{"id":2625,"date":"2023-07-16T19:04:25","date_gmt":"2023-07-16T23:04:25","guid":{"rendered":"https:\/\/matthannan.net\/blog\/?p=2625"},"modified":"2023-09-02T11:42:35","modified_gmt":"2023-09-02T15:42:35","slug":"outbound-vpn-on-the-pfsense-router","status":"publish","type":"post","link":"https:\/\/matthannan.net\/blog\/outbound-vpn-on-the-pfsense-router\/","title":{"rendered":"Outbound VPN on the pfSense Router"},"content":{"rendered":"\n<p>Privacy is increasingly a priority in my design decisions when it comes to what I what I am implementing in my home network. I am loathe to describe it as a &#8220;<a href=\"https:\/\/linuxhandbook.com\/homelab\/\" target=\"_blank\" rel=\"noreferrer noopener\">homelab<\/a>&#8220;, as this is about as front-line production as it gets. If a random web site has a glitch, somehow I hear about it and need to prove that the issue is not on my end. <a href=\"https:\/\/www.apmdigest.com\/network-teams-guilty-until-proven-innocent-just-ask-the-application-team\" target=\"_blank\" rel=\"noreferrer noopener\">Network is always guilty, until proven innocent.<\/a><\/p>\n\n\n\n<p>I was watching a video last night on the erosion of online privacy. Nothing really new was covered for me, but I did install <a href=\"https:\/\/www.signal.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Signal<\/a> on my iPhone afterwards.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/MBBOjf7fLrc?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span>\n<\/div><\/figure>\n\n\n\n<p>Additionally, I looked at setting up a VPN for outbound traffic on my <a rel=\"noreferrer noopener\" href=\"https:\/\/www.pfsense.org\/\" target=\"_blank\">pfSense router<\/a> this rainy afternoon. At this time, the only clients are my iPhone, my Debian 12 laptop, and my Windows 10 PC. So far, so good. In order to keep search results sane, I did not select anything outside of the US. In fact, I found that my VPN provider, <a rel=\"noreferrer noopener\" href=\"https:\/\/www.privateinternetaccess.com\/\" target=\"_blank\">Private Internet Access<\/a> (PIA), has a server in Rhode Island. So, now the Internet thinks that I am in Capitol City and not my little village.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/ulRgecz0UsQ?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span>\n<\/div><\/figure>\n\n\n\n<p>As usual, Tom did an excellent job of walking me through the process. I appreciated his honest opinion about all of these personal VPN services at the start of the video.<\/p>\n\n\n\n<p>In other increased privacy news, I recently killed my long-standing <a rel=\"noreferrer noopener\" href=\"https:\/\/voice.google.com\" target=\"_blank\">Google Voice<\/a> telephone number. I really only used the service for getting transcripts of voice messages. My mobile provider claims to provide this now, so one less tether to Google. I have one friend who texts me on that old Google Voice number, so I hit him up on Signal this morning.<\/p>\n\n\n\n<p>I&#8217;ve also begun to make greater use of <a rel=\"noreferrer noopener\" href=\"https:\/\/vaultwarden.us\/\" target=\"_blank\">VaultWarden<\/a>, which I have running as a Docker container on a Raspberry Pi. I turned off the password storing feature in Firefox last week, and I have had very few issues since. In fact, I enabled 2FA on my <a rel=\"noreferrer noopener\" href=\"https:\/\/www.cloudflare.com\/\" target=\"_blank\">Cloudflare<\/a> account this morning and I am using VaultWarden for the token generator. I am going to start migrating all of my 2FA accounts to do the same. I was making use of <a rel=\"noreferrer noopener\" href=\"https:\/\/kb.synology.com\/en-us\/DSM\/tutorial\/Quick_Start_Secure_Signin\" target=\"_blank\">Synology&#8217;s Secure Signin<\/a> for this, but my NAS is starting to grow a bit long in the tooth (DS-720+), and I think I want to build a <a href=\"https:\/\/www.truenas.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">TrueNAS<\/a> box to replace it, which means I need to ween myself off of all of Synology&#8217;s services and find ways to host those services myself. This is a start, though.<\/p>\n\n\n\n<p>Stay safe out there, kids. