Thank you, your explanation is really clear. In my case I had to add a rule under firewall --> rules --> openvpn to allow all traffic coming back from the vpn (using it to connect to on-prem resources). Thank you again!
I've never used a VPN, and I don't think I will, BUT if say some poor lost soul asks in the future I'll point them here for sure... Thanks Sam, excellent as always....
Thanks, worked for me with Kaspersky vpn, now my xbox is connecting to other countries IP and the cloud gaming is working. To be honest I don't care about gaming but it's just a challenge and it's worked 😅
This was a great tutorial! I have one additional question though, what if I wanted to make it so that only specific ports on my endpoints were being forwarded to the VPN and the rest of the ports could use the normal WAN?
Thanks mate for the video! I do have a problem, when disable the open vpn my traffic will return to defualt WAN.. any help would be greatly appreciated..
Thanks for making this video. Well done 👍🏼. I like how you setup the wan to block traffic on a set IP that isn’t tagged… If I wanted to apply that rule to every IP on my network what modifications would I have to the firewall rule?
Very helpful! You mentioned using a VM on Linode or Digital Ocean. I'm assuming you mean that either of these companies could be trusted with the history of your internet use as much as a VPN company? I'm hearing more and more that a lot of the VPN companies actually sell their traffic data to third parties, so I agree that we must be careful about trusting the VPN providers too much. Thanks for the video.
Exactly that, if you were to use a VM on any of the mentioned providers, azure, aws, etc. For example, a small debian instance, you would be in full control of your logs, even be able to turn logging off completely; as opposed to taking some companies word for it. Wireguard is easy to set up and great for this purpose 👍
@@sheridans Just to be devil's advocate for a moment, wouldn't AWS, Linode or whomever have a record of your internet traffic even if you turned logging off on your Debian instance? Seems like another kicking the can exercise. I hope I'm wrong or that wireguard may solve this. As you can tell, I have a lot of blind spots when it comes to networking, and so appreciate your answers.
Quite right to ask, you have more control over what is logged on the server (if anything). Most web traffic would be going out over https (thus encrypted), and you can use DoH/DoT for encrypted dns. They'll probably be something somewhere minimal logged for the external IP, but as most sites are behind proxies (such as Cloudflare) or on shared hosting; the privacy would be much more than that of using a vpn provider, which technically can log a lot more. Anything beyond that requirement use tor 😀
@@sheridans I love this idea! Lots of people advocate using Linode or Digital Ocean, but I've not seen anyone suggest using it from the privacy aspect that you describe. This would be a great video. I've always felt more comfortable keeping my computing on-premise, but from a privacy perspective, one would be better off having their email and internet work on one of these VMs. Thanks for the awakening and for the info!
Very nicely done, concise and to the point. Are you going to do one for Wireguard? Plus howto use either openvpn or wireguard server on the actual router allowing users access to their network? I think it would be good for the pfsense playlist. I know there is tailscale etc, but I do like having a server on my router ofr access mainly to my camera's via Frigate. Keep up the pfsense video's though, it's nice to see how other people think.
I am actually planning a Wireguard video. Whilst the last 3 ot 4 may have seemed fairly random, they were the prep work for getting a couple of systems set up for a Wireguard video. I just figured I'd record them whilst doing them 😉
If I understand your tutorial correctly if I have created my own vpn server i can use your tutorial to connect my sonology to pfsense to use my vpn and create my own firewall rules to allow access to it?
This tutorial is for using a vpn such as PIA or nord with pfSense. There's other tutorials for road warrior style setups. The easiest way would be to use a vpn such as openvpn, wireguard, tailscale directly on pfSense and connect to that to access devices behind pfSense
Any idea on why even propperly configured my machine still connecting through my default LAN? I have checked everything like 10 times (spent all day doing this) but my connection still going through my ISP :/
Hi friend, I have a question. Is it possible to carry out this configuration that you propose in the video on a pfsense that is already configured as a server? For example, consider my scenario: I have a pfsense on a network that works as a firewall and it is configured with the openvpn server, it already has users and certificates and accepts external connections so that my employees can access the company's local network from their homes . Is it possible to configure this same pfsense as you explain, without losing the server settings? I did it here and the users disappeared, thank God I had the exported backup xml file.
Thank you, your explanation is really clear. In my case I had to add a rule under firewall --> rules --> openvpn to allow all traffic coming back from the vpn (using it to connect to on-prem resources). Thank you again!
Glad it helped, thanks for the feedback 👍
I've never used a VPN, and I don't think I will, BUT if say some poor lost soul asks in the future I'll point them here for sure...
Thanks Sam, excellent as always....
Trying to get back into a rhythm, sometimes hard work finding the time
@@sheridans You're doing fine, even if you released a video every month, that would be ok.... we appreciate just how busy you can be Sam.
Excellently explained video!
