Want to Setup a Home VPN


Active Member
That machine would be fine for basic needs. I would assume (going out on a HUGE limb here....) that you have a server running 24/7? If so, install a virtual machine application (VirtualBox is free) and install it to that. Set it up with the absolute basics that give you a working network, take a snapshot, then have at it! You can't do any permanent damage at that point. As Pete said you don't need to know *nix as it is purely GUI driven.
I have my pfSense install running virtualized with 3 Intel GB NICs and a few VLANs so this "project" only increased my power consumption by 2 watts. I like running VMs because they are easy to backup, manage, and redeploy. Running a dedicated appliance, such as when I was using DD-WRT, would leave me with a HUGE networking mess to deal with if the hardware failed. In fact, as I was making the switch over my DD-WRT box started showing it's age and was dropping connections - after years of not a single issue.
Again, IPsec and PPTP aren't going to give you that freedom to use it anywhere on any network. IPsec is excellent for site-to-site 24/7 connections. That right there would rule them out for me, personally. If you decide to try out pfSense you can setup both OpenVPN and SSH within it - one piece of software to test out both of your needs.
Download the Live CD with Installer. You have the option of just running the live version on your old machine too:


OK, one more stupid question.  I need multiple network cards because one would be incoming off of my current firewall/router, then the second would be my internal LAN/switches which go to my appliances, Wireless Ubiquiti Picostation, computers, etc...
So the connections would be:
Cable Modem -- Linksys WRT300n Firewall/Router (with wireless disabled) -- NIC one of pfSense box -- NIC Two of pfSense box -- switches/pc's/stuff on LAN.
Then, through some pfSense magic, I would be protecting all of my LAN stuff and establish an OpenVPN connection to that box with my Android device, or SSH connection to that pfSense box with my work computers.
Did I get that correct?


Install it on the inside of your network; shut off DHCP on the LAN side and have it utilize DHCP on the WAN side to your existing firewall.  Play with the GUI.
My Linksys WRT-54GL radio burnt out a few months ago in Florida.  Rest of the box continued to work fine.  I did install a new one with DD-WRT there a few months back.
I did have the Cumulus weather station "server" configured on an old IBM laptop in a closet there talking wirelessly to the AP.
I lost access to the weather station such that I moved it to the wiring closet and just connected it via the LAN NIC instead anyways such that if the radio burns out again its not an issue.
There are only a few devices there on the network such that it doesn't really do much.
Can pfSense update my dyndns IP address like my Linksys can?
Just looked at the last Smoothwall box I was using.  It was also in a small media case.  It was using an Epia Via 1.2Ghz CPU motherboard (leftover carpc motherboard).  Worked fine.



Senior Member
There are also ways to do what you're after with a single NIC behind the original firewall but it's a hair trickier - usually involves setting up loopback adapters and/or virtual network adapters.
And I don't know much about Linux, yet I maintain a few linux machines... with so many of these options, they're documents right from the basic install of the OS through the firewall or they'll include pre-built images that include the OS so don't fret - with your technical ability you'll be fine.
@Frederick - I don't run firewalls (aside from NAT) or antivirus either...  but I'd never in a million years suggest that for others... my situation is a bit unique.


Active Member
No offense to Pete, but use my link to download the x86 ISO. You don't want to (and can't on your old 266 hardware) use the 64-bit version.
Also, don't know why you would even consider the old Linksys router. Though it is a "standard" for 3rd party firmware it is also limited in what it can run due to it's CPU and limited memory space. Again, if you already have a 24/7 server adding a software package will not add any power consumption and would add nothing in cost except for a couple NICs if need be. The old PC you have would also be a perfect training/testing tool - if you blew it up just reinsert your Linksys router. That would give you downtime of 1 minute. Going with a PC-based software solution also gives you the ability to run a more processor intensive UTM system. Something you would never be able to do with the old Linksys router you mention. Just keep in mind what I said about restoring your firewall/router when you have a hardware failure - with a PC-based solution you are back up in no time at all. With a flashed router, well... you're hoping you could get the same model to re-flash because if not.... have fun!


