![]() I upgraded to a 150/150 Verizon FIOS line which provides 150mbps upload and download simultaneously. If you haven’t got an Air VPN subscription, you can take out a subscription here. I’ve been with AirVPN for several years and have suffered downtime of less than an hour. I found AirVPN speeds were best in class when I benchmarked a few of the other highly ranked providers previously. High performance servers in multiple countries.Internal DNS with anti-ICE/ICANN censorship.Good security, OpenVPN based, 4096 bit RSA key-sizes & AES-262-CBC data channel.Ability to surf anonymously with no logging or monitoring.Its operated by activists interested in defence of net neutrality, privacy and censorship.There are a number of VPN providers on the market but the reasons why I originally went with AirVPN are primarily: I continue to use AirVPN as my primary VPN provider, downtime is a rare and performance on the whole is still excellent. Used to provide a de-restricted zone for servers and other devices which need to be accessed remotely. This line is heavily locked down to prevent anyone from attempting to gain access to my home network via compromising an external cable or hacking a camera. Subnet which various security cameras are connected to. Used for native hardware access such as Unifi access points as well as interfaces intended to be utilised only by an admin user, for example, IPMI interfaces on headless servers. Also prevents access to all local resources such as file servers etc. Used primarily by visitors who require internet access but also acts as a backup if AirVPN goes down for any reason. Guest networkĮffectively this exposes my native unencrypted unsecured Verizon FIOS line complete with Verizons DNS servers. Primary LAN network where all traffic which exits is encrypted via OpenVPN and exits to the internet via an AirVPN end point disguising my location. Used for general purpose surfing when an encrypted line isn’t a requirement. I now require the following isolated segments and primarily this drove my decision to move to a VLAN based setup. My home and office has grown to require more than just the two local networks my previous guide afforded me. I’ve added some further explanations along the way try and compensate for new users. This is a slightly more lengthy and complicated setup than the previous guide but I think the trade offs are worth it. I’m not going to set up all the above services in this base guide, my plan is to provide them as add-on steps for those who need them. ISP speed increased to 150/150mbps up/down from 150/15.Simultaneous multiple VPN WAN connections providing redundancy.Implemented pfBlockerNG to provide network wide advert and tracker scrubbing.Provide Inbound access via OpenVPN for remote access to services.replaced DNS Forwarder with the DNS Resolver.provision of a dedicated ‘guest’ network for visitors.use of multiple VLANs to segregate traffic between the various networks rather than relying on multiple NICs.Replaced Apple Airport wifi access points with Ubiquiti Unifi enterprise wifi access points.Increased security via improved firewall rule sets.Based on pfSense 2.3 which includes a new look and feel as well as other numerous updates and improvements.My setup has changed pretty significantly from my original pfSense guide and I wanted to update it reflect some of those improvements. NOTE: This pfSense 2.3 guide is now deprecated, please see the updated pfSense 2.4 guide here. PfSense 2.3 setup with AirVPN, DNS Resolver and VLANs Last revised 5 April 2016.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |