By now, most of us know the perks of using a VPN: they make private one’s online activity (at least from your ISP’s point of view, probably), and they can also make it appear as if you are in a different locale than you physically are. This is especially important for trying to watch events such as the Olympics which might air different things at different times in different countries. It’s also starting to be an issue with services like Netflix which allow content in some areas but not others.
While VPNs can help solve this problem, it can be tedious to set them up for specific purposes like this if you have to do it often. Luckily, [clashtherage] has created a router with a Raspberry Pi that takes care of all of the complicated VPN routing automatically. In much the same way that another RPi router we’ve seen eliminates ads from all of your internet traffic, this one takes all of your traffic and sends it to a locale of your choosing. (In theory one could use both at the same time.)
Obviously this creates issues for Netflix as a company, and indeed a number of services (like craigslist, for example) are starting to block access to their sites if they detect that a VPN is being used. Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on. If only IPv6 was finally implemented, we might have a solution for all of these issues.
> Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on.
“Internet” sees DRM as a damage and routes around it.
The physical version is like seeing a sinkhole open up next to you… You step back a fair bit and walk around/away from the sinkhole as quickly as possible… DRM is just a bunch of internet virtual volcanoes and sinkholes… They simply need to be walked around and sometimes they catch a few people out.
“Internet” see loss of content as well as quality and “complains about it” (routing optional).
How many people are going to follow those instructions blindly without checking they’re not sending all there passwords and credentials through a VPN that’s going to harvest them.
As it happens it’s going through vpngate.net
But I could be bothered to look at the supplied python script ando read that.
But who knows how legit the final VPN you are going to connect to is going to be?
User beware before doing something like this.
Shouldn’t you mention this in the hackaday article.
If you are in a really bad location they can just serve you a bad version of ‘http://www.vpngate.net/api/iphone/’, then you are open to security holes in openvpn config parsing and can possibly execute random commands as Root.
I assume you mean ‘couldn’t be bothered’?
Nope, I definetly looked through the python code. That’s how I know it uses vpngate.
“If only IPv6 was finally implemented, we might have a solution for all of these issues.”
That sentence seems rather important, but you do not explain it at all.
How can IPv6 fix intellectual property issues?
Or do you mean it just makes harder to detect VPN?
Basically, it can’t.
Not sure why the author thinks it’d help.
Trying to attempt a Benchoff has already been made into a difficult challenge:
Brian Benchoff has already set the standards for committing a Benchoff a bit too out of reach with this article… [Historic link]
Read that article then the comments on that article then read the article with the comments in mind…
If an editor can commit a worse Benchoff than that one… then give them a: Benchoff-of-the-year award!
And yet an slightly out of control thread where the topic is sex related is wiped to two comments and locked.
Benchoff’s got chunks of Benchoff in his stool! Can’t get more Benchoff than that. I think Benchoffing a Malkovitch can cause tearing and inflammation in the fabric of the universe.
The thing is… where is Annie to chip in here???
The biggest ISP in the BT quitely switched to ipv6 last year so it’s getting pretty common now.
Think the line was a joke.
One-click install and deploy Docker to an SSD cloud server in 55 seconds.
https://www.digitalocean.com
Become your own VPN provider in 15 minutes with Docker
https://blog.pgp.help/vpn/docker/2015/09/02/DIY-VPN-with-docker.html
I don’t necessary trust companies that use cloudfront.
Dan has the right idea here. Plenty of fantastic VPN server applications out there and plenty of places to install them. I’ve done this for years with a ton of success. Heck, depending on what you’re doing – you might even get away with running one out of your house.
Dan has the right idea here. Plenty of fantastic VPN server applications out there and plenty of places to install them. I’ve done this for years with a ton of success. Heck, depending on what you’re doing – you might even get away with running one out of your house.
How will IPv6 make this easier ? Will it magically make the whole licensing mess around audio/video go away ?
It will not. IPv6 is only a solution to NAT.
oops…
A slight slip of the mind there. It’s been several years since those ‘involved’ in the ‘mess’ finally admitted that IPv6 won’t eliminate the need for NAT even for ‘domestic’ users.
Plenty of ISP that offer IPv6 giver customers 256 IP’s or some such, that should certainly alleviate the need for using local IP’s in certain cases.
Problem is that there are plenty of cases where you don’t want a network using a public IP, especially in this day and age.
This message was either sent by me or some entity that hacked me, who knows ;/
I was under the impression that ISPs are supposed to give every customer a /56 or at least a /64 IPv6 prefix (subnet). The remaining bits (72 or 64 respectively) are distributed by the customer to his/her own devices (be it with IPv6-PrivacyExtensions, DHCPv6 or static).