Thanks Video321; removed 64bit link above. 
Thinking now that I built and played with the PFSense configuration behind the Smoothwall firewall for a couple of months before I moved it.
The little Netier boxes that I built were using little CF cards for booting.  That said I would back up the configuration and copy the tiny image of the CF card and keep a spare taped on to the box.  These were tiny and I overclocked a laptop CPU to 700Mhz.  They did have a small riser for one PCI card which fit a secondary NIC.  Power supply though was a big brick with multiple voltages and a DIN connector tot he Netier.
Relating to work stuff I was involved in documentation of the rules set such that while testing stuff; I included my own set of personal rules for my stuff and I did bring an internet connection over to my desktop such that I could test from one side or another applications and so forth.  Inside the network; there were layers of security; treating the inside pieces of the network as it was open to the internet (even though it wasn't); that and management VLANs were configured which were related to operational management. 
Relating to using DD-WRT; I am not seeing much in updates anymore; settling mostly on a base version from 2010 and private sales of stuff.  It still does a lot but is quickly approaching its limits based on its tiny hardware architecture.


Active Member
pete_c said:
Relating to using DD-WRT; I am not seeing much in updates anymore; settling mostly on a base version from 2010 and private sales of stuff.  It still does a lot but is quickly approaching its limits based on its tiny hardware architecture.
It varies.  For example, I have a Netgear WNDR3800 router.  There's a new version for it about ever month or so released by an active developer, but if you check the 'official' release notes it's got a really old version listed.
I tend to grab a new version every year or so.  Because the routers are pretty cheap (and I'm paranoid), I always buy two.  I update one, run in a few months, then update the other to that version, so I know I've got a known good version.  It's rather like beta software of any sort.
The most difficult thing is trying to find out what new features are added, not because there are no release notes, but because there are a huge number of release notes, most of which don't apply to anything I use.  So I generally wait a few weeks after a release, read the forum where that release is commented on by users, and if nothing sounds bad, give it a try.
But you're right, it is very much a open source effort, dependent on what individuals are working on which platforms whether you get rapid development.


Just an update / post relating to the use of PFSense.....
From: Announce on behalf of Jim Thompson
Sent: Thursday, April 10, 2014 2:24 PM
To: announce at....
Subject: [Announce] pfSense release 2.1.2 is now available.

h....at blog....
pfSense release 2.1.2 is now available.  pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1, and is primarily a security release.

The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:
    • pfSense-SA-14_04.openssl
    • FreeBSD-SA-14:06.openssl
    • CVE-2014-0160 (Heartbleed)
    • CVE-2014-0076 (ECDSA Flaw)

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled.   If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Other Fixes
    • On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top. #3569
    • Correct a typo on function name in Captive Portal bandwidth allocation.
    • Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance.
    • Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. #3591

You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc.
Announce mailing list
[email protected]


Senior Member
For me, I've started to look at Tinc.
It took me about 5 minutes to setup a link between my server and home.  For now, just using SW on my server.  Later on will switch over to running it on PFSense.  This is more a mesh network, vs. star topology.  However, it make setting up links and what-not SUPER easy.  I tried to use OPENVPN, spend HOURS on it.  It is beyond me, or at least beyond the amount of energy I want to put into using it.
There are a LOT of guides.  This is the one I am using:
The only OS that doesn't seem to be supported at the moment is iOS.


I just built a new computer for my wife so I will have her old one that I will probably give pfSense a whirl on.  Currently has XP on it (reason for the new one) so pfSense is attractive since I can just reformat the drive, stick a CD in and have the OS as well as the program install on it.
BTW, don't want to derail this thread, but go this killer combo hardware deal from NewEgg on their daily specials and installed Win 8.1 with updates.
I don't know what everyone is complaining about with Win 8.1, but I really like it and actually found the menus easier to navigate than Win 7 (coming off of XP here, but I use Win 7 at work).


I don't know what everyone is complaining about with Win 8.1
Yup so far liking it better than Windows 7....that said they are still modifying the 8.1 release....playing with it here ....they did finally...
1 - put an off button on it..
2 - enable the boot back to a conventional desktop without starting up in Metro
I like Metro...but not on my desktop...rather on my tablets...well unless I had a holographic virtual display that I could pull up on a moments notice....(a few years from now...wishfull thinking)....
That said I cannot get Metro (even with the registry mods) to run on my little tablets at 800X480 tiny displays making it useless to me right now....
Looking forward though to running it without an internet connection (or an "off" switch relating to my internet connection).