pfSense is an open source router and firewall solution that’s developed a large user base thanks to its utility in homes and workplaces. Once it’s installed on a device, pfSense is used to create and customize a secure firewall and router.
Where pfSense really shines is in its scalability, and it’s not a problem if you want to incorporate add-ons or additional subnets. What’s more, it's frequently updated. pfSense is a powerful security tool in its own right, but it’s worthwhile to know how to use one alongside a VPN. In this guide, we show you how to set up a VPN for pfSense and also give a list of the best VPNs to use.
What are the best VPNs for pfSense?
We have listed the best VPNs for pfSense below.
- ExpressVPN - The best pfSense VPN. Its network of speedy servers won't slow you down, and make browsing, downloading, or streaming a stress-free experience.
- IPVanish - A reliable pfSense VPN. Unlimited simultaneous devices, and novice-friendly apps for all platforms, allow users to secure a full household of gadgets.
- ProtonVPN - A secure pfSense VPN. Superb encryption and Perfect Forward Secrecy will compliment a pfSense router and put a stop to third party snooping.
- VyprVPN - The best versatile VPN for pfSense. Its impressive list of privacy features allow you to enhance the security of any device you've installed pfSense on.
- HMA - The best budget-friendly VPN for pfSense. Users can enjoy a full raft of security features, including leak protection and OpenVPN encryption, for a very modest price.
To ensure that you get the most out of your VPN, all the services we recommend in this article have the following features:
- Fast servers
- 24/7 customer service
- Great privacy features
- Strong encryption
Top 5 pfSense VPNs- In-depth Analysis
We take a closer look at the best VPNs for pfSense below.
ExpressVPN is the best pfSense VPN. It has lightning-fast servers across the globe, stealth features, and a great pfSense tutorial. ExpressVPN Demo ExpressVPN is a leader in the field, with lightning fast servers in more than 94 countries worldwide. These servers don’t ever write to the hard drive, meaning your data is secure from third parties, and you’ll be able to enjoy unlimited bandwidth and freedom from ISP throttling when you connect to one. A no logs policy keeps your activity history private, and industry standard AES-256 encryption makes sure your browsing sessions and personal data remain secure, too. ExpressVPN is compatible with most devices and platforms and can be installed on routers if you want all WiFi enabled devices in your home to benefit from its security tools. Otherwise, you’re allowed 5 simultaneous connections. Known in particular for its unblocking power, ExpressVPN has no trouble accessing Netflix, BBC iPlayer, Prime Video, Disney+, and many more, and you’ll also be able to check out a network kill switch, split tunneling feature and pfSense tutorial. A 30-day money-back guarantee allows you to take ExpressVPN for a test drive before subscribing, and a customer support team is available 24/7 via live chat and email if you need help at any point. IPVanish is a reliable VPN for pfSense. It has worldwide coverage and unlimited simultaneous connections, plus robust OpenVPN encryption. IPVanish Demo IPVanish manages the entirety of its server network - meaning all 1,400+ servers across more than 75 countries across the world. And they’re quick, too! Unlimited bandwidth eliminates lag and buffering, and with IPVanish, you can easily catch up with Netflix wherever you are. A zero logs policy keeps your device and pfSense router secure, and IPVanish utilizes 256-bit AES encryption for maximum security. OpenVPN is just one of the protocols available, too. With IPVanish, you can enjoy up to ten simultaneous connections, and the service is available for most devices; Windows, Mac, Android, iOS, and even routers. There’s also a SugarSync Cloud storage feature that’ll keep your files as secure as your browsing activity. IPVanish is ideal for torrenters, with P2P support, and a kill switch is an equally handy feature. You can try all of IPVanish’s functionalities for free with a 30-day money-back guarantee, and 24/7 customer support is available via live chat if you get stuck. ProtonVPN is a secure VPN for pfSense. It has a full security toolkit, with Tor over VPN, DNS leak protection, and a no-logs policy. Proton Demo ProtonVPN’s 10gbit servers pack a punch with unlimited broadband and locations in over 50 countries. Regardless of which one you connect to, ProtonVPN is committed to a zero-logs policy that even extends to its free service. And the VPN’s encryption is equally as impressive, using only ciphers with Perfect Forward Secrecy and ditching the weaker PPTP protocol in favor of IKEv2/IPsec and OpenVPN. Your DNS queries are also secured. A built-in kill switch provides that extra bit of peace and mind for you and your pfSense connection. As well as strengthening your pfSense router, ProtonVPN