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Privacy is increasingly a priority in my design decisions when it comes to what I what I am implementing in my home network. I am loathe to describe it as a &#8220;homelab&#8220;, as this is about as front-line production as &hellip; <a href=\"https:\/\/matthannan.net\/blog\/outbound-vpn-on-the-pfsense-router\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2625","post","type-post","status-publish","format-standard","hentry","category-geek"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2NxlE-Gl","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":75,"url":"https:\/\/matthannan.net\/blog\/how-to-boost-your-bittorrent-speed-and-privacy\/","url_meta":{"origin":2625,"position":0},"title":"How to Boost Your BitTorrent Speed and Privacy","author":"matthannan","date":"25 November 2010","format":false,"excerpt":"Note that for best results, you'll want to make sure your router is UPnP capable and has UPnP enabled. Most routers are UPnP ready, but if you find that you're having trouble, you may need to look at your router's manual and settings page to enable its use. via How\u2026","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":378,"url":"https:\/\/matthannan.net\/blog\/network-administration-installation-of-tacacs-rancid-cvsweb\/","url_meta":{"origin":2625,"position":1},"title":"Network Administration : Installation of Tacacs+, Rancid, Cvsweb","author":"matthannan","date":"12 June 2013","format":false,"excerpt":"Network Administration : Installation of Tacacs+, Rancid, Cvsweb.","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1466,"url":"https:\/\/matthannan.net\/blog\/exploring-my-network-with-snmp\/","url_meta":{"origin":2625,"position":2},"title":"Exploring my Network with SNMP","author":"matthannan","date":"8 November 2018","format":false,"excerpt":"I don't think I've made mention yet on this often ignored blog, but I have a new job. Two new jobs, actually, since the last time I think I talked about jobs here. I left State Street\/Netview back in mid-June. I took a job with a Silicon Valley-based company as\u2026","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":914,"url":"https:\/\/matthannan.net\/blog\/softether-vpn-follow-up\/","url_meta":{"origin":2625,"position":3},"title":"SoftEther VPN, follow-up","author":"matthannan","date":"17 December 2016","format":false,"excerpt":"I am writing at work on my laptop which is connected via WiFi to the guest network. This guest network dumps you straight out to the Internet, but subjects you to internal proxy rules. No Social Web anything. And, quite honestly, screw these guys and their data collections. I am\u2026","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/matthannan.net\/blog\/wp-content\/uploads\/2016\/12\/extendedLAN.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/matthannan.net\/blog\/wp-content\/uploads\/2016\/12\/extendedLAN.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/matthannan.net\/blog\/wp-content\/uploads\/2016\/12\/extendedLAN.png?resize=525%2C300 1.5x"},"classes":[]},{"id":195,"url":"https:\/\/matthannan.net\/blog\/ccent-exam-prep\/","url_meta":{"origin":2625,"position":4},"title":"CCENT Exam Prep","author":"matthannan","date":"4 October 2012","format":false,"excerpt":"This has been a long time in the works, but I just made a great break through. I started cobbling together a study lab in the engineering lab room here at work. It is fairly well isolated from the rest of the world. A sandbox, if you will. Well, this\u2026","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/matthannan.net\/blog\/wp-content\/uploads\/2018\/01\/sandwich.png?fit=360%2C299&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":950,"url":"https:\/\/matthannan.net\/blog\/hello-from-2\/","url_meta":{"origin":2625,"position":5},"title":"Hello from&#8230;","author":"matthannan","date":"21 December 2016","format":false,"excerpt":"Mobile the Laptop, connected via my iPhone's hotspot to the OpenVPN server running on the OpenWRT router! I can see devices on the network, but only the wireless one. I am wondering if this is a firewall issue or something. In any event, it should be easy to fix. And,\u2026","rel":"","context":"In &quot;Geek&quot;","block_context":{"text":"Geek","link":"https:\/\/matthannan.net\/blog\/category\/geek\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/posts\/2625","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/comments?post=2625"}],"version-history":[{"count":1,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/posts\/2625\/revisions"}],"predecessor-version":[{"id":2629,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/posts\/2625\/revisions\/2629"}],"wp:attachment":[{"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/media?parent=2625"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/categories?post=2625"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matthannan.net\/blog\/wp-json\/wp\/v2\/tags?post=2625"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}