Outbound VPN on the pfSense Router

Privacy is increasingly a priority in my design decisions when it comes to what I what I am implementing in my home network. I am loathe to describe it as a “homelab“, as this is about as front-line production as it gets. If a random web site has a glitch, somehow I hear about it and need to prove that the issue is not on my end. Network is always guilty, until proven innocent.

I was watching a video last night on the erosion of online privacy. Nothing really new was covered for me, but I did install Signal on my iPhone afterwards.

Additionally, I looked at setting up a VPN for outbound traffic on my pfSense router this rainy afternoon. At this time, the only clients are my iPhone, my Debian 12 laptop, and my Windows 10 PC. So far, so good. In order to keep search results sane, I did not select anything outside of the US. In fact, I found that my VPN provider, Private Internet Access (PIA), has a server in Rhode Island. So, now the Internet thinks that I am in Capitol City and not my little village.

As usual, Tom did an excellent job of walking me through the process. I appreciated his honest opinion about all of these personal VPN services at the start of the video.

In other increased privacy news, I recently killed my long-standing Google Voice telephone number. I really only used the service for getting transcripts of voice messages. My mobile provider claims to provide this now, so one less tether to Google. I have one friend who texts me on that old Google Voice number, so I hit him up on Signal this morning.

I’ve also begun to make greater use of VaultWarden, which I have running as a Docker container on a Raspberry Pi. I turned off the password storing feature in Firefox last week, and I have had very few issues since. In fact, I enabled 2FA on my Cloudflare account this morning and I am using VaultWarden for the token generator. I am going to start migrating all of my 2FA accounts to do the same. I was making use of Synology’s Secure Signin for this, but my NAS is starting to grow a bit long in the tooth (DS-720+), and I think I want to build a TrueNAS box to replace it, which means I need to ween myself off of all of Synology’s services and find ways to host those services myself. This is a start, though.

Stay safe out there, kids.

This entry was posted in Geek. Bookmark the permalink.

If you liked this post, please let me know!

This site uses Akismet to reduce spam. Learn how your comment data is processed.