Best OpenVPN Service Provider to work with PFSense



  • Hi All,

    A question I am unable to answer, with too many reviews and different plans, but searching on all those keywords doesn't guarantee any valid results.

    The question is :

    What is the most reliable, fastest, secure and Anonymous VPN Provider on the planet to work with PFSense without any issues? (Using OpenVPN)

    This doesn't mean the cheapest, could be more expensive, but providing a reliable, fast, and professional service. Most reviews consider speed, number of servers, countries ..etc as part of the evaluation criteria.

    I currently have a new subscription with VyprVPN, just started 3 days ago, and from 3 different computers, PFSense, Mac, and Ubuntu, I failed to connect to their servers in LA. Support is still working on the issue, but I am not sure if I am going anywhere.

    With PfSense, it does connect successfully, but then disconnects seconds after the connection.

    So I find it hard to search for the best running with PfSense.

    Regards,

    Dan



  • Have a look on this site: There you can find a great overview and comparison of different providers. Hope it helps!



  • I have a working solution with VYPRvpn and pfsense.
    Can you post your config so i can assist you?



  • Privateinternetaccess works ok here. Almost no speed loss, and some drops during the day that are, for some reason I still don't know, being caused by Snort (if I delete all blocked IP's in Snort the VPN is up again immediately. Still haven't found out why Snort is blocking it).



  • @dan2010:

    What is the most reliable, fastest, secure and Anonymous VPN Provider on the planet to work with PFSense without any issues? (Using OpenVPN)

    The only true anonymous vpn I know is Cryptostorm if you buy access from a 3rd party.  Their network access is unique so check them out.  https://cryptostorm.is/
    They're still in a sort of beta mode, support can be a bit spotty at times.  There have been a few bugs but I've been happy overall.

    I've also used Liquidvpn. www.liquidvpn.com  Support has been great and they have some unique features.

    Either works very reliably with pfSense for me.



  • @ORde:

    @dan2010:

    What is the most reliable, fastest, secure and Anonymous VPN Provider on the planet to work with PFSense without any issues? (Using OpenVPN)

    The only true anonymous vpn I know is Cryptostorm if you buy access from a 3rd party.  Their network access is unique so check them out.  https://cryptostorm.is/
    They're still in a sort of beta mode, support can be a bit spotty at times.  There have been a few bugs but I've been happy overall.

    I've also used Liquidvpn. www.liquidvpn.com  Support has been great and they have some unique features.

    Either works very reliably with pfSense for me.

    I've been looking into cryptostorm, but I fail to see what they do better than the rest (and they are not really doing their best to explain where they differ, either, as in: marketing. You will have to search into the hundreds/thousands of threads in the forum to see what they do. For which you've got to have time… :-[ ).

    Sofar all I know is: they have 'anonymous' 'tokens', but:

    • Tokens are simply OpenVPN-certificates going by another name, and which you will have to copy and paste into a text file somewhere in /etc/ (if I understand it correctly, please do correct me if I am wrong - I mean no offense).
    • The 'anonymous' certificates (tokens) are 'anonymous' only because you can buy them with 'bitcoins' (I have some perspectives on that from an economist's point of view  8) ) or with conventional payment methods (credit card, paypal, etc) and/or from 'resellers'. These 'resellers' (currently not much, I believe only one) then would 'break the chain of information', as the cryptostorm would not know to whom the 'reseller' sold a 'token' to. At the same time, there is no way of knowing what the connection between the 'reseller' and the cryptostorm itself is.

    And in the end: they can still see all you do. They say they don't log, but I can write that on my website too. They say they will stop business once LEA walks in with guns and legal orders, but I can write that on my website too. That doesn't make it true. In both cases: you have no way of knowing if they do what they say. So what are you going to do? Sue an anonymous club (they state they want to remain anonymous)?

    I was trying to find out how they use better encryption and stuff, but I couldn't find that (like said, I don't have the time to waste weeks on reading the zillion forum threads. I'm just a stupid economist: if you want to sell, you will have to do a little marketing. As in: product benefits - as compared to the competitors).

    LiquidVPN has a beautiful website, btw  :P



  • @Hollander:

    Privateinternetaccess works ok here. Almost no speed loss, and some drops during the day that are, for some reason I still don't know, being caused by Snort (if I delete all blocked IP's in Snort the VPN is up again immediately. Still haven't found out why Snort is blocking it).

