I just updated my pfSense router to run through a VPN 100% of the time through a WireGuard tunnel. It has been working great for me in the last 24 hours, but I’m don’t have a lot of experience running VPNs, and I’m worried that my IP will be blocked on some websites.
I’m using this mainly for privacy on regular day to day activity.
Given that my setup is not as easy as just toggling a switch on and off, I wanted to check with this community if anyone is doing something similar, and what options I have to mitigate this problem going forward.
I haven’t had any issues except for the occasional captcha or block issued by the website, but it’s fixed easily by just switching servers. I rarely have to turn it off, only for my bank. I use it all the time and the difference is basically unnoticeable compared to when I’m not using it.
I have tried, but I find I get a lot of capcha’s and blocks to bank sites and such. Sometimes Netflix and google say something can’t be reached for whatever reason. There seems to be some sort of coordinated effort to block VPN exit points.
Running on full VPN on all my devices (from VPS to Android to Mac to NUC to home router, you get it) since Wireguard was even just a concept.
No single issue, I’m having an absolute blast (as a hobbyist) knowing everything is on the same “network” (with Pi-Hole & unbound) wherever I am in the world
The problems you have are going to be dependent on whether you’re using a VPN provider, and which one. If your VPN endpoint is your own VPS you pay for and you’re not going for anonymity, you’ll likely have no problems. If you’re using a well known VPN provider, you’re going to get blocked by plenty of sites including Google.
Pfsense does have a lot of policy based routing features though, which you can use to work around some of those problems. You can have particular machines on your network go over the VPN, while others don’t. You can have particular websites connections circumvent the VPN if they tend to block them etc. I have mine setup to route connections over the VPN by default, but if I add devices to an alias for machines that don’t use the VPN, they get to go directly out.
As some in China I am on a VPN all the time, I have it at router level and app on phone when out and about. Some websites always block VPNs, so I boycott and move on.
I’m a network noob, but I’ve been discussing on the pfSense subreddit options to make it an easy on/off switch. Looks like I can do it through firewall rules. It is not as easy as toggling something in an app, but it might ok in case I need to.
Interesting that you are using Pi-hole and unbound. The VPN that I’m using has its own DNS servers with block listed content. I was running unbound as well, but I’m wondering if should use unbound or the DNS servers from my VPN. For what I checked, the VPN servers use similar blocklists, and I can even choose different servers with different blocked content.
What made you choose using unbound after running your traffic through a VPN?
This is good advice. The way I have it now is all devices going through the VPN provider. I picked a privacy oriented one. I haven’t been blocked by any of the major services I use so far… so looking good.
I liked the idea of circumventing some websites to use a different gateway. That might be something I do if I keep getting blocked in the future.
100%. Im on the same train as you. Doing this for hobby and learning on my way. Now I have my own homelab with a private cloud I can use for my needs. I also started with pi-hole, but ended up switching to pfSense at some point.
