There is no standard vpn case I’m aware of. What’s yours so I know what to respond to?
Why do you think it’s dumb?
Because it’s totally misunderstood by the masses, but that’s good for the VPN providers 
I see one of your replies mentioned “secured* and anonymized* traffic”. Your VPN will not secure your traffic, whatever that means. And a VPN does not make you anonymous either.
It *might* give you some privacy, if you use a VPN provider that doesn’t log any user information.
Less anonymous, since you’re sourcing from a single IP. Less secure and this is highly debatable - but if setup correctly, would be more secure than a commercial VPN.
You have to consider whether your VPN provider(s) aren’t collecting data on you, or even sharing such with other providers. You only have their word.
But all through one provider. You have to balance the odds, are you 100% sure your provider keeps your traffic anonymous. They can source anything from your login, despite exit node.
Good to know. Thanks again.
I was being overly simple in comparison, but you are correct on a deeper level. However, as you said, Wireguard is the point-to-point VPN technology, so one of the most important parts of Tailscale is centered around Wireguard.
Tailscale is awesome, but to complain it’s somehow not “the standard” seems weird to me since it’s not really one thing. It’s a collection of things put together.
Sure, that’s fair. I was thinking that most folks who use paid VPN services fall into a pretty narrow set of use cases. All the people I’ve talked to who pay for a VPN service essentially have the same goal.
My goal has always been secured* and anonymized* traffic. I send essentially all traffic (with exceptions for entertainment streaming and a few other services that don’t play well with public VPN providers) to my chosen VPN provider. I typically load balance between three tunnels ending in three different locations.
Asterisk means to the most reasonable extent possible.
I am currently using PIA. They claim to apply a zero-log policy, and in the past there have been cases which proofs this if i am not mistaken. So i guess PIA can be trusted but they have really slow connections lately.
Well, thank you for all the great work y’all do with netgate and taking on the pfsense project. Y’all have added great value to the community.
Well, this isn’t even a use case I had thought of, but tailscale has options for it. Maybe not the best options of you’re routing 0.0.0.0/0 to multiple gateways over vpn though. Tailscale/Headscale use software defined rules and TS routers to determine what subnet you have access to. Exit nodes are the other option. To my knowledge, there’s no way to do this with TS natively, but you could use multiple exit nodes by using a recursive routing configuration in your traffic Director.
Tailscale router info
https://tailscale.com/kb/1019/subnets/
I don’t write this about Tailscale because I think it’s best for your use case, it probably isn’t. It is incredibly flexible though, doesn’t require a lot of exposed ports, integrates with SSO, and gives you lots of control with the software defined ACL’s.
It’s free to try. The team is incredible to work with. Contact their sales and present your use case.
TBH, you’re only shifting the monitoring of your traffic flows from ISP to VPN providers. In my particular case, my ISP is more secure to send traffic via than a random VPN provider. For one, there are laws governing what my ISP is and is not allowed to do. Those VPN providers, aren’t regulated in the same way, not even close.
That said, hosting your own VPN server on a hosting platform such as OVH or Linode or the like and you regain some privacy. Lower chance your hoster will snoop, way too much traffic to contend with, and you setup the server as you wish. Only you’re using it, so no chance of other users bypassing VPN security and potentially able to connect to your device(s).
I don’t believe PIA allows wireguard from pfSense. If I’m wrong I would love to know.
We’re just glad people enjoy the product. Thank you for the kind words and have a good one.
You mean as a exit node when your in sketchy wifi?
Don’t use sketchy WiFi, period. Bad actors could easily block your VPN access.