[Off topic] Does it make any sense in implementing a VPN on pfsense for privacy?

I have never used a VPN and honestly I don’t have any plans for purchasing a VPN subscription. I am asking this just for the sake of gaining some knowledge.

As far as I know there are roughly two ways to use a VPN.

(1) On the client. Be it BSD, Linux, Windows or Mac. In this configuration only the traffic generated by the client goes through the VPN tunnel not the rest of the clients on the network. The user has the privilege to turn the VPN on/off.

(2) On the router. If the VPN is implemented on pfsense the traffic generated by each and every client on the network goes through the VPN tunnel.

My question is if I go with the second option that is if configure VPN on pfsense will that not compromise anonymity? I mean on hand I am using a VPN for privacy and at the same time I am logging in to Facebook, Gmail, Instagram. I have tried using the tor browser for a brief period in the past and I had read that if someone logs into any such accounts then his/ her anonymity is lost. So doesn’t this same rule apply for a VPN?

Stop and think.

What are you trying to achieve?

What do you want “privacy” from? Who are you trying to hide from? What are you trying to hide?

A VPN rhat you saw advertised on youtube encrypts traffic, sends it somewhere else, and then that someone else dumps it on the Internet. You’ve traded your isp and local government being able to see your traffic for some guys who make misleading ads on podcasts. Everyone can still do traffic analysis on you and most of your web traffic is transport encrypted in both cases.

I stopped using the openvpn client on my pfsense. The only service i run through a vpn is my torrents.

Newzgroups downloads are via ssl. I am not to concerned my endpoint is tracking my every move there.

I used to have whole house vpn but it needed a lot of configuration for netflix. Just couldnt be bothered.

I use pfsense for a vpn, although I know it all comes back to my house and my home ISP. The VPN does keep hotels and wifi environments from sniffing too much. Also, I’ve provided access to my parents when they’re out and about, which has served them well.

Privacy is only as good to the point where it dumps out in the internet. You are being tracked one way or another, so get comfy about it.

I pay for NordVPN anyways and I like to think it is an option just as good as the DNS forwarding option under the DNS resolver for keeping my data from being sold to marketing companies by my ISP (less creepy as fuck ads). So I set it up through pfSense.

If I could get an Open NAT through NordVPN/OpenVPN in pfSense it would be great for gaming. I can only get a moderate NAT through Nord on pfSense. It changing my IP is great when players think they have to DoS me or hack my shit. I have also been able to get an A+ bufferbloat rating while using NordVPN through pfSense instead of Windows but setting up the limiters is kind of a nightmare.

Squid Proxy is pretty awesome too. Especially for gaming. It keeps servers from directly communicating with my consoles (you can check in ntopng), and you can still port forward ephemeral UDP to consoles while splicing http and https. And it caches downloads for downloading games much faster. You can also use Virtual IP Aliases to furtherly confuse hackers. If you have a static block, you can set Squid’s public IP to be different than your NAT. Almost as effective as a VPN in this instance.

You can also use a VPN like Nord on pfSense to segregate your VLANs from your trusted network more effectively.

As you know providing VPN is also an industry. People around the globe purchase paid VPN subscriptions. So in your opinion all these VPN services provide a false sense of privacy?

Everyone can still do traffic analysis on you

spoiler alert a lot of those companies sell the meta data of their user

I think most people just don’t have any idea what “privacy” means in the case of commercial consumer VPNs.

Is it a good trade off to let some random kids see all your traffic instead of your isp? Sometimes, but it depends on the details of your problem.

Edit: the intense commercial surveillance in the US does seem to be part of why this is pushed afaict

Absolutely they are a false sense of privacy. You are just shifting who can see your traffic from your ISP to some other company that is usually not even based in the same country as you.

For many that privacy means privacy from the government, law enforcement, and copyright lawyers, so it depends a lot on who you are trying to hide your traffic from. A vpn can also protect you somewhat when using public wifi, but in a developed nation doing your online banking, facebook etc. is probably safer straight through your isp than a vpn.

I agree with the original comment.

Most traffic you send across the internet nowadays is encrypted anyways, Https for example.

When you think about the process of doing a DNS request for a website, that would be plain text, even when you are using someone else’s DNS server other than your ISP.

If you can encrypt your DNS traffic like you can to 1.1.1.1 you eliminate most of the ways that people like your ISP can actually tell what you are doing. This is an extract from cloud flares website

“To prevent this and secure your connections, 1.1.1.1 supports DNS over TLS (DoT) and DNS over HTTPS (DoH), two standards developed for encrypting plaintext DNS traffic.”

Ultimately using the internet requires you to trust someone at some point. If you don’t trust your ISP, why would you trust a company that is probably registered in a tax haven somewhere and advertises on YouTube and tiktok.

If I were to look for a VPN, I would still want to be sending DNS traffic encrypted, and wouldn’t be using unencrypted sites.

If privacy was the ultimate goal I would also be looking for providers who have been audited by third parties like KPMG, and have been confirmed by these audits to be keeping no logs. Otherwise they are no better than your ISP.

A VPN is just a tunnel to access a remote network securely. It’s a virtual subnet that each client can connect for remote access or even full tunneling all traffic through the server.

If you’re using a VPN for privacy:

If you’re at public place or on a shared wifi network. The network administrator or an adversary can only see you are connected to a VPN endpoint and how much bandwidth you are using. They can’t see inside the tunnel or what traffic you are tunneling as it’s end to end encrypted.

You can also use a VPN to hide your origin from the website host. They know the public IP of each device that’s connected to them. When you are using the full tunnel VPN. They see the server itself as the client device not you. ← This is mainly useless, especially whe you are signing into accounts.

VPNs have many uses outside of what the YouTube sponsorship ads claim. Many corporations have VPN concentrators so all remote employees stay connected to the office where they can access company resources and go through the corporate firewall for security.

There is also site to site vpns, where companies have many physical locations, but they all have access to the same networks as each other.

VPNs are not magic.They can’t stop hackers but definitely slow them down. They don’t give you anonymity, but they can increase privacy for certain situations.

The same KPMG that audited 3 banks saying they were solid and just recently failed? (among other “audits” they have done in their past that turned out to be wrong)

Dont put a lot of faith into KPMG

I agree,

I don’t necessarily trust KPMG with everything.

But their assessment that silicon valley banks long term bets were stable would not have looked stupid a few years ago. That’s a really difficult thing to assess.

But a yes or no as to if a VPN company is storing logs or not, and actually reading through or at least skimming the reports is for more due diligence than most people on this sub probably do on most of the companies they interact with.

Let’s be completely honest here, you are on a thread of people taking cyber security advice from complete strangers on the internet, strangers who often don’t cite sources, and for all you know could be a 12 year old kid.