Untether from Your Location With A VPN

By now, most of us know the perks of using a VPN: they make private one’s online activity (at least from your ISP’s point of view, probably), and they can also make it appear as if you are in a different locale than you physically are. This is especially important for trying to watch events such as the Olympics which might air different things at different times in different countries. It’s also starting to be an issue with services like Netflix which allow content in some areas but not others.

While VPNs can help solve this problem, it can be tedious to set them up for specific purposes like this if you have to do it often. Luckily, [clashtherage] has created a router with a Raspberry Pi that takes care of all of the complicated VPN routing automatically. In much the same way that another RPi router we’ve seen eliminates ads from all of your internet traffic, this one takes all of your traffic and sends it to a locale of your choosing. (In theory one could use both at the same time.)

Obviously this creates issues for Netflix as a company, and indeed a number of services (like craigslist, for example) are starting to block access to their sites if they detect that a VPN is being used. Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on. If only IPv6 was finally implemented, we might have a solution for all of these issues.

38 thoughts on “Untether from Your Location With A VPN

  1. > Of course, this only leads to an arms race of VPNs being blocked, and them finding ways around the obstacles, and on and on.

    “Internet” sees DRM as a damage and routes around it.

    1. The physical version is like seeing a sinkhole open up next to you… You step back a fair bit and walk around/away from the sinkhole as quickly as possible… DRM is just a bunch of internet virtual volcanoes and sinkholes… They simply need to be walked around and sometimes they catch a few people out.

  2. How many people are going to follow those instructions blindly without checking they’re not sending all there passwords and credentials through a VPN that’s going to harvest them.

    As it happens it’s going through vpngate.net
    But I could be bothered to look at the supplied python script ando read that.
    But who knows how legit the final VPN you are going to connect to is going to be?
    User beware before doing something like this.

    Shouldn’t you mention this in the hackaday article.

    1. If you are in a really bad location they can just serve you a bad version of ‘http://www.vpngate.net/api/iphone/’, then you are open to security holes in openvpn config parsing and can possibly execute random commands as Root.

  3. “If only IPv6 was finally implemented, we might have a solution for all of these issues.”
    That sentence seems rather important, but you do not explain it at all.
    How can IPv6 fix intellectual property issues?
    Or do you mean it just makes harder to detect VPN?

      1. Trying to attempt a Benchoff has already been made into a difficult challenge:
        Brian Benchoff has already set the standards for committing a Benchoff a bit too out of reach with this article… [Historic link]

        Read that article then the comments on that article then read the article with the comments in mind…
        If an editor can commit a worse Benchoff than that one… then give them a: Benchoff-of-the-year award!

        1. Benchoff’s got chunks of Benchoff in his stool! Can’t get more Benchoff than that. I think Benchoffing a Malkovitch can cause tearing and inflammation in the fabric of the universe.

    1. Dan has the right idea here. Plenty of fantastic VPN server applications out there and plenty of places to install them. I’ve done this for years with a ton of success. Heck, depending on what you’re doing – you might even get away with running one out of your house.

    2. Dan has the right idea here. Plenty of fantastic VPN server applications out there and plenty of places to install them. I’ve done this for years with a ton of success. Heck, depending on what you’re doing – you might even get away with running one out of your house.

      1. oops…

        A slight slip of the mind there. It’s been several years since those ‘involved’ in the ‘mess’ finally admitted that IPv6 won’t eliminate the need for NAT even for ‘domestic’ users.

        1. Plenty of ISP that offer IPv6 giver customers 256 IP’s or some such, that should certainly alleviate the need for using local IP’s in certain cases.
          Problem is that there are plenty of cases where you don’t want a network using a public IP, especially in this day and age.

          This message was either sent by me or some entity that hacked me, who knows ;/

          1. I was under the impression that ISPs are supposed to give every customer a /56 or at least a /64 IPv6 prefix (subnet). The remaining bits (72 or 64 respectively) are distributed by the customer to his/her own devices (be it with IPv6-PrivacyExtensions, DHCPv6 or static).
            Not just a meager 256 IPs (which would be just 8 bit or a /120 prefix).

          2. @[Whatnot]

            ISP’s don’t IPv6 while they can charge extortionist fees for IPv4.

            IPv6 was created from a technical perspective and no consideration was given to a workable business model to replace the profits of IPv4.

          3. They’ll do it like usual…
            i) Whine they’re broke, and get tax breaks and subsidies from 1st world govs to do essential infrastructure upgrades.
            ii) Actually do the bare minimum to get another couple of years out of it.
            iii) Overcharge their customers for the new features, that were technically required to keep things going anyway.
            iv) Export the literal truckloads of cash to build out gigabit in 3rd and 2nd world

  4. My internet is split across three providers, one is reliable and slow, two are fast and flaky. The trip times are too different to but able to use tcp bonding for aggregation, and plain load balancing is too simple. E.g. I want to separate out http downloads from web viewing. Any suggestions? Packet inspection seems to be the way to go, but will be involved with https in the mix?

  5. The VPN war has been on for a while. The big contenders trying to make VPN hard to use are google and anything owned by google like gumtree and ebay. (ebay isn’t so bad). Another that comes to mind is Cloudflare and they’re probably the second worst after google.

    Anything to do with google will pop up lots of captcha’s so I ignore those sites. The best thing that came from using a VPN is that I ditched the google search engine and now use several different search engines that specialize in one field only.

    It doesn’t end with a VPN as you also have outbound DNS lookups and that is often used as a tool to detect peoples actual location. I use a DNS protected application which is simply called “DNS leak protection” but it has it’s limits to.

    I have been using a VPN for a couple of years and wouldn’t turn back as we have permanent warrant-less internet access monitoring in my country and I don’t trust my government with my personal information.

    Cheep or free VPN’s are a waste of time. You need to pay for the speed you want.

    Look for VPNs that are provided in countries where you are legally afforded some privacy and not countries where the government can step in and demand information.

    1. No, Some countries have very good privacy laws. Others only monitor some individuals with a warrant.

      Some countries only monitor some individuals and don’t need a warrant.

      In my country *everyone* who has an internet connection, be it broadband or mobile, is monitored and additionally the location of every cell phone is recorded every six minutes for *everyone*.

      Not surprisingly my country has the highest per capita use of VPNs.

  6. Kicking a dead horse again here as usual. This proposed solution bothers me on two fronts.

    One is that it is hard coded to use vpngate which is not the vpn service I would prefer to use. Showing how to set up the openvpn would have been much more useful, but I am sure that can be found someplace else.

    Two, and this one really bugs me, is it what I call a parallel solution. That is you still have all the traffic on the same wire and you are depending on client configuration for the vpn. This opens you up to both attacks on the client configuration and attacks on the router proper. I would much prefer having two NIC’s and the vpn is a passthrough device between your cable modem and yoru router. Much less chance of anything getting around it.

    This also brings up an interesting Q regarding the pihole and it being the same side by side kind of deal. The pihole depends on client configuration. If it used two NIC’s it could just grab port 53 and do a bit of fixing to the packets to ensure that they all go to the DNS service that you want them to go through. This would also plug any leaks caused by apps doing their own DNS resolution instead of depending on system calls.

    What would also be interesting in the pihole is having an online dns server that is very restrictive, like one of the pihole mega lists, and your pi just deals with sending the whitelisted stuff to your preferred DNS resolver and everything else to the restrictive DNS resolver. No need for your pi to do any heavy lifting or have a huge gravity list. It would give you more elbow room to put other stuff like the VPN in there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.