Firewalla VPN Server
As we have shown before, the Firewalla VPN server can be used while you are outside your home. You just VPN back to your own Firewalla at home. The pros and cons of this solution:
Pros
- You get the same protections as you are at home.
- You can easily access your home devices without opening additional ports on your router.
Cons
- When you are outside, each device (phone/laptop/pad) needs to have a VPN app installed and configured.
- The per-device rules you configured on your home Firewalla, only take effect when the device is at home, not when it is on the road. So, your kids can play video games all day long when on travel.
Introducing Firewalla Purple
You can use Purple as your portable router/firewall when you are away from home so that, for example, you can use it to access a captive portal from one or more devices as follows. This is what we call, a Trusted LAN.
Scenario
- I want to connect to the Purple via WiFi.
- I want the purple to connect to the WiFi wherever I happen to be.
- Once the Purple has a WiFi connection, I can get through the captive portal page (e.g. a hotel or Starbucks) and establish an Internet connection for all my devices.
- Once I have an Internet connection, I want to establish an OpenVPN connection to my FWG at home.
- After that, I can connect to the Purple with my phone (and/.or tablet, laptop) and use the WiFi just like I was home.
Pros
- You get the same protections as you are at home.
- You can easily access your home devices without opening additional ports on your router.
- When you are outside, all devices (phone/laptop/pad) connect to Purple, and there is no need for a VPN app installed.
- You can configure rules so, restrictions on kid's devices are still in place when on holiday.
Steps to Configure Purple for Travel
Before you go:
- Configure Purple (see below)
- Turn off DoH, this feature may interfere with captive portals that intercept DNS
- Turn off Ad Block— this may interfere in registering with some captive portals
- You should complete the initial setup of Purple in your home network before setting out to travel so you will be able to manage the box easily when you take Purple traveling. To do the initial setup, you can plugin a WAN connection directly from a modem, or you can temporarily set it behind a Firewalla Gold as a second router.
If you chose the latter option, connect devices as shown below:
Gold → AP
→ Purple(router mode)
Now pair with Purple following the usual process. When you are asked, choose Router mode. If you have any issues with the instructions below, check the install guide.
- Create a Wi-Fi WAN connection (box main page → Network → Create Network → WAN Connection via Wi-Fi) Connect to a local Wi-Fi or hotspot. Not to worry, you can add another SSID for any particular location as needed. Now you should see two WAN networks: Ethernet and Wi-Fi.
- Set Purple to Failover mode. (box main page → Network → Multi-WAN settings -> Failover)
Your Purple is now in multi-WAN mode. If you plug into Ethernet, that connection will take precedence. If there is no Ethernet connection, you can still connect via Wi-Fi. - Create a Purple LAN connection using Wi-Fi. (box main page → Network → Create Network → Local Network Network) This is what you will use to connect devices to Purple over Wi-Fi.
- Name: choose a network name or use the default.
- Type: LAN
- Interface: Wi-Fi
- Choose a Wi-Fi name and password.
- Optional: Create a LAN interface bridged to the Wi-Fi Network. This will allow you to connect a device to Purple via Ethernet and have it talk to other devices on Purple's Wi-Fi as a single network.
When traveling:
Connecting to a Public Wi-Fi
- Power up Purple from a USB adapter or power it from a laptop.
- Open the Firewalla App to the Network Manager. (box main page → Network)
- Choose Edit.
- Choose the Wi-Fi WAN connection, select the available Wi-Fi portal, and Done and Done again after the Network page closes and Save.
Captive Portal:
If the Wi-Fi has a captive portal, the Firewalla app will show you a banner "Log in to … ", you can tap it to log in to the portal and follow the guide to login to the ISP.
If the captive portals /website are using non-standard implementations, the Firewalla app may not be able to detect it, here's a workaround on How to open the captive portal.
Now you can connect devices to either Purple's Wi-Fi or Ethernet LAN port.
VPN Connection
If you want to have Purple connect via VPN back home, there are a few more steps required.
- Create a remote VPN to connect back to your home network (box main page → Network → VPN Client → Create VPN Connection).
- Choose Remote Access VPN.
- Select the Firewalla you want to VPN to.
- Choose a VPN protocol. (WireGuard is often more efficient).
- Select the devices you want to connect via VPN.
Your connection will be like you are at home when connected to Purple WiFi. See VPN Client for more details.
Comments
2 comments
Is it possible to do the initial setup of the purple with a WiFi WAN connection vs a wired WAN connection?
Yes - the initial setup (for all Firewallas) is usually via the phone App using a Bluetooth connection paired with your phone.
https://help.firewalla.com/hc/en-us/articles/4406178984467
Both ports can be selected to run as either wired or WiFi mode - but the transmission range for WiFi is short-range, meaning 3-5 meters unobstructed line of sight.
Please sign in to leave a comment.