Protectli Vault Configuration Files

Phase One: Installation: Install the firewall software:

First, you must download and install the latest version of pfSense. Next, you must configure this download onto a portable USB device for installation onto the Protectli Vault. The following steps complete the process.


• Navigate to https://www.pfsense.org/download.
• Choose the following options:
• “File Type: Install”
• “Architecture: AMD64”
• “Installer: USB Memstick Installer”
• “Console: VGA”
• “Mirror: New York”.
• Download the “.gz” file and decompress it (typically by double-clicking it).
• If your OS cannot decompress the file, download and install 7-zip from 7-zip.org.
• Ensure you have a file with an .img extension, such as pfSense-CE-2.4.5-amd64.img.
• Download and install Etcher (https://www.balena.io/etcher/).
• Launch the program
• Select the downloaded .img file, select the target USB drive, and execute the “Flash” option.
• Remove the USB device when finished.

The pfSense installation image should now be properly copied to the USB drive. Next, the following steps install pfSense to the Protectli Vault.

• Verify that the new hardware is powered down.
• Verify that a monitor and USB keyboard are connected.
• Insert the USB install drive into another USB port on the hardware.
• Power the device and verify that it boots and begins the installation process.

If your Vault does not recognize the USB device and cannot boot into anything, you may need to enter the BIOS of the device and configure it to boot from USB. The procedure for this is different on any machine, but the Protectli device is fairly straight-forward.

• Turn on the device and immediately press F11 on the keyboard repeatedly.
• If the USB device is visible on the monitor attached to the Vault, select it for boot.
• If USB device is not visible, enter the setup menu and use the right keyboard arrow to highlight “Boot”, use the down arrow to highlight “Hard drive priorities” change Boot Option # 1 to the USB drive, and strike “F4” to save and exit.

Remove the USB device when the firewall reboots. From there, follow all default installation options, which should require you to strike the enter key several times. After install, connect a computer via ethernet cable to the LAN port of the Protectli Vault. Navigate to 192.168.1.1 within a web browser and log in with the default username and password of “admin” and “pfsense”. Accept all defaults within the setup process with “Next”. Apply any temporary password when prompted.


Phase Two: Choose you desired configuration file (right-click and download):

FW2B 2-port Vault with ProtonVPN US Server (Auto-select)

FW2B 2-port Vault with PIA West Coast Server

FW2B 2-port Vault with PIA East Coast Server

FW4B 4-port Vault with ProtonVPN US Server (Auto-select)

FW4B 4-port Vault with PIA West Coast Server

FW4B 4-port Vault with PIA East Coast Server

FW6 6-port Vault with ProtonVPN US Server (Auto-select)

FW6 6-port Vault with PIA West Coast Server

FW6 6-port Vault with PIA East Coast Server


Phase Three: Import configuration file:

While logged into the pfSense portal, conduct the following.

• Click on "Diagnostics" then "Backup & Restore".
• Click "Browse" in the "Restore" section.
• Select the file downloaded in the previous phase.
• Click "Restore Configuration" and allow the device to reboot.
• Upon reboot, log into pfSense with a username of "admin" and password of "admin1234".
• Click on "System" then "User Manager".
• Click the "pencil" icon to the right of the admin user.
• Change the password to a secure option and save the changes. Reboot the router and verify login.


Phase Four: Apply VPN Credentials:

• In pfSense, click "VPN" then "OpenVPN".
• Click the "Clients" menu option and click the "pencil" icon to edit the setting.
• In the "User Authentication" section, change the username and password to match your own credentials.

Note: If using ProtonVPN, your username and pass are NOT the creds used for the app. Find your OpenVPN creds in the ProtonVPN Dashboard


Plug your home internet connection into the WAN port.
Plug your Wi-Fi router into the LAN port.
Any other devices can plug into the OPT ports (if present)


Suggested VPNs


We currently recommend either Private Internet Access (PIA) or ProtonVPN as the most appropriate VPNs for most people. We use both for various situations. Overall, PIA seems to work best with pfSense in a firewall, as explained further HERE. To order service with the best discounts available, please use the following links.

Protectli Vault


We currently recommend the
Protectli Vault for home firewalls with the following minimal specs:

Memory: 4GB
Storage: 32GB
Wi-Fi: None
BIOS: Coreboot

If you have home internet speeds over 200mbps, choose the 4-port or 6-port. If your home internet speed is over 250mbps, choose the 6-port. I currently use THIS MODEL, available directly from Amazon. Discounted purchase options can also be found on the Protectli site HERE.

New Privacy Guide

My latest book on Extreme Privacy is now available! Click HERE for details.