DNS server and gateway by IP address and destination?
-
you can put in netblocks… Sure so if you know the networks that you would be going for netflix then you could put those into your alias.
Might be simpler to use a ! not rule -- so for example if there are site you know you want to go to that you don't use the vpn, then use a NOT rule that says hey if not going here, then use the vpn sort of rule.
If you want to circumvent regional restrictions for your devices that play netflix for example.. its just much easier to put in a policy so they use your vpn based upon their IP.
-
The problem is that Netflix is now blocking traffic coming from VPNs. So I would like to make use of a "smart DNS" service only to access Netflix, using my WAN interface, so that I can access content. For the remainder of the traffic to/from my set-top boxes (other than Netflix), I want to use my VPNclient interface and its associated DNS servers. Apart from Netflix, I do not want any other DNS lookups going to the "smart DNS" servers (concern re privacy/security/etc), and the traffic for Netflix cannot go out over the VPN interface. That's what I am trying to make work.
-
then point your client to your smartdns and don't route its traffic over your vpn..
-
Unfortunately, I still want the remainder of the traffic to exit via the VPN. I guess this is not possible, and the best course of action is to use a different device (with a different IP address on my LAN) to access netflix, and that device can use the WAN interface instead of the VPN.
-
The problem is that Netflix is now blocking traffic coming from VPNs.
From known VPN providers. Rent yourself a VPS for $5/month, configure OpenVPN on it and then connect to that instead of using a global provider. Netflix is only trying to appease content providers, so as long as you're not using a well-known VPN provider or one that advertises specifically for getting around geoblocking, you should be good.
-
Hmm. Very interesting suggestion. What are the privacy implications of this method? (I would suppose that all the traffic exiting from the VPS could easily be snooped and traced back to you, since it is not mixed with anyone else's traffic as it would be with a commercial VPN provider)
-
Hmm. Very interesting suggestion. What are the privacy implications of this method? (I would suppose that all the traffic exiting from the VPS could easily be snooped and traced back to you, since it is not mixed with anyone else's traffic as it would be with a commercial VPN provider)
Depends on what type of VPS it is. I have a few largely for test purposes from lowendspirit.com which are NAT-only IPv4 (with a handful of ports forwarded), public IPv6. In that case there are hundreds if not thousands of VPSes going out the same IPv4 IP.
-
What kind of throughput can you get if the VPN server is hosted on one of these VPS, and pfSense is the client?
-
It depends. I don't use them for VPN performance testing, or for VPN at all on any routine basis, but generally can get multi-hundred Mbps Internet and maybe 100 Mb VPN. At ~$5 USD/year per VPS, you can't expect consistently top notch performance.
-
I will definitely look into this possibility.
-
I just tested download throughput from my VPS and it almost saturated my 30 Mbps link. VPN would add some overhead to that, but it's still good enough for me.
-
I run multiple vps, low end can be had for a lot less than $5 a month… I have multiples in the $15 a year range, couple at $12 a year and 1 even at $6 a year (but they no longer sell at this price).
Installing openvpn access server on them is click click.. You don't need all that much to move some packets around.. My $15 a year vps come with 500GB a month xfer..
Happy to send your some referral links if you want, the $15 a year comes with IPv6 as well.
-
Happy to send your some referral links if you want, the $15 a year comes with IPv6 as well.
Please post them publicly. I'd be interested in not just cheap VPS but reliable from your point of view.
