Has anyone used Michael Bazzell's book to set up a VPN on a Protectli Vault?

Questions
1

Hi all, New and noob here.

I’m working my way through Extreme Privacy by Michael Bazzell and setting up a hardware firewall for the first time and getting stuck in the same place.

I don’t understand enough to know what my issue is, so any kind help is appreciated.

I’ve purchased a Protectli Vault as he recommended.

I’ve got pfSense up and running. I’m in the web GUI configuring the firewall.

Everything seems to be going well, until I get to page 214.

After completing the bulleted instructions there, my computer is no longer connected to the Internet.

I’ve retraced my steps twice, including resetting the Vault to factory defaults.

Current situation is I have an Ethernet cable from my modem to the Vault and another Ethernet cable going to my laptop. Until I completed page 214, I was on the Internet, albeit with my unprotected IP address from my ISP.

Page 214 should have enabled the VPN. I’m using Proton as recommended. Instead it disconnected me.

I’m guessing something has changed since the book was published.

Can someone please tell me what to update without compromising the privacy protections, which are the whole point of going through the book?

Many thanks in advance.

Max

2

It’s hard to know what’s on this page especially because there are several versions of that exact same book.
Feel free to share the instructions + settings + troubleshooting you used so far. :slight_smile:

1 Like
3

That makes sense. I’ll type them in as soon as I get off from work today. Thanks for your reply.

4

Hi there, sorry for taking so long to reply, busy week, and then I spent a lot of time trying to recreate what I did so I could report it to you. In doing so, I got past where I was stuck, but am now stuck in a new place. I also don’t necessarily understand what the issue was.

ORIGINAL ISSUE: I’m using the 5th edition of Extreme Privacy, and so the instructions on page 214 were about setting up the VPN Interface on the firewall. I took the firewall hardware back to original settings and started over with the configuration. I had the same issue when I got back to pg 214. I did this a couple of times.

These were the instructions:

We now need to activate our VPN configuration and make some modifications within pfSense.

  • Select “Interfaces” and click “Assignments”.
  • Next to “opvnc” at the bottom, click “Add” then “Save”.

Notice the name assigned, as it may be similar to OPT1, OPT3, or OPT5. Click on this new name, which should present the configuration for this interface. Modify the following:

  • Select “Enable Interface”
  • Provide a “Description” of “VPN1”.
  • Enable “Block Bogon Networks”.
  • Click “Save”, then “Apply changes”.
  • Navigate to “Firewall” > “NAT”.
  • Click on “Outbound” at the top.
  • For “Outbound NAT mode”, select “Manual Outbound NAT rule generation”.
  • Click “Save” then “Apply Changes”.
  • In the lower portion of the screen, click the pencil icon (edit) next to the option with a description similar to “Auto created rule - LAN to WAN” which has the “Source” IP address of “192.168.1.0/24”.
  • Change the “Interface” option of “WAN” to “VPN1” and click “Save” and “Apply Changes”.
  • In the lower portion of the screen, click the pencil icon (edit) next to the option with a description similar to “Auto created rule for ISAKMP - LAN to WAN” which has the “Source” IP address of 192.168.1.0/24”.
  • Change the “Interface” option of “WAN” to “VPN1”.
  • Click “Save” then “Apply Changes”.

It was at this point that I lost my internet connection every time.

HOW I SOLVED IT: I ended up reading ahead where he offers a configuration on his website. I ended up downloading the correct one, and following his instructions on pg 219, I was finally up and running.

NEW ISSUE: My next task was to add my existing wi-fi router to the set up. I was excited to have that working until I ran into my next hitch: I can’t log in to the router interface.

Before doing all of this, I had my modem and router set up with the router on 192.168.1.1. A few months ago I had renamed all the networks and created a separate network for my IoT, all on the router.

Now, the pfSense firewall is on 192.168.1.1

To get the address of the router, within pfSense I went to Status > DHCP Leases and I can see the IP address of the router is 192.168.1.11.

When I type 192.168.1.11, nothing will come up in the browser. The wi-fi is working, I just can’t see or modify anything in the router.

Thoughts on what to do next?

5

So you cannot access the pfSense admin interface?
And you tried both 192.168.1.1 and 192.168.1.11 with no success?

You could maybe pull a wire from your pfSense router to a laptop and do some admin stuff from there?
Otherwise, you can probably use some CLI tool to scan your local network.

6

I was okay to log in to the pfSense admin interface on the Protectli Vault when I tried 192.168.1.1 with a wired connection.

What I was having a hard time with was logging in to the router, once I added that back in to the physical configuration. What I eventually figured out was that I needed to get to the router by going to 192.168.0.1. I ended up setting the router back to factory defaults and starting fresh from there.

I did a lot of things, lots of restarts, lots of ipconfig in a command prompt, but I eventually got up and running. Thanks for being willing to help, I appreciate this forum.

Max

1 Like