Hi - I would like certain IP addresses on my DMZ LAN to always be routed through a VPN that would be running on the pfsense router. For instance my ‘SMART TV’ should always use VPN. Other IPs on the LAN1 would selectively use or not use the VPN.
What is the best way to use a commercial VPN with PFSENSE? I assume OPENVPN? Could a Virtual Machine be used? I currently have PFSENSE virtualized with another app.
Well as you are running pfSense I’d recommend buying a managed switch, set up vlans, with one of them having the VPN as the gateway, implement a kill switch, that way if the VPN goes down internet access is killed hence doesn’t exit via the ISP.
If your VPN provider allows multiple simultaneous connections, then you can put several connections in a gateway group, if one fails the traffic will exit via another VPN gateway.
Additionally, if you setup an OpenVPN server you can exit via a VPN gateway, hence on your mobile you can access your VPN from anywhere without using up any of your connections.
You can of course do it with just a LAN but it’s not as flexible.
I suppose you can virtualise it but if you have to troubleshoot then it’s two things you have contend with.
Tom - Thank you for that great video! I appreciate your comments about adding overhead when using a VPN at the end of the video.
Question: Why then when setting up the PIA OpenVPN (5:45 on video) is HW Crypto : NO hardware crypto acceleration selected for the setup? It seems this would speed up the encryption for the VPN tunnel?