Not just a meager 256 IPs (which would be just 8 bit or a /120 prefix).
@limroh it’s really hard for ISP to get into the IPv6 mindset. You know how they are.
@[Whatnot]
ISP’s don’t IPv6 while they can charge extortionist fees for IPv4.
IPv6 was created from a technical perspective and no consideration was given to a workable business model to replace the profits of IPv4.
They’ll do it like usual…
i) Whine they’re broke, and get tax breaks and subsidies from 1st world govs to do essential infrastructure upgrades.
ii) Actually do the bare minimum to get another couple of years out of it.
iii) Overcharge their customers for the new features, that were technically required to keep things going anyway.
iv) Export the literal truckloads of cash to build out gigabit in 3rd and 2nd world
Main thing about a VPN is it’s usually slower than my main connection, by quite a bit so it’s not an always on thing.
You can always put only part of your network on a VPN.
I believe it depends on the VPN and location. There are fast VPNs like the ones on this list https://vpnalert.com/fastest-virtual-private-network/
My internet connection is too fast to use a pi for this. I’d need a setup that can handle gigabit up and down.
My internet is split across three providers, one is reliable and slow, two are fast and flaky. The trip times are too different to but able to use tcp bonding for aggregation, and plain load balancing is too simple. E.g. I want to separate out http downloads from web viewing. Any suggestions? Packet inspection seems to be the way to go, but will be involved with https in the mix?
i believe astaro will do what you want.
Though it’s been bought by sophos now so ymmv
in fact i can’t even find a link to it so they’ve changed the name :0(
If anyone wants a quick ad-hoc VPN solution, I suggest sshuttle. Add an alias like
alias shuttle=”sshuttle –no-latency-control -r user@mydomain.com 0.0.0.0/0 -vv –dns”
The VPN war has been on for a while. The big contenders trying to make VPN hard to use are google and anything owned by google like gumtree and ebay. (ebay isn’t so bad). Another that comes to mind is Cloudflare and they’re probably the second worst after google.
Anything to do with google will pop up lots of captcha’s so I ignore those sites. The best thing that came from using a VPN is that I ditched the google search engine and now use several different search engines that specialize in one field only.
It doesn’t end with a VPN as you also have outbound DNS lookups and that is often used as a tool to detect peoples actual location. I use a DNS protected application which is simply called “DNS leak protection” but it has it’s limits to.
I have been using a VPN for a couple of years and wouldn’t turn back as we have permanent warrant-less internet access monitoring in my country and I don’t trust my government with my personal information.
Cheep or free VPN’s are a waste of time. You need to pay for the speed you want.
Look for VPNs that are provided in countries where you are legally afforded some privacy and not countries where the government can step in and demand information.
No, Some countries have very good privacy laws. Others only monitor some individuals with a warrant.
Some countries only monitor some individuals and don’t need a warrant.
In my country *everyone* who has an internet connection, be it broadband or mobile, is monitored and additionally the location of every cell phone is recorded every six minutes for *everyone*.
Not surprisingly my country has the highest per capita use of VPNs.
There is no handover procedure as I connect directly with the inside of an exit point in another country. All authentication is encrypted as well.
I have been using FrootVPN (https://frootvpn.com/) for the longest time now for a lot of security reasons. Even though the internet and its uses are constantly growing it seems like more and more threats are surfacing. Before getting a VPN wasnt exactly a necessity now it seems idiotic not to have one.
Kicking a dead horse again here as usual. This proposed solution bothers me on two fronts.
One is that it is hard coded to use vpngate which is not the vpn service I would prefer to use. Showing how to set up the openvpn would have been much more useful, but I am sure that can be found someplace else.
Two, and this one really bugs me, is it what I call a parallel solution. That is you still have all the traffic on the same wire and you are depending on client configuration for the vpn. This opens you up to both attacks on the client configuration and attacks on the router proper. I would much prefer having two NIC’s and the vpn is a passthrough device between your cable modem and yoru router. Much less chance of anything getting around it.
This also brings up an interesting Q regarding the pihole and it being the same side by side kind of deal. The pihole depends on client configuration. If it used two NIC’s it could just grab port 53 and do a bit of fixing to the packets to ensure that they all go to the DNS service that you want them to go through. This would also plug any leaks caused by apps doing their own DNS resolution instead of depending on system calls.
What would also be interesting in the pihole is having an online dns server that is very restrictive, like one of the pihole mega lists, and your pi just deals with sending the whitelisted stuff to your preferred DNS resolver and everything else to the restrictive DNS resolver. No need for your pi to do any heavy lifting or have a huge gravity list. It would give you more elbow room to put other stuff like the VPN in there.