Hello - I’m looking at different options to set up a VPN device and give to a relative (non-tech savy) in another state so that they can hook up to their network. For the Firewalla option, I’m looking at the Purple SE. I’m thinking the Firewalla option would be the best because of automatic updates that Firewalla pushes, an accessible GUI, etc. Basically, I cannot have my relative maintain the device in anyway except for the initial setup like plugging it into their existing ISP delivered modem/router and opening a port/forwarding on their router (and maybe the occasional unplug /plug it back it to reset).
Questions:
- Are there any better options for the above scenario? Again, once the initial configuration happens, I would like the device to be totally hands off (i.e. depend on pushed auto updates)… set it and forget it. I’ve configured PiVPNs before and they work great… but want to avoid having to command line updates on a regular basis or have my relative mess with anything.
- Will the Firewalla auto update if it’s not used as a router? I would like to ensure that my relative’s network remains secure and do not want to introduce any vulnerabilities because of me.
- The purpose of the solution is to watch streaming content 4-5 of times per week at 2-3 hours per event. Is the Purple SE sufficient or should I be looking at the Gold version or something like that? I’m expecting the Firewalla to sit idle outside of those times since it’s not being used as a router.
If this seems like a feasible option… conceptually is this the order of operations to get it up and running?
- I receive the device, hook it up to my network, and configure it for bridge mode only. Note: I already have a Firewalla Gold being used as my router (and my personal VPN Server).
- Configure the VPN on the Firewalla Purple SE, generate the various Wireguard profiles for my interested devices and distribute. (i.e. my Apple TV devices).
- Open a port/forward on my Router so I can test everything is working as expected on the Firewalla Purple SE.
- Unplug it and ship it to my relative. Get on FaceTime and have them plug it into their Router and open/forward the necessary port to the Firewalla Purple.
- Once port configs are complete, would the Firewalla show up in my app (along side with my Firewalla Gold) so I can configure anything if needed?
Is anything else I need to consider? Am I kind of on the right track? Is this a feasible use for this product? Are there better hands off options?
Thanks in advance!
Note: My relative does not have data caps, so we are not concerned about the consumption part. But regardless, I would disconnect the VPN when not needed.
I think you can achive what you want using a Firewalla Purple SE, but I am definatly not an expert. Here are a few things to consider:
-
You may be able to find a less expensive piece of VPN hosing hardware (gli.net, PiVPN, Firewalla Blue+ from eBay, etc), but if cost is not an issue, a Firewalla product would work well because you are using FWG at home. Good choice.
-
Does your relitive have cable internet or fiber? Cable is notorious for having slow upload speeds (which will be your download speed while you are using the VPN).
BTW, I fully support your willingness to think outside the box.
On a side note, I just searched eBay for Firewalla Blue and the 3 or 4 that have sold in the last little bit have all sold for over $100. WTH? So, I would not sugest going that direction.
I think firewalla is overkill for this use case. Is this streaming done on a computer where something like Nord vpn could be installed or if on a fire stick Nord vpn could be installed on that too. What device is the relative streaming on and are they connecting to a service on the web or something hosted by you?
Regarding bullet point one: Would the other options be as hands off as Firewalla? Auto updates to keep the network secure, etc.? As mentioned in the original post, need the option to be idiot proof (for me and my relative). I really do not want to maintain something that is not physically in my possession. I have built PiVPNs before and it worked great, but I went in once a month or so to SSH and run command lines to update the software to keep my network secure. I would like to avoid that and put no burden on the relative to do any work.
Bullet two: Yeah - they are on fiber.
Regarding your final thought… are you saying that I might as well buy new since ebay seems high? Also wouldn’t buying new be better anyway given? It seems like that some of original Purples have hardware defects that mess with the upload speeds and have since been fixed with newer hardware.
Thanks!
Hi. Thanks for taking the time to reply. The relative would not be streaming. I need them to host the VPN server (they live in a different region). I would be the one who is streaming to watch a video service.
My device I would be using to watch the service would be Apple TV. I would use my Firewalla Gold and turn on the VPN client (with the installed WireGuard config files generated from the Firewalla Purple) for my Apple TV devices to connect to the my relatives network. When I’m done watching the service, I would turn off the VPN client on my end.
It would be easy to simply use a VPN service like Nord, Mullvad, etc…… but unfortunately, these streaming service companies seem to have all the IP address blacklisted. I figured I would try and create my own VPN server to get around this.
