I have pfBlocker installed on my pfSense for DNSBL ad blocking. After watching Tom’s video about using PIA with OpenVPN, I was thinking about adding that. But if I do that, will clients on my network route out through the VPN and therefore bypass all IP & DNSBL blocking, making it pointless to have the ad blocking feature?
Similarly, let’s say I don’t add OpenVPN to the pfSense, but a client (phone, laptop, tablet, etc) on my network has a locally installed VPN app on their device. Will the adblocking I have configured on pfSense still apply to them or do they bypass this completely?
Thanks in advance for helping me better understand how these would work with or against each other.
Well I can say that I have AirVPN and pfblocker running, ads are blocked.
If I use an AirVPN client on my phone and exit out of my router via my AirVPN interface ads are not blocked, which is what I would expect.
If the VPN client is running on the router, then anything the router does to the outbound traffic should still apply - unless it relies on a firewall rule which is only applied to the ISP interface, in which case you need to apply the rule(s) to the VPN interface also.
If the VPN client is running on a phone or other user device, then the router can’t inspect it or do anything to it.
Thanks. That kinda makes sense to me. But the thing that threw me was the first step in the PIA work instruction for installing it on OpenVPN with pfsense was to point the pfsense dns to what I presume are its own dns servers.
The more I think about it, there’s very few devices on my network that I would want to use a vpn anyway. The iot devices and the Netflix devices probably shouldn’t route through one. And so if it’s just my phone/laptop it would be easier to use an app on those devices instead of at the router.
I don’t have a need to remote into my network from outside. Was just looking for secure options for outbound traffic because, well, ISPs.
I’m not sure if these were the instructions you followed: https://www.privateinternetaccess.com/forum/discussion/29231/tutorial-setup-pia-on-pfsense-2-4-2 but if the DNS you’re referring to is on step #19, then that would affect anything which uses the PFSense for DNS (which would depend on whether you put in something else in the DHCP configuration).
This is the set of instructions I was looking at (from their Guides section).
PfSense 2.4.5 setup guide
With AirVPN you use their DNS server once the tunnel is established, as you connect via an IP address you can be certain their is no address leak.
In your situation I would just setup your VPN then check if you are leaking your IP address, ought to be done as a matter of course.
I’m the other way I prefer that everything goes out via VPN WAN, though gmail, financial sites and credit card payment sites usually fail over VPN.
I have exactly what you ask about:
PIA VPN enabled for all traffic on my default home network.
pfBlocker enabled - and including the VPN interface.
All traffic is routed through the VPN - and ads are blocked by pfBlocker.