# Privacy Appliance



## korobor (Jan 8, 2019)

Hi All,

Is there a FreeBSD or any BSD privacy appliance akin Winston Privacy (Linux-based).

TIA,
A


----------



## steveharriss (Jan 14, 2019)

Thread 67704

Looks like a cheaper/better way to approach the problem if you combine it with a VPN

FreeBSD Wireguard using Mullvad maybe?


----------



## obsigna (Jan 14, 2019)

Regarding the VPN part of the privacy appliance, it would be worth to look at the built-in capabilities of the clients which shall be connected. Most client OS's support dial-in L2TP/IPsec and/or IKEv2-IPsec connections out of the box, without needing to install any additional software. So, perhaps it is worth to simply go with those two VPN systems, which are easy to install on FreeBSD using security/strongswan and net/mpd5.

Regarding Thread 67704, I agree with steveharriss – of course I do, I am the author of dns/void-zones-tools, see also https://github.com/cyclaero/void-zones-tools. One special thing is worth to mention. In order the privacy cannot be bypassed by the clients using other DNS facilities (either the classic one on TCP/UDP ports 53 or the new fancy ones DoT on TCP port 853 or even DoH on TCP port 443 to 1.0.0.0/24, 1.1.1.0/24, and 8.0.0.0/9, you want to block these channels on the firewall of the appliance for access by the clients.


----------

