pfSense Firewall


This page presents configuration files to import a custom build into pfSense as explained within Extreme Privacy. While configuration files from previous editions are provided as an archive, they are no longer updated. Only the official files presented below were tested with the current version of pfSense.

Configuration Files


Updated August 7 2022. Note that pfSense 2.6.0 or newer is required for the following files. First, select the following appropriate configuration file for your device. The "Netflix" options provide no VPN protection within the last "OPT" port, which can be used for video streaming services if needed.


Model: FW2B 2-port Vault
Configuration: ProtonVPN US Server
Configuration: PIA US Server

Model: FW4B 4-port Vault
Configuration: ProtonVPN US Server
Configuration: ProtonVPN US Server (open "Netflix" port)
Configuration: PIA US Server
Configuration: PIA US Server (open "Netflix" port)

Model: FW6B 6-port Vault
Configuration: ProtonVPN US Server
Configuration: ProtonVPN US Server (open "Netflix" port)
Configuration: PIA US Server
Configuration: PIA US Server (open "Netflix" port)


Next, import the file. While logged into your pfSense portal, conduct the following.

• Click on Diagnostics then Backup & Restore.
• Click Browse in the Restore section.
• Select the file downloaded.
• Click Restore Configuration and allow the device to reboot.
• Log into pfSense with a username of admin and password of admin1234.
• Click on System then User Manager.
• Click the pencil icon to the right of the admin user.
• Change the password to a secure option and save the changes. Reboot the router and verify login.

You must now apply your own ProtonVPN credentials into the firewall with the following tasks.

• In pfSense, click VPN then OpenVPN.
• Click the Clients menu option and click the pencil icon to edit the setting.
• In the User Authentication section, change the username and password to match your own credentials. If using ProtonVPN, your username and password are NOT the creds used for the app. Find your OpenVPN creds in the ProtonVPN Dashboard. PIA credentials are the same as for account access.
• If using ProtonVPN, consider changing "us.protonvpn.net" to a specific server near your location. If you want to only connect to local servers within a state or country, you must identify the IP address associated with each server. Assume you are in Texas and want to use only Texas servers. Log into your ProtonVPN account through a web browser and click “Downloads” in the left menu. Choose “OpenVPN configuration files”, then select “Router”, “UDP”, and “Standard server configs”. Select your location, such as “United States”, then select an appropriate server, such as US-TX#9 (Texas). Click the “Download” link to the right and obtain a configuration file for that server. Open this file within a text editor to identify the IP address. Replace "us.protonvpn.net" within pfSense to this new IP address. Entering an IP address of a server is always preferred over a domain name. Use the tutorial within Extreme Privacy to add multiple servers for redundancy.
• If using PIA, consider changing "us-texas.privacy.network" to a specific server near your location. A full list of all servers is available HERE
• Plug your home internet connection into the WAN port.
• Plug your Wi-Fi router into the LAN port.
• Other devices can plug into the OPT ports, which will only work if the LAN port is also in use.

Suggested VPN


We currently recommend ProtonVPN as the most private and secure VPN for firewalls. We also recommend PIA for some scenarios, such as dedicated IP addresses. Click the button below to learn more about these considerations.


To order service with the best discounts available, please use the following affiliate links.


Protectli Vault


We currently recommend the Protectli Vault for home firewalls with the following minimal specs:

Memory: 4GB
Storage: 32GB
Wi-Fi: None
BIOS: Coreboot

The following direct purchase links are pre-configured for use as a Firewall:

2-Port FW2B: amzn.to/2NRIfpA
4-Port FW4B: amzn.to/31jMzlk
6-Port FW6B: amzn.to/3lPBaCo

If you have home internet speeds over 200mbps, choose the 4-port or 6-port. If your home internet speed is over 300mbps, choose the 6-port. If you want to have a non-VPN port for Netflix or other streaming, choose the 4-port or 6-port. I currently use THIS MODEL.

Privacy Guide


My latest (2022 4th Edition) book on Extreme Privacy is now available. Click HERE for details.


Weekly Podcast


The weekly podcast presents ideas to help you become digitally invisible, stay secure from cyber threats, and make you a better online investigator. All book updates will be presented on the show. Click HERE to listen or subscribe.