Is there a way for some devices to be appeared in diffrent geo location?
-
Hi there!
I have a PFS running in UK and another in USA - is there a way for some of the devices in UK network appeared to be in USA, using the USA pfSense as DNS server or using some other tricks? This is for the family members, what they visit UK and wants to watch some US specific stuff (e.g. Netflix USA, Hulu etc.). What's the best way achieving that or possible at all?
I have an experimental pi-hole running in both side, whcih I can use as well if it's not possible using native PFS service.
-S
-
Setup a VPN between them, route client traffic across it. Make sure the DNS servers in use by the clients are at the remote side.
Your mileage may vary here because providers spend big money to stop you doing that. Systems are becoming better at detecting such bypasses. And we can't encourage it anyway!
-
@stephenw10 said in Is there a way for some devices to be appeared in diffrent geo location?:
And we can't encourage it anyway!
I understand the concern but it's just for some odd cases when travelling to different countries.
I already have a site-to-site Wiregurd running and as far as I have experienced, it requires a full-tunnel setup, which I didn't able to figureout how to do that with WG. Thus, I can access the PFS on the site-B from the configured network on site-A but the device has to assume the public IP on site-B to get this working, right? Is it possible using site-to-site for some specific devices in a particular VLAN?
-
Yes, you just need some policy routing in place at the local end and the required outbound NAT rules at the remote end.
-
thanks @stephenw10!
Is there any example/document you can point me to follow pls?-S
-
There might not be something specific for wireguard but anything routed connection would be configured similarly.
What have you tried so far?
-
I haven't tried anything specific yet, as I know when I use dial-in VPN, I assume the remote IP address and everythig works but couldn't figure out how to do that in site-to-site, as mentioned before.
re policy based routing, I could only find this page:
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.htmlwhich is basically for multi-WAN setup; so was wondering if that would be any good for my purpose.
-
Yes, that applies to the local side where the VPN would effectively be the other WAN.
At the remote side you just need firewall rules to pass the traffic coming in over the VPN and outbound NAT rules to translate it at the WAN. The OBN rules may already be added.
Try routing some traffic from a single client. Start a ping to something unique then check the states at both ends.