Remote managing Firewalla is pretty effortless. Depending on your relatives bandwidth, I’d probably opt for either purple SE or gold se, just to avoid the temptation of trying to use the WiFi as a whole home solution. Something else to consider is whether your relative has, or can easily get, a public ip. I’ve tried doing something similar to you with a Firewalla red, but the location in question only has a mobile hotspot currently for internet, ergo no public ip. I tried setting up a cloudflare tunnel, but never got it working. So, if you’re going to be dealing with CGNAT, using a PI might be easier to set up.
If you can afford to use FWPSE that would be a great way to go, for sure.
My comment about getting a Blue on eBay, I was suprised that the price was so high for a unit that is almost EOL. I expected that it would be in the $20-30 range.
Does your relative have their own vpn service? The vpn service your referring to with firewalla will not obscure that traffic for your relative meaning their ISP could see that traffic and if it was not legal could take action against your relative as it was coming from their network as they would see it. Do you belive that the vpn service from your firewalla to theirs is the same as Nord or express or any other vpn? because it’s not. The vpn from your firewalla to theirs just relocated the traffic from your network to theirs and does nothing to hide it from their ISP their end.
If your trying to hide your streaming activity your end instead of buying a second firewalla I would subscribe to a vpn such as nord. Login and find your nord vpn manual login details. Set it up as a vpn client on your firewalla and route traffic through it for your apple tv device and turn it on and off as you want to.
Assuming I understood you correctly.
Hopefully I’m understanding the dynamic IP issue you brought up correctly… When I set up my Firewalla Gold with VPN (mine is used as a router), I believe Firewalla auto configured an Endpoint for me to use. I’m guessing that when my Home IP changes, Firewalla updates my IP to the endpoint they issued me (hand off behind the scenes magic… apologies can’t remember the technical terms).
If my relative sets up the FWP in bridge mode with VPN, does Firewalla not maintain the Endpoint/URL to IP address mapping (does that feature only work in Router mode)? If not, that adds another layer of trouble.
Side Note: When I set up my PiVPN before having my Firewalla, I used to run a scheduled cron job to ping freedns.afraid.org every hour to keep my IP address updated with my DNS. Worked like a charm, but again… I’m lazy. Would rather have Firewalla do all the work. lol.
I’m simply just trying to make it look like I’m in another region when I stream. I totally understand how VPNs work and what ISPs can see when/where stuff is streamed… there is no illegal activity I’m trying to hide, and would never put anyone in a situation (especially a friend/relative) to be involved if an illegal hypothetical situation existed.
Feeling this is moving off topic. I’m basically trying to understand if the Firewalla Purple is a good product for a non-tech savvy person to host at their house (as a VPN server) that I could connect to make it look like I’m in a different location (and plus all of the other points I listed in the original post).
Just reading where your relative has a combo gateway. So you want transparent bridge mode so it just sits on their network and doesn’t do anything except provide you with a VPN server?
Not sure how the VPN server works in bridge mode, you’ll need to read the docs on that. I wasn’t talking about a dynamic IP, I was talking about a public IP. There’s dozens of posts on this sub where people can’t set up the VPN server only to learn from others they’re behind an ISP CGNAT (100.64.0.0/12) and don’t have a public IP address. When I first got fiber, I had to contact my ISP and ask for a public IP address.
Anything more than a purple SE is going to be overkill for your use case, since it’s not doing anything on their network.
Like this (This is nord vpn manual login details set up into firewalla as a vpn client) You can then router devices through it… https://imgur.com/a/TkMKhAA
If you do decide to do that feel free to get your self some extra free months (and me :D) using this referral link: Up to 3 free months of NordVPN: Get them right now | NordVPN
Based on what your describing it would serve that purpose. But I think it’s overkill still 
Why not set up a VPN like nord on your firewalla by adding the manual vpn login details as a vpn client and then route traffic from the apple tv through it. Hope that makes sense. Edit: You can have years of service doing that instead of stumping all the cash upfront for a second firewalla.
Very helpful! Thanks for the explanation on the public IP topic. You gave me enough info to start Googling things if this happens to be my case (probably saved me hours if I were to run into this).
Because it doesn’t work? I’ve tried using Nord to get around regional blackouts myself, and it’s never worked. Maybe it depends on the service but Hulu/ESPN+ has pretty aggressive VPN detection.
Exactly - this was supposed to be the whole point of my original post. lol. A lot of companies are blacklisting commercial VPN IPs. Trying to get around this so trying to understand if the Firewalla Purple is the best hands off option for a homemade solution.
I have personally tried three different VPNs as test subjects for various streaming services and none of them work. Companies are getting better at this.
Why not set up a VPN like nord on your firewalla by adding the manual vpn login details as a vpn client and then route traffic from the apple tv through it. Hope that makes sense. Edit: You can have years of service doing that instead of stumping all the cash upfront for a second firewalla.