Different VPNs on pfSense

TurbineBeast · July 4, 2022, 7:39am

If one wants to switch between a few different VPNs and No VPN on pfSense with ProtectLi, what’s the easiest way to do this?

Different OpenVPN profiles? (but then you got all the different firewall rules)
or
Different admin logins to pfSense?
or
Each physical LAN port has a different profile, and physically move the plug? (I’m worried frequently doing this will break the Ethernet cable end)

neogrid · July 4, 2022, 8:12am

For what you want to do it’s easiest via laptop, usually these VPN vendors have some kind of client that allows you to rotate between locations.

The other thing to do, is setup a few OpenVPN clients and put them in a gateway group.

LTS_Tom · July 4, 2022, 11:45am

You can have multiple VPN setups in pfsense and then enable/disable them as needed.

TurbineBeast · July 5, 2022, 5:51am

Woah is this Tom from the videos? Love your stuff man

Have you made a video on this topic or where can I find documentation on it?

When I have 2 VPNs in OpenVPN and disable one, it won’t let me because the interface is running (with all those firewall rules)

TurbineBeast · July 5, 2022, 5:51am

by gateway group do you mean interface?

neogrid · July 5, 2022, 8:00am

You can put your OpenVPN gateways into a group, System >> Routing >> Gateway Groups, I use it for failover but it might be another method of rotating between VPNs.

neogrid · July 5, 2022, 8:20am

I’m running 2.5.2 and can definitely disable OpenVPN clients, as I have setup various clients / rules etc. There might be something in 2.6 I recall a topic on this in the pfsense forum but don’t remember the details.

LTS_Tom · July 5, 2022, 10:37am

If you are trying to do a privacy VPN with policy routing as I do in this video you can not disable the VPN without first disabling the interface, but you can still create multiple VPN’s.

TurbineBeast · July 6, 2022, 6:16am

DNS question:

I did get the VPN Rotation to work by doing one single interface that then under Assignments I can toggle which OpenVPN uses that interface. Then disable the non-used one. This automatically then gets the same firewall rules for that one interface, so this system is overall SEEMS pretty good.

The only issue is that one VPN provider told me to put in their custom DNS under these settings:
Services → DHCP Server
Then changing DNS Server 1 & 2

While the other VPN provider did not mention their custom DNS. They just told me to put cloudflare’s 1.1.1.1 in the System→General Settings. (I like Quad9 better).

Do these extra DNS settings on the first VPN actually matter? The first VPN provider didn’t say to check off the “Pull DNS routes”, but the second one (who didn’t even give custom DNS) did. And at DNSleaks.com it just shows the VPN Cloud host.