Tuesday night I finally finished installing my new pfSense firewall. Of course, it still needs some tweaking here and there with routing and some ports etc, but i can’t help but sit and wonder “Why on earth did I not do this earlier!”
Now we all know that the pros of a firewall, outweigh the cons so I’m not going to go into much detail as to why i installed the extra firewall – but if you’re wondering why i decided to install the firewall as a VPN client instead of installing the VPN service client on all my computers and want to know a bit more about privacy VPN services, simply read on.
Which Private VPN service?
Being able to have pfSense act as the VPN client is actually the main reason i installed pfSense. Since you can have the firewall acting as a VPN client this allows you to create a site to site connection between two offices, but this also means the firewall can be setup to be a VPN client to the Privacy VPN service of your choice. My choice? Private Internet Access
The reason i chose Private Internet Access is simply because they are one of very few VPN services to not keep any logs. I’m not looking to do anything dodgy on the internet but, if I’m going to pay for privacy, then believe it or not, i want the best privacy i can get. Back in 2011, some lulzsec members were caught and it was due to Hide My Ass providing logs to the government (story here), but PIA does not actually have any logs to give to the authorities. They only operate on volatile memory. I’m also led to believe that AirVPN has the same policy.
TorrentFreak have an excellent comparison of VPN services that ‘Take your Anonymity Seriously’ here. Its also worth noting that some VPN services do not allow you to download using their service, so choose wisely.
Why Use a Private VPN?
- Use Public or Hotel Wi-Fi securely
- Download and Upload Files in Privacy
- Cloak Your VOIP Phone Calls
- Use Search Engines Without Having Your Searches Logged
- Fully Encrypted Connection (Provided you have DNS Leak Protection) – Prevents snoopers and your ISP seeing your data on a public network.
- Anonymous Browsing/Downloading.
- Privacy Is a Basic Right
- Access Full Hulu and Streaming Content from Outside the USA – Bypass Regional Restrictions.
- Bypass the Country’s Web Censorship and Content Surveillance
- Can affect download speeds
- Some Providers Log Traffic and Activity
Below is a visio drawing of my new network setup at home. Of course my actual setup is a bit more thorough with an ESXi server and such but this shows you how the firewall has been setup.
The reason as to why only certain devices are going through the VPN and are protected behind the firewall is simply because, they are my devices, and the last thing I want is coming home from the office to be bugged by everyone in the house with statements like; “why is Google maps showing results near Switzerland” “The Xbox isn’t connecting” and especially because I don’t want to receive a text asking me to open a port on the firewall via remote desktop. So the rest of my family can use the standard firewall and I will keep myself to myself behind pfSense. An additional reason is because PIA only allows 5 simultaneous connections per account.
Now the main reason I have set the VPN service up on my firewall and not all my devices is merely because of laziness. Why turn on a client every time i unlock my phone or turn on my PC when i can just connect through the firewall? If you have used a VPN service with an iOS device, you’ll know how the VPN disconnects after a couple minutes after the phone is locked – as long as my phone is connected to the AP behind the Firewall, I’m covered.
Do I recommend a private VPN service?
You bet’cha. Now I have this setup, i can only regret i didn’t do this earlier. With the recent leaks of the spying from GCHQ, NSA etc with their surveillance program ‘PRISM’ and the censorship of websites (including the ban on porn for the UK soon to come) it would seem that the internet is not as free as it used to be. This is my way of getting some of that freedom back, and, it could also be yours. I don’t want an MP or my ISP to determain what i can and cant view at the same time as monitoring me. It is completely up to you if you want to run the service on the device or on the pfSense firewall. You can download pfSense firewall here
Paying for a VPN is 99% of the time going to offer you better anonymity and security but if you are tight on the cash. The Hackers Post did an article with a list of free VPN services. Please note, i would not recommend free VPNs for handling confidential data and I am not responsible for any data loss, or snooping on your data if you use a free service.
You could also take it a step further to increase your anonymity by first connecting to the Tor network then to your VPN service. To find out more about this I would recommend reading this white paper written by Radware. Shooting_Behind_the_Fence_ERT_Research_Paper
It will give you a good idea of the different ways to stay anonymous and which is best.
- The Facts About Freedom and Security on the Internet With A VPN (hullerik19.wordpress.com)
- 10 reasons to use a VPN (oldienewbies.wordpress.com)
- How Fast Can You Expect A VPN To Be (browninglora24.wordpress.com)