is compatible with most operating systems, as well as routers, and can be installed on up to 10 devices at any one time. If streaming’s your thing, ProtonVPN has a number of guides available. You’ll also have access to Netflix, Disney+, Prime Video and BBC iPlayer. Support is available via email or through an FAQ, and a 30-day money-back guarantee means there’s no reason not to try ProtonVPN out for yourself. VyprVPN is the best versatile pfSense VPN. Easy to use and install, it also comes with premium features like secure DNS and the Chameleon protocol. VYPR Demo All of VyprVPN’s servers are owned privately by the service and have undergone upgrades, meaning they’re quicker than ever and even better for streaming. There are servers in over 70 countries across the globe, granting you access to a ton of international content that you can try out for yourself with a 30-day money-back guarantee. VyprVPN has a full roster of privacy enhancing features; from secure DNS, a NAT firewall and a selection of protocols, you can rest assured your sessions and identifiable information will be kept secure. VyprVPN’s Chameleon protocol is particularly useful for bypassing restrictive firewalls, and VyprVPN Cloud adds an extra layer of security to your Cloud servers. In addition, VyprVPN has had its no-logs claim audited. You’ll be able to connect five simultaneous devices, with Windows, Mac, Android, iOS and router apps readily available. There’s even a personalized kill switch, just in case your VPN connection drops unexpectedly. HMA is the best budget pfSense VPN. An inexpensive subscription comes with easy-to-use apps, access to P2P servers, and an audited zero-logs policy. HMA Demo HMA has more than 1,000 servers in over 190 countries, and if that’s a little overwhelming, then don’t worry - there’s a Lightning Connect feature that’ll automatically find the fastest one for you. Currently, HMA is rolling out new 20gbps servers as part of its massive V5 update. This update also saw HMA become a fully fledged no-logs VPN provider as of April 2020. Besides keeping your activity logs secure, HMA’s servers are strengthened against DDoS attacks and DNS leak, use full-disk encryption and the military-grade 256-bit AES encryption. Windows, Mac, iOS, Android and Linux devices are all compatible with HMA, and 5 simultaneous connections are permitted. pfSense users will enjoy a smart kill-switch feature, and there are also split tunneling capabilities as well as P2P optimized servers. What’s more, HMA can access Netflix, Prime Video and BBC iPlayer. HMA has a highly commended customer service team that’s available 24/7 through live chat, and a 30-day money-back guarantee as standard. 1. ExpressVPN
Pricing
Pros
Cons
Available on
Unblocks
Website
Pricing
Pros
Cons
Available on
Unblocks
Website
Pricing
Pros
Cons
Available on
Unblocks
4. VyprVPN
www.vyprvpn.com
Pricing
Pros
Cons
Available on
Unblocks
5. HMA
www.hidemyass.com
Pricing
Pros
Cons
Available on
Unblocks
How to set up your pfSense VPN
It might seem tricky at first, but our step-by-step guide will take you through the process of installing a VPN alongside your pfSense router. All you must do is install the pfSense software and get it configured for basic routing. If you’ve already done that, then great! Next, be sure to:
- Pick a VPN provider - we’ve listed 5 that we’d recommend above.
- Log in to your provider’s website and download the VPN configuration files for your desired server location.
- Log into the pfSense dashboard, then head to System > Cert. Manager.
- Navigate to CAs and select Add - this’ll add a new certificate authority.
- Next, give it a name and select Import an existing Certificate Authority from the Method drop-down.
- Copy the <ca> section from your VPN configuration files and paste it into the pfSense Certificate data field.
- Hit save
- Navigate to the Certificates tab and select Add.
- Conjure up another name for the certificate and select Import an existing Certificate from the Method drop-down.
- Copy the <cert> section from your VPN configuration files and paste it into the pfSense Certificate data field.
- Copy the <key> section from your VPN configuration files and paste it into the pfSense Private key data field.
- Hit save.
- You now must add your VPN client, so head to VPN > OpenVPN > Clients and select Add.
- Now, you’ll see that there’s some information you need to fill in about your VPN:
- General information
- Cryptographic Settings
- Tunnel Settings
- User Authentication Settings
- Advanced Configuration
- Next up, you need to confirm that the OpenVPN connection is successful - head to Status > OpenVPN. Then find the Client Instance Statistics section. Under Status, the word "up” lets you know that the connection was a success.
What are the benefits of using pfSense?
pfSense lets you build your very own customized router; it’s scalable, flexible and works in tandem with a VPN to create a secure network for your devices to connect to.
