What to take into account:
- Does the VPN provider officially support OPSense (or pfSense)? If not, are there guides available (on YouTube or blogs) where someone provides step-by-step instructions on how to set it up and troubleshoot it?
- Is the performance reported by users good? Have you read some reviews?
- What is your budget – how much are you willing to pay per year? Perhaps for a lower price, you would be willing to make compromises.
- Do they have a zero log policy?
- Are they part of a five-eyes, nine-eyes or fourteen-eyes alliance? If yes, you may not want to be using that VPN provider, as those countries agreed to share information about its users in case of an opened litigation. Mind you, some suggested that it does not matter, since if you are connecting via a country that falls under the alliance then that infrastructure can be monitored by the ISP that the VPN provider uses, indicating that the location of the VPN provider’s HQ does not matter. Nevertheless, if the traffic cannot be attributed to your actual IP address, you should be fine.
- Where is the provider based? This would indicate whether a potential litigation would be held at – for instance, if it is in the U.S. and you live there, you may not wish to use that VPN provider.
Summary of providers:
This article cannot account for all providers, but here are some thoughts to consider:
- Private Access Internet (PIA)
- Reviews: 1, 2, 3
- Advantages:
- Great price, with a discount link you can get down to 2.15 EUR per month / 2.50 USD per month.
- One of the best performances from amongst VPN providers – little slow down in terms of bandwidth and latency.
- No logs policy – although see the first point in the ‘disadvantages’ section.
- Over 11,000 VPN servers available (at the time when this article was being written) – see here. Check if your country is covered and how many servers they have available there.
- Official support for pfSense (although not for OPNSense). See their documentation. Some techs got it working on OPSense and provided documentation. Some others struggled.
- Works well with Netflix US/UK & torrents.
- Disadvantages:
- They are part of the 5-eyes alliance (US – UK – NZ – AU – CA). This would be an issue if a litigation is raised against you and you live in one of these countries.
- Poor support reported by users – no online chat, no phone number, slow response to emails.
- Does not work with BBC iPlayer, Disney Plus, Amazon Prime, Hulu, HBO Go, Kodi, or Sky.
- Does not work in China.
- Does not offer double-VPN protection.
- The owner is a slightly controversial company (KAPE) who also owns CyberGhost, ZenMate and other products.
- Surfshark (British Virgin Islands)
- Reviews: 1, 2, 3
- Advantages:
- Well priced, esp. via a discount link (Google for more as sometimes there are even bigger discounts, as shown on the screenshot below – try a coupon code such as ‘SURFSHARKDEAL’). Alternatively, send them a chat message, ask a random question and then ask nicely for a discount code – they will send you a link, although you may still find a slightly better deal on other discount servers.
- Not part of the 5/9/14 Eyes Alliance (based in Virgin Islands)
- Strict no-log policy
- No limit on the amount of devices!
- 1700+ VPN servers in 63+ countries – see servers list.
- Fast online chat support
- Works with US/UK Netflix, BBC iPlayer, etc.
- Allows for multi-hop (double VPN) feature, which can be useful at countries that monitor users closely (e.g. China).
- Extra nice-to-have features such as additional privacy called Smart DNS, an ad-blocker branded as CleanWeb, HackLock – alerts you if your accounts have been compromised (similar to HaveIBeenPwned) and a privacy-respecting organic search tool called BlindSearch (to replace google.com).
- Disadvantages:
- No comprehensive guide for OPNSense set up (officially only pfSense supported). There are some OPNSense discussion articles about it: 1, 2 – the pfSense guide needs to be tweaked.
- Reported issues with a KillSwitch on desktop apps – all traffic blocked during disconnection or re-connection – could be an issue for OPNSense where all traffic is routed through if implemented – will need to be tested more.
- Users reported frequent sudden drops and re-connections. Although those are often quick, if traffic is routed for a number of devices through the VPN gateway, then all of them would lose access – this could be an issue that would bring more headache than it’s worth.
- Unclear ownership structure – no-one knows who actually owns them.
- No external comprehensive audits have been done on their security infrastructure (as opposed to some other companies like TunneBear who have them done yearly), only the browser plugins were audited. Surfshark promised to address that in late 2020 / early 2021.