Thank you, appreciate the feedback
Nice and straight forward - easy to follow along (and see where I was going wrong with other guides). Thanks
Glad it was helpful, thank you for taking the time to leave your feedback
Thanks, worked for me with Kaspersky vpn, now my xbox is connecting to other countries IP and the cloud gaming is working. To be honest I don't care about gaming but it's just a challenge and it's worked 😅
Glad you got it working with Kaspersky, thanks for the feedback and update 👍
Excellent video.
Thank you very much!
Looking at this again, but ideally wanting port forwarding on the VPN provider.
You can also add multiple VPN interfaces and use a gateway group so incase one goes down it will still work.
This was a great tutorial! I have one additional question though, what if I wanted to make it so that only specific ports on my endpoints were being forwarded to the VPN and the rest of the ports could use the normal WAN?
You can set up a NAT rule to handle that.
Thanks mate for the video! I do have a problem, when disable the open vpn my traffic will return to defualt WAN.. any help would be greatly appreciated..
Thanks for making this video. Well done 👍🏼. I like how you setup the wan to block traffic on a set IP that isn’t tagged… If I wanted to apply that rule to every IP on my network what modifications would I have to the firewall rule?
Thanks for the kind words, setup up an alias for those you do or do not want and pass. Tags are also an option.
Appreciate the feedback 🙏
@@sheridansdo I have to add every individual IP address one by one or can I set up an Alias that applies to a pool of IP addresses?
@SirKas734 setup an alias which covers the network/24 for example, allow those you want
@@sheridans copy that. Thank you🤘
Very helpful! You mentioned using a VM on Linode or Digital Ocean. I'm assuming you mean that either of these companies could be trusted with the history of your internet use as much as a VPN company? I'm hearing more and more that a lot of the VPN companies actually sell their traffic data to third parties, so I agree that we must be careful about trusting the VPN providers too much. Thanks for the video.
Exactly that, if you were to use a VM on any of the mentioned providers, azure, aws, etc. For example, a small debian instance, you would be in full control of your logs, even be able to turn logging off completely; as opposed to taking some companies word for it.
Wireguard is easy to set up and great for this purpose 👍
@@sheridans Just to be devil's advocate for a moment, wouldn't AWS, Linode or whomever have a record of your internet traffic even if you turned logging off on your Debian instance? Seems like another kicking the can exercise. I hope I'm wrong or that wireguard may solve this. As you can tell, I have a lot of blind spots when it comes to networking, and so appreciate your answers.
Quite right to ask, you have more control over what is logged on the server (if anything). Most web traffic would be going out over https (thus encrypted), and you can use DoH/DoT for encrypted dns.
They'll probably be something somewhere minimal logged for the external IP, but as most sites are behind proxies (such as Cloudflare) or on shared hosting; the privacy would be much more than that of using a vpn provider, which technically can log a lot more.
Anything beyond that requirement use tor 😀
@@sheridans I love this idea! Lots of people advocate using Linode or Digital Ocean, but I've not seen anyone suggest using it from the privacy aspect that you describe. This would be a great video. I've always felt more comfortable keeping my computing on-premise, but from a privacy perspective, one would be better off having their email and internet work on one of these VMs. Thanks for the awakening and for the info!
Enjoyed that chat, thank you for the feedback, and the great points raised 👍
Very nicely done, concise and to the point. Are you going to do one for Wireguard? Plus howto use either openvpn or wireguard server on the actual router allowing users access to their network? I think it would be good for the pfsense playlist. I know there is tailscale etc, but I do like having a server on my router ofr access mainly to my camera's via Frigate.
Keep up the pfsense video's though, it's nice to see how other people think.
I am actually planning a Wireguard video. Whilst the last 3 ot 4 may have seemed fairly random, they were the prep work for getting a couple of systems set up for a Wireguard video. I just figured I'd record them whilst doing them 😉
@@sheridans Dont think WG is available for pfSense anymore - was pulled?
@@vs4147 it's been back in for awhile now.
@@sheridans Nice and thanks!
You can simply disable the lan rule to avoid direct interaction with wan, let me know what you say about it
You can, you may not want all lan traffic out the vpn
If I understand your tutorial correctly if I have created my own vpn server i can use your tutorial to connect my sonology to pfsense to use my vpn and create my own firewall rules to allow access to it?
This tutorial is for using a vpn such as PIA or nord with pfSense. There's other tutorials for road warrior style setups.
The easiest way would be to use a vpn such as openvpn, wireguard, tailscale directly on pfSense and connect to that to access devices behind pfSense
Any idea on why even propperly configured my machine still connecting through my default LAN? I have checked everything like 10 times (spent all day doing this) but my connection still going through my ISP :/
Sounds like NAT?
Hi friend, I have a question. Is it possible to carry out this configuration that you propose in the video on a pfsense that is already configured as a server? For example, consider my scenario: I have a pfsense on a network that works as a firewall and it is configured with the openvpn server, it already has users and certificates and accepts external connections so that my employees can access the company's local network from their homes . Is it possible to configure this same pfsense as you explain, without losing the server settings? I did it here and the users disappeared, thank God I had the exported backup xml file.
Can u give download link for the default configuration file 😊
Login to pia, navigate to downloads page, scroll to bottom you'll see "vpn configurations" there