You can run a VPN client on your router. You can elect to send traffic of a certain type of to a certain destination IP addresses or IP ranges.
It is possible to exclude devices (e.g. TVs, IoT, etc) from the VPN by IP address on your LAN. Don't give away your identity with IoT devices "phoning home" through the VPN.
You can also force all DNS traffic through the VPN to prevent leakage.
Here are some VPN affiliate links if you wish to sign up for a VPN account from one of the demonstration VPN providers in the video.
What is pfSense? This is the second video in the pfSense series. First one is here, and explains pfSense setup & config.
Good work on this video. I'm using an Ubiquiti router, so it's little different for me but the techniques for VPN setup will be useful to me.
However, my main reason for replying is, while researching VyprVPN and PIA, I came across some controversy aimed at GigaNews, parent company of VyprVPN: https://cryptome.org/2014/09/giganews-fbi.htm
With using a VPN provider (any service provider, really), one takes a risk. So, have you heard about this controversy before? Are there VPN providers to avoid? Could one setup their own VPN service using a VPS and installing OpenVPN?
tl;dr I heard some BS about Giganews. What are your thoughts, Wendell?
I'm with COGlory on this one regarding the music. I don't know about nixing it completely, but I do feel that the level is pretty high on this so it did distract me from the main content of the vid. Great channel you guys know your .... !
Its quite easy with something like https://github.com/jlund/streisand it will literally take you 10 minutes. If you choose AWS's free tier you can use it for a whole year for free.
Also, if you configure the DNS server in pfsense to only use the VPN interface for DNS queries, then you'll probably need to set a domain override for the VPN server's domain. So if you're using PIA then create a domain override for privateinternetaccess.com (or whatever the domain used by the server is) and set the address of the authoritative DNS server to google or opendns or whatever, some external DNS server. This way the initial lookup to get the IP address for the VPN server will go to that external DNS server, then once the VPN is established all other DNS requests will go over the VPN.
As someone who gets paid to manage a firewall for a living... I love the intuitiveness and speed of PFSense. It takes about 3-5 minutes to push policy on my current firewall at work (it does have over ~100 rules and a huge database of stuff though), pfsense is pretty great. A shame I couldn't get it approved to migrate our system to.
The only issue i've had with this kind of setup is after about a month of uptime, the vpn needs to get reset as the speeds get extremely slow. Looking into a way to automate re-connection to different vpn servers.
PIA, I've had issues like this on others. My friend tells me I should just rent a vps and tunnel to that. PIA is probably more secure and faster for when I'm traveling.I'm playing around with trying to write script so it "hops" between different servers such as every week it comes out at a different part of the country but I'm kinda waiting for my new hardware to show up so i can experiment without shutting my internet off.
I just fix mine with reboots. Probably would be beneficial to setup a reboot schedule now that I think about it... but I do like your solution. If you come up with anything let me know.
Thats how I "fix" mine to right now Shuts off at around 4am every two weeks. I've found some scripts online that change other parts of PIA and pfsense vpn routing. looks like you just need to copy it on the box and set a cron job. But that assumes working code. Its all curl which im a little rusty (never needed it before).
I've also been able to half do this by setting up two different connections and then you can make a rule to switch between them (changing the vpn server ). You can make another rule to reset the client so if you dont mind allot of configuration that is an option. When you said reboot I was thinking of the client cause that is how I do it or are you actually shutting the whole thing off? I'm just trying to automate which server its connected so I can get ultimate anonymity.
Install cron xIDx is the instence you want to reset set the job up how often you want it to reset though the interface put this command in run as root. /usr/local/sbin/pfSsh.php playback svc restart openvpn client xIDx
There is an option in the interface settings to schedule a reset of the interface. I have used this to get a new ip on a regular basis on the wan interface but I haven't tried it on a vpn interface, I'm not sure if it will also drop and reconnect the VPN connection.
I suppose if you configure your wan to reset periodically that will force the VPN to reconnect too.
