Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
Brend

42 posts

Geek


  #2022257 25-May-2018 09:19
Send private message

olivernz: Persevere! These things are not easy and there is no way to really make it in any way more comfortable. One of the upsides is that you actually learn a LOT when confronted with these issues.

 

Oh, I forgot to post since I didn't think there was much interest in this thread, but I got it to work and have started to set up VPN clients. In order to get an internet connection, I had to point my WAN to igb1.10 and not igb1. I managed this by setting up VLAN 10 on the "DOS-like" interface before connecting to the Web based GUI. This created a igb.10. I then made my WAN connect to igb1.10 instead of igb1. I do not know if this is the right way, but I have an internet connection through the router. Comments will be appreciated as others might benefit from this.

 

The guys at NordVPN are super helpful and has provided me with a guide (in development) to assist with setting up multiple VPNs. I will sort this out tonight. More importantly for me is my next aim after setting up multiple VPNs, which is to channel the correct traffic through them. Example, if there is a device that is connecting to Netflix, I want the router to recognize it and send the traffic through to the US VPN client. Similarly if the same device connects to now.dstv.com (streaming service in South Africa which is geo-restricted), I want the router to recognize it and send the traffic through to the ZA VPN client. So if anyone know how to do this, please help me.

 

I saw 4 URLs for Netflix and will create an alias for them later. But where do I find these URLs for other sites? In particular for now.dstv.com ?

 

I've now added a 24 port fully managed switch to my mix which has a 550 page manual. So yeah, it will take me weeks to get it sorted. But in the end I will have a safer environment for my kids and have learnt a HEAP! ...by the way, still being challenged by my MikroTik router too. Just so much stuff to configure.

 

Wow ... good luck with that!!! I still have to set up my Vodafone Huawei HG659 to be an access point only for my wireless connections. Not sure how that is going to be done yet - as you can recall, I am a noob with this stuff.


sultanoswing
761 posts

Ultimate Geek


  #2022259 25-May-2018 09:24
Send private message

Great to hear of the progress!

Seriously - flog that HG659 on Trademe and get a proper dedicated AP e.g. Ubiquiti Unifi AC-LR. That said, I'm running an ASUS RT-AC68u in simple AP mode, in addition to a unifi.

 
 
 
 


Brend

42 posts

Geek


  #2022293 25-May-2018 10:05
Send private message

sultanoswing: Great to hear of the progress!

Seriously - flog that HG659 on Trademe and get a proper dedicated AP e.g. Ubiquiti Unifi AC-LR. That said, I'm running an ASUS RT-AC68u in simple AP mode, in addition to a unifi.

 

I hear you! I hate the damn thing. The only thing it has over my Asus RT-n66u is ac on 5GHz. My intention is to use my RT-n66u later on. But it is currently the work horse until this DIY router is done. The HG659 is just temporary, but will still need to do it's job in the setup and testing phase.


Brend

42 posts

Geek


  #2025685 30-May-2018 13:59
Send private message

Now, I want to channel the correct traffic through VPN-US, VPN-ZA, WAN. Example, if there is a device that is connecting to Netflix, I want the router to recognize it and send the traffic through to the US VPN client. Similarly if the same device connects to now.dstv.com (streaming service in South Africa which is geo-restricted), I want the router to recognize it and send the traffic through to the ZA VPN client. And because NeonTV doesn't like VPNs, I want the router to recognize any connection to NeonTV and divert the traffic through WAN. All other traffic must go through VPN-NZ. 


muppet
2291 posts

Uber Geek

Trusted

  #2025724 30-May-2018 15:39
Send private message

Brend:

 

Now, I want to channel the correct traffic through VPN-US, VPN-ZA, WAN. Example, if there is a device that is connecting to Netflix, I want the router to recognize it and send the traffic through to the US VPN client. Similarly if the same device connects to now.dstv.com (streaming service in South Africa which is geo-restricted), I want the router to recognize it and send the traffic through to the ZA VPN client. And because NeonTV doesn't like VPNs, I want the router to recognize any connection to NeonTV and divert the traffic through WAN. All other traffic must go through VPN-NZ. 