Whilst pfSense is known best as a firewall and router, it comes loaded with a bunch of additional features; remote connectivity, network routing, diagnostics and reporting. Cloud security add-ons also exist for an extra layer of security. It’s possible to create your very own plugins and add-ons, too, as well as subnets.
pfSense offers:
- Remote connectivity
- Network routing
- diagnostics and reporting
- Cloud security add-ons
- Customizable plugins
What makes pfSense useful to so many people is its versatility. It’s just as practical for a professional working from home as it is for a multi-level company with an international infrastructure. pfSense also grows as you do, and can run it on older devices with limited resources as well as larger servers.
And it’s free! pfSense is an open source project that you can download directly from its website. Frequent updates keep hacking attempts at bay, and its easy-to-use interface will get you up and running quickly once installation has completed.
Why use a VPN with pfSense?
If you’re using pfSense, it’s probably because you’re invested in keeping your data as secure as possible - and rightly so! By using a VPN alongside your pfSense router, you further enhance your online privacy.
Unfortunately, routers remain a huge target for hackers. This is where a VPN is invaluable. Besides protecting the devices connected to the router network, a VPN encrypts all data passing to and from the router. So, if a hacker manages to intercept your data and tries to read it, they wouldn’t be able to - it’ll be encrypted and unreadable.
VPNs are the star of the show when it comes to security measures, and these are what will really strengthen your pfSense setup. Most VPNs pack sturdy encryption and protocols that you can customize, as well as DNS Leak and DDoS protection, and anti-malware features. What’s more, VPNs stop third-parties from being able to monitor your online activity. Whether it's by hackers, nosey websites, your ISP or government agencies, your online sessions won’t be tracked.
If you’d rather decide for yourself which traffic connects via the VPN, you can do so with a split tunneling feature.
Finally, VPNs are well known for their ability to access geo-restricted sites - particularly streaming sites like Netflix, where the available content varies from country to country. This is done by assigning you a new IP address. When you connect to a VPN server in a different country, the sites you visit will assume that you’re physically located in the same place, giving you access to websites and platforms that might otherwise have been unavailable for licensing reasons or censored by your government.
What to look for in a VPN for pfSense
Using a VPN whenever you're connected to the internet is a good idea if you're serious about your online privacy. However, there are several specific features to keep an eye out for if you're on the hunt for one that’ll go hand-in-hand with your pfSense setup. We’ve compiled a list of the most important features below:
- Strong encryption and a range of protocols - we’d recommend using OpenVPN, but pfSense also supports IPsec.
- A selection of servers with fast speeds - more servers means more access to geo-blocked content, and unlimited bandwidth will let you stream and browse without the long load times.
- Reliable customer service - having an expert team on hand can make all the difference if you run into trouble.
- Kill switch - a vital feature that halts your traffic if your connection to a VPN server suddenly drops.
- A no-logs policy - a must when it comes to protecting your right to online privacy.
Can I use a free VPN with pfSense?
We doubt it, and wouldn’t recommend it even if you could. Free services tend not to provide support for complex router setups, and their small, congested server networks typically mean you’ll encounter a lot of sluggish speeds.
More worryingly, free services fall short when it comes to viable security measures, with weak or outright absent encryption, and there’s very little capability to bypass geo-restricted sites. Worse still, free VPNs might not charge you a subscription fee, but they’ll pay their bills by logging your data to sell to third-parties.
There are free VPN services that we’d recommend that are secure, quick, and won't sell you out, but these are more suited to general browsing than pfSense routers. Trustworthy VPNs still have fewer servers than their premium counterparts and often impose bandwidth limits and data caps.
Conclusion
pfSense has been a strong security tool since 2004. Add a VPN into the mix, and you have a powerful security combo that gives you all the benefits of pfSense’s router flexibility and scaling potential with a VPN’s encryption and bypassing power. It’s a winning duo! Before you go, here's a reminder of the best VPNs for pfSense:
- ExpressVPN - The best pfSense VPN. Its network of speedy servers won't slow you down, and make browsing, downloading, or streaming a stress-free experience.
- IPVanish - A reliable pfSense VPN. Unlimited simultaneous devices, and novice-friendly apps for all platforms, allow users to secure a full household of gadgets.
- ProtonVPN - A secure pfSense VPN. Superb encryption and Perfect Forward Secrecy will compliment a pfSense router and put a stop to third party snooping.
- VyprVPN - The best versatile VPN for pfSense. Its impressive list of privacy features allow you to enhance the security of any device you've installed pfSense on.
- HMA - The best budget-friendly VPN for pfSense. Users can enjoy a full raft of security features, including leak protection and OpenVPN encryption, for a very modest price.