Pfsesne + openvpn (running my own vpn)



  • I am new to pfsense. Be gentle :)

    I have played around with clarkconnect and similar distros years ago but never put anything into "real world use"

    Our household internet usage is quite large, and with the metadata laws passing here I want to secure/encrypt the connection.

    I have a N54L + 16th ecc ram with 3 nics - 2 Intel and 1 on board ( would use the on board for bridged modem )

    I want to use pfsense and openvpn to secure the whole connection, bandwidth control wireless clients (kids) etc etc

    I want pfsense to control my home connection (adsl2+ via bridged modem) as well as other pfsense duties.

    My cat5e home network consists of 7+ wired pc's, 1 wired htpc, 2 wired Freenas servers - one with jails running sab, sick rage, own cloud etc…around 10 wifi tablets/phones and a wired media player, All devices have STATIC IP's

    Is it possible to run my own VPN server to encrypt all traffic - I don't want to have to setup each PC with clients to connect to the VPN - I want it controlled at the N54L.

    For PC gaming what would I need to do to allow them to bypass openVPN if it affects ping/playability, but everything else on the PC to go through openVPN ?

    Below is what my network would look like.

    modem/router in bridge mode (ISP give dynamic ip's)

    |

    N54L ( pfsense + openvpn)

    |

    switch

    --- 7 wired pc's

    -- switch to mancave
          |--- PC
          |--- router (router mode to extend wireless)
    |--- switch

    -- HTPC
            |--- Freenas 1 (Jails)
            |--- Freenas 2 (Backup)
            |--- 360
            | -- router (router mode to extend wireless)

    thanks in advance



  • @SLIMaxPower:

    Our household internet usage is quite large, and with the metadata laws passing here I want to secure/encrypt the connection.

    In what way?

    If you mean encrypt all outgoing traffic you need to buy a anonymizer service from someone that provides it. Remember that those services only replaces your ip address with theirs. If correctly implemented that will give you some anonymity. Out of the VPN site the traffic will be exactly the same as it would normally be leaving your site. Depending on specific protocol used that traffic may be unencrypted.

    Is it possible to run my own VPN server…

    Yes it is.

    Saying you want to run a VPN server however implies that you want to encrypt incoming connections from clients on the internet. Is that what you want?



  • So it looks like afterall I will have to pay for a VPN.

    Let's say I want AU traffic to go through an AU server, and the remaining go through an International server (same VPN provider) and gaming to bypass VPN altogether how to I accomplish this ?



  • @SLIMaxPower:

    So it looks like afterall I will have to pay for a VPN.

    Most likely yes. I'm aware of no such service being free.

    Let's say I want AU traffic to go through an AU server, and the remaining go through an International server (same VPN provider) and gaming to bypass VPN altogether how to I accomplish this ?

    By very careful configuration. ;)

    Your requirements aren't exactly simple and straightforward so I'm not sure someone is willing to give you a complete tutorial on everything. It's usually much easier to get assistance when you present a specific problem you run into when trying to configure something yourself.

    What I would do if it was me:
    1. Search the forum for threads about these kinds of configurations. I have noticed several lately so they shouldn't be to hard to find.
    2. Research the market for possible anonymizing VPN-providers. Check the suppliers recommendations on client-side configuration, maybe some of them even have specific examples for pfSense?
    3. Try to configure it myself or hire someone to do it for me.
    4. Return here with more specific questions if something is still unclear when the above homework was done.


Log in to reply