 

 

 

 

Well, that's going to be fun to setup.

 

You'll need to add some static routes - which will no doubt need to change on a very regular basis, so you'll be playing whack a mole.

 

 

 

1) Setup your default route to go through "VPN-NZ".  That's easy.

 

2) You'll need to figure out ALL Netflix US netblocks and route them via VPN-US.  Maybe this isn't hard.  Hopefully someone maintains a list online, and in pfSense/opsense you can just setup a firewall rule that references this list and it will auto-update every hour.  There's a list here - https://ipinfo.io/AS2906 - but not in a format you can just import.  But you could enter those easily enough.

 

3) You'll need to figure out now.dstv.com netblocks and route them via VPN-ZA.  Same as above.

 

4) Find all NeonTV ranges (I doubt they'll be many) and route them via the WAN Interface.

 

- le muppo.


Brend

42 posts

Geek


  #2025728 30-May-2018 15:51
Send private message

muppet:

 

Well, that's going to be fun to setup.

 

You'll need to add some static routes - which will no doubt need to change on a very regular basis, so you'll be playing whack a mole.

 

 

 

1) Setup your default route to go through "VPN-NZ".  That's easy.

 

2) You'll need to figure out ALL Netflix US netblocks and route them via VPN-US.  Maybe this isn't hard.  Hopefully someone maintains a list online, and in pfSense/opsense you can just setup a firewall rule that references this list and it will auto-update every hour.  There's a list here - https://ipinfo.io/AS2906 - but not in a format you can just import.  But you could enter those easily enough.

 

3) You'll need to figure out now.dstv.com netblocks and route them via VPN-ZA.  Same as above.

 

4) Find all NeonTV ranges (I doubt they'll be many) and route them via the WAN Interface.

 

- le muppo.

 

 

I got these ... 

 

http://asn.blawk.net/2906 for Netflix

 

http://asn.blawk.net/328045 for DSTv

 

http://asn.blawk.net/9901 for Neontv

 

Can I use these? And if "yes", how?

 

How do I route the NeonTV ranges through WAN?

 

I tried a so many ways and for days now and I can't get a working setup.

 

 

 

 

 

 

 

 


muppet
2291 posts

Uber Geek

Trusted

  #2025732 30-May-2018 16:00
Send private message

I don't really have the patience (sorry) to talk you through the basics of routing on pfSense.

 

But simply in pfSense (I don't use opnsense but it shouldn't be much different) you can just add normal static routes, or to get tricker, add a firewall rule.

 

For Destination select "alias" and then the alias you created for the netblock you want to route to.

 

Then in advanced, you pick the gateway and save.

 

You'll probably find your openvpn interface(s) aren't in the list of gateways, you'll need to go to Interfaces->Assignments and add the the openvpn interfaces.

 

 

 

To create an alias you to go: Firewall->Aliases and click "Add".  Then change the Type to URL (Table) and paste in what you've got above.  Hopefully it works for you.

 

Give the alias a name etc.

 

 

 

Then you can reference the alias in the Destination I talked about above.

 

 

 

the other thing you can do with Firewall rules is route based on source.  This way you can say "Hey all traffic from 192.168.0.5 which is my NeonTV box gets routed out the VPN"  - You can't do this with standard static routes.


 
 
 
 


Brend

42 posts

Geek


  #2025740 30-May-2018 16:17
Send private message

muppet:

 

I don't really have the patience (sorry) to talk you through the basics of routing on pfSense.

 

 

Yeah ... you are unfortunately not the only one frown
But thanks for the time you did spend here. At least I get to review what I tried already.

 

 

But simply in pfSense (I don't use opnsense but it shouldn't be much different) you can just add normal static routes, or to get tricker, add a firewall rule.

 

 

I am still on pfsense. Not sure how static rules work, but I have tried multiple firewall rules without success ... guess I am doing something wrong every time

 

 

For Destination select "alias" and then the alias you created for the netblock you want to route to.

 

Then in advanced, you pick the gateway and save.

 

 

I did this, I could get it to work for Netflix to access the US servers and have the "full" Netflix but not for DSTv.