    Huh? In the Alerts (of the correct interface) you can see which rule trigged the alert and disable these rules. Would be interesting to know which rules fire… I had problems with P2P rules and VPN...





  • @Hollander:

    I've been looking into cryptostorm, but I fail to see what they do better than the rest (and they are not really doing their best to explain where they differ, either, as in: marketing. You will have to search into the hundreds/thousands of threads in the forum to see what they do. For which you've got to have time… :-[ ).

    Sofar all I know is: they have 'anonymous' 'tokens', but:

    • Tokens are simply OpenVPN-certificates going by another name, and which you will have to copy and paste into a text file somewhere in /etc/ (if I understand it correctly, please do correct me if I am wrong - I mean no offense).
    • The 'anonymous' certificates (tokens) are 'anonymous' only because you can buy them with 'bitcoins' (I have some perspectives on that from an economist's point of view  8) ) or with conventional payment methods (credit card, paypal, etc) and/or from 'resellers'. These 'resellers' (currently not much, I believe only one) then would 'break the chain of information', as the cryptostorm would not know to whom the 'reseller' sold a 'token' to. At the same time, there is no way of knowing what the connection between the 'reseller' and the cryptostorm itself is.

    And in the end: they can still see all you do. They say they don't log, but I can write that on my website too. They say they will stop business once LEA walks in with guns and legal orders, but I can write that on my website too. That doesn't make it true. In both cases: you have no way of knowing if they do what they say. So what are you going to do? Sue an anonymous club (they state they want to remain anonymous)?

    I was trying to find out how they use better encryption and stuff, but I couldn't find that (like said, I don't have the time to waste weeks on reading the zillion forum threads. I'm just a stupid economist: if you want to sell, you will have to do a little marketing. As in: product benefits - as compared to the competitors).
    [/quote]

    I'm not an expert on pfSense or vpns, and don't want to turn this into a "rate my vpn" thread but wanted to respond as best I can.  I'm not affiliated with Cryptostorm (or Liquidvpn) in any way, just a satisfied customer for a few months.

    *The goal of their service is to eliminate the connection between an ip and personal identity.  The token model is key to this point since they don't need a customer/client list, only a list of active tokens.  Reseller's are a nice option but not necessary to preserve this.  By the way they make clear that if you lose your token you're out of luck, they have no way to retrieve it for you because tokens aren't linked to people.  There's no way to prove to them that you had a token or more specifically what token you had.
    *Reseller options are limited, but I'm not aware of any other vpn that has the option at all.  Granted I haven't researched them all.
    *They've modified the OpenVPN code so they can't log.  I'm not a programmer but have been told by multiple sources that's what this does.
    https://cryptostorm.org/noip.diff
    The only user ip they see is the internal 10.x.x.x that they assign.  So they can perhaps see what 10.x.x.x is doing, but they can't tie that to a specific person.  (Yes, we have to believe they're actually using that code  ;D )  Almost all vpns say they don't log, which is different from saying they can't.
    *They shut their previous vpn (Cryptocloud) down when they decided it wasn't secure enough.  They've already stopped business once.
    *Here are their ciphers.
    auth SHA512
    cipher AES-256-CBC
    tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
    The key renews every 20 minutes.  Even with this heavy encryption I rarely see a speed hit > 5%.  That, along with the token model is what they do better.  8)
    *Marketing is admittedly subpar but that doesn't mean the product is.  As I said they're still in a sort of beta mode.

    I'm not sure if the comment about the credentials in /etc is a criticism or observation.  Is there another way to do it?  They have to be placed somewhere so they're available for the tls key recycle.  I've used other folders besides /etc.  If someone's accessed your box and got your log in creds you have bigger problems than vpn security.

    To be clear I don't believe they would say that if you're attracting the attention of law enforcement that using their network will keep you out of trouble.  I'm just trying to protect a little privacy on the net and I found their model convincing.  If you don't (and you're satisfied with Blowfish encryption ;) ) there's a broad market of vpn services.



  • @Wolf666:

    AirVPN, here also an excellent guide https://airvpn.org/topic/11245-how-to-set-up-pfsense-21-for-airvpn/

    I use AirVPN and get 80-90 percent of my ISP's bandwidth after VPN is running.



  • I'm really late here but i can tell you expressvpn would be great tool for you solution :) its mos tsecure vpn service provider list on mostsecurevpn.com


Log in to reply