If one wants to switch between a few different VPNs and No VPN on pfSense with ProtectLi, what’s the easiest way to do this?
Different OpenVPN profiles? (but then you got all the different firewall rules)
Different admin logins to pfSense?
Each physical LAN port has a different profile, and physically move the plug? (I’m worried frequently doing this will break the Ethernet cable end)
For what you want to do it’s easiest via laptop, usually these VPN vendors have some kind of client that allows you to rotate between locations.
The other thing to do, is setup a few OpenVPN clients and put them in a gateway group.
You can have multiple VPN setups in pfsense and then enable/disable them as needed.
Woah is this Tom from the videos? Love your stuff man
Have you made a video on this topic or where can I find documentation on it?
When I have 2 VPNs in OpenVPN and disable one, it won’t let me because the interface is running (with all those firewall rules)
by gateway group do you mean interface?
You can put your OpenVPN gateways into a group, System >> Routing >> Gateway Groups, I use it for failover but it might be another method of rotating between VPNs.
I’m running 2.5.2 and can definitely disable OpenVPN clients, as I have setup various clients / rules etc. There might be something in 2.6 I recall a topic on this in the pfsense forum but don’t remember the details.
If you are trying to do a privacy VPN with policy routing as I do in this video you can not disable the VPN without first disabling the interface, but you can still create multiple VPN’s.
I did get the VPN Rotation to work by doing one single interface that then under Assignments I can toggle which OpenVPN uses that interface. Then disable the non-used one. This automatically then gets the same firewall rules for that one interface, so this system is overall SEEMS pretty good.
The only issue is that one VPN provider told me to put in their custom DNS under these settings:
Services → DHCP Server
Then changing DNS Server 1 & 2
While the other VPN provider did not mention their custom DNS. They just told me to put cloudflare’s 18.104.22.168 in the System→General Settings. (I like Quad9 better).
Do these extra DNS settings on the first VPN actually matter? The first VPN provider didn’t say to check off the “Pull DNS routes”, but the second one (who didn’t even give custom DNS) did. And at DNSleaks.com it just shows the VPN Cloud host.