- They collect metadata that could be re-constructed by some clever folks. In ther T&C, they say ‘When you use our app, we may collect advertising identifiers – unique, user-resettable IDs for advertising’. I find it questionable for a VPN provider. It reminds me of the Avast fiasco in early 2020. In comparison, Nord VPN also collects data but those are related to the application’s performance, OS version, crash reports – not for advertising purposes.
- OVPN (Sweden)
- Reviews: 1, 2, 3
- Advantages:
- They provide official support for OPNSense.
- Not part of the 5/9/14 Eyes Alliance (based in Sweden).
- Works with Netflix US/UK and HBO Go.
- Strict no-log policy
- Allows for multi-hop (double VPN) feature, which can be useful at countries that monitor users closely (e.g. China).
- Disadvantages:
- A bit more expensive – use a discount link (which sometimes means that you get the base price anyway).
- Limited amount of servers (90 servers in 17 countries at the time of writing this review) – smaller countries are not represented. This means that your latency will likely be higher.
- Does not work for BBC iPlayer / Hulu / Amazon Prime.
- NordVPN (Panama)
- Reviews: 1, 2, 3
- Advantages:
- Direct support for OPNSense, although users reported that since version 20.x and higher, some tweaks need to be made (and here) since the guide is for older OPNSense versions.
- The highest rated VPN provider by numerous reviews.
- Unblocks all geo-locked services such as Netflix (US/UK/others), Hulu, BBC iPlayer, Amazon Prime, Hotsrat (Bolywood), etc. See more details here.
- Does not comform with 5-9-14 eyes alliance (based in Panama).
- Offers a kill-switch (although not enabled by default on desktop devices).
- Split tunneling – have VPN enabled only for a specific browser on your desktop (not useful for OPNSense).
- An impressive network of 5337 servers (at the time of writing this review) across the globe – see the server list.
- Works in China and other highly monitored locations.
- Large number of user-reported reviews show that the connection is stable for many hours in many countries and there are no speed-related issues. In fact, NordVPN seems to be in the top 3 fastest providers. This is important when traffic for many devices would be routed through a single gateway like OPNSense.
- Disadvantages:
- Definitely one of the pricier VPN providers even when discounts are introduced. Look for discount codes and links, esp. Black Friday sales.
- Only up to 6 devices can be connected only (not an issue with OPNSense since devices behind it are not counted in the limit).
- A security incident from 2018 was reported in 2019 – but it is believed that NordVPN took measures to prevent it from happening again. As for speculations related to its link to an US-based CloudVPN Inc. company – this is just a money collector, so no issues there.
- ExpressVPN (British Virgin Islands)
- Reviews: 1, 2, 3
- Advantages:
- The most well known and robust VPN provider.
- The fastest VPN provider.
- All services like Netflix, Amazon Prime, BBC iPlayer, Hulu, Kodi work through them.
- Works in all countries, including Chinese great firewall.
- Strict no-log policy.
- Provides a kill-switch (stop connection in case of VPN disconnection to prevent leaks).
- Great 24/7 online chat support
- Their 30 money-back guarantee actually works (other providers often give excuses and do not refund the full amount).
- Split tunelling apps for desktops – some apps case be on VPN and the others not (not useful for OPNSense).
- Disadvantages:
- By far the most expensive VPN provider – you will end up paying 99.95 USD either for 12 or 15 months (12 + 3 free months offer).
- Only up to 5 devices (not an issue with OPNSense).
- No OPNSense official guide/support, but there is a guide for pfSense.
- Users sometimes reported sudden connection drops.
From the above, the verdict seems as follows:
- The most OPNSense-documented (officially supported): OVPN (although NordVPN / SurfShark / Express VPN / Surfshark support pfSense, which is close to OPNSense)
- The cheapest: Private Access Internet VPN & Surfshark
- The best for privacy: Express VPN, Nord VPN, OVPN
- The worse for privacy (be warned): Private Access Internet VPN (5 eyes alliance) and Surfshark (metadata collection, no ext. audits).
- Unlimited simultaneous devices (although OPNSense and all devices behind it consume one license only): Surfshark only
- The best for streaming (TV / Torrents, etc.): Express VPN, Nord VPN, Surfshark
- The best for getting through other countries’ firewalls (e.g. China): Express VPN, Nord VPN, Surfshark
Verdict:
NordVPN– best price for what you get ratio. The next steps of this section of this guide will cover the set up with this provider. However, it may apply to many others, since all that differs are the certificates and login credentials.