here.

    The drop is probably due to the latency of the extra hops to send all traffic through the VPN provider.  I lucked out in that sending traffic through Vypr only adds 6-8ms to my pings.



  • @jasonlitka:

    The drop is probably due to the latency of the extra hops to send all traffic through the VPN provider.  I lucked out in that sending traffic through Vypr only adds 6-8ms to my pings.

    I will build another pfsense box and try the vypr as well. Giagnews and vypr isnt a bad deal at all.


Locked