 

I tried something similar for NeonTV with WAN as the gateway, but it didn't work. Neon still thinks I am in another country even though https://ipleak.net/ tells me I am in NZ

 

 

You'll probably find your openvpn interface(s) aren't in the list of gateways, you'll need to go to Interfaces->Assignments and add the the openvpn interfaces.

 

 

I did this. They all showed being up

 

 

To create an alias you to go: Firewall->Aliases and click "Add".  Then change the Type to URL (Table) and paste in what you've got above.  Hopefully it works for you.

 

Give the alias a name etc.

 

 

 

Then you can reference the alias in the Destination I talked about above.

 

 

I did this with the asn.blawk.net references

 

 

the other thing you can do with Firewall rules is route based on source.  This way you can say "Hey all traffic from 192.168.0.5 which is my NeonTV box gets routed out the VPN"  - You can't do this with standard static routes.

 

 

I considered this, but it will not give me the desired result. E.g. NeonTV will be accessed with TV, iPad, Android tablet, but these devices will also connect to Netflix, DSTv and other sites including banking sites... which reminds me - I need my banking sites to bypass VPN too ... 


sultanoswing
761 posts

Ultimate Geek


  #2025748 30-May-2018 16:36
Send private message

With the relative complexity of what you are trying to do, I'm reminded of the technology/software rule:

"Simple, Cheap, Works. Pick two"

muppet
2291 posts

Uber Geek

Trusted

  #2025774 30-May-2018 16:58
Send private message

So you got it to work, that's great.

 

But not everything.

 

The only other thing I can suggest is DNS - that's probably what's stuffing you.

 

What DNS Servers are you using?  You might have to get really tricky and try and forward certain DNS requests to certain servers.

 

 

 

I'm sure what you're doing is possible, the fact you got it working for Netflix USA shows you you're on the right track.  Have you installed Squid?  It's X-Forwarded-For header will knacker your changes, remove it if you have.


Brend

42 posts

Geek


  #2025789 30-May-2018 17:06
Send private message

I am using the DNS servers as suggested by my VPN provider.

No squid installed.

Kiwifruta
1246 posts

Uber Geek

Subscriber

  #2025797 30-May-2018 17:15
Send private message

Curious as to why you are using VPN to unblock rather than a smart DNS service.

 

With a smart dns service there is no need to configure/map geoblocked services to VPN services. Internet remains full speed and smart DNS servcies cost less also. (dns4me is my pic).

 

I can understand if privacy and security are a higher priority than geo unblocking.

 

 


Brend

42 posts

Geek


  #2025798 30-May-2018 17:18
Send private message

Privacy and security are my main priorities. The fact that I can geo unblock is just an awesome extra. So I am trying to exploit it all in an overpowered machine.

sultanoswing
761 posts

Ultimate Geek


  #2025811 30-May-2018 17:37
Send private message

Love the aims and methods of the project. Keep it up, and keep us updated!

Brend

42 posts

Geek


  #2025965 30-May-2018 21:51
Send private message

muppet:

 

The only other thing I can suggest is DNS - that's probably what's stuffing you.

 

What DNS Servers are you using?  You might have to get really tricky and try and forward certain DNS requests to certain servers.

 

 


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic




News »

Amazon introduces new Echo devices
Posted 25-Sep-2020 11:56


Mad Catz introduces new S.T.R.I.K.E. 13 Mechanical Gaming Keyboard
Posted 25-Sep-2020 11:34


Vodafone NZ upgrades international submarine network
Posted 25-Sep-2020 09:09


Jabra announces wireless noise-cancelling airbuds, upgrade existing model
Posted 24-Sep-2020 14:43


Nokia 3.4 to be available in New Zealand
Posted 24-Sep-2020 14:34


HP announces new HP ENVY laptops aimed at content creators
Posted 24-Sep-2020 14:02


Logitech introduce MX Anywhere 3
Posted 21-Sep-2020 21:17


Countdown unveils contactless shopping with new Scan&Go tech
Posted 21-Sep-2020 09:48


HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.