I am looking for a solution to encrypt my data like a VPN does for all wireless communication but not worried at all about changing my location. I dont want/need it for anonymous purposes, just privacy reasons (like encryption). I would prefer it to be open-source and trusted by a community and of course work with latest version of lede. Is their such a thing developed yet? I heard about freelan but from what i saw, doesn't seem to match with what im looking for, since doesn't even look to work on routers. I would be fine with a VPN but services like netflix and a lot more (especially amazon) tries to block its usage which makes me have to go through a lot of workarounds and I would rather it be automatic and not have to disable/re-enable anytime to access something if that makes sense.
Right now I have 2 seperate 2.4GHz bands setup, 1 connected to lan, the other connected to what i labelled VPNOFF. The lan connected to nordvpn via OpenVPN all the time setup with its custom DNS servers and a kill switch script 'firewall.user' and the other just has ISP dns's and VPN-Bypass installed to allow it to bypass VPN for specific device IP's. The problem with this route is of course having to switch between them on same devices sometimes just to watch netflix or access amazon. As well as the VPNOFF isn't setup with lan access since I couldn't properly get it to work right so on that network I can't access other devices on the lan which is downside especially for chromecast and that.
I'm hoping of a better solution still, if you know of anything, like an encryption only service?
you want encryption between where and where? it can't be end to end unless both ends utilize it. ie HTTPS so are you just talking about the over the air portion? if so use wpa2 and aes (ccmp). otherwise I don't understand what you want.
Yes, I understand it cant be true end 2 end but the encryption part as a VPN uses, like the over the air portion. I have more trust in a VPN provider than I do my ISP for good reasons. I heard about a VPN provider, cant recall its names that truely open-source, they claim to be open-source 100% to know their not logging data in software or server side but again it does change your location which would render netflix and that useless in that case and this one cant be setup on router. Would be nice to have something that encrypts data before it leaves router, transmits to a server where decrypted then goes to its destination similar to a VPN but without changing location (IP address), if it were open source and trusted that would be better rather than having to trust a 'no logging policy'. Reason i asked this is because I dont know all the technical limitations on this, just what I figured would be better in my case if possible
Basic Internet routing will prevent that, as the return packets would go directly to your router.
Setting up a VPN server on a virtual server (DigitalOcean, as one example), would let you have control of the software and logging, as well as letting you select the country and/or location of the end point.
To get an idea of what's involved, https://www.digitalocean.com/community/tags/vpn?type=tutorials is one resource.
your home IP address belongs to your ISP so it is routed to your ISP, no other machine on the internet can have that IP. so your goal is not possible.
however as Jeff says you can set up your own VPS and route through that, however it will use an IP belonging to the VPS provider.
In order to hide stuff from your ISP, you have to VPN to a trusted third party that is outside the ISP's network.
This will then go to Netflix, etc. from the third party's IP address, meaning your usage appears to originate from their location. "Your" IP address is reserved for the connection to your ISP. You can't move your IP address to somewhere else.
I was consider using a VPS before, I actually purchased a package for some time testing it but decided not to as it was to complex for what I wanted to deal with at the moment. If I decided to continue normal VPN use, would there be any easier way to use services like netflix and amazon without going through 100 workarounds all the time? I was born and rasied in the US, never been out of the country and have no need or care to access geo restricted content, however yes I know that if on VPN netflix wont know for sure but i would like to continue using VPN if wasn't for all this trouble (It doesn't just cause problems for me, but the others who live with me sharing the internet).
If geo-location is the problem, "rent" a VPN service with a US-based or locally based end point.
I'm not sure exactly what you mean by that, servers that I connected to are all based in the US. Right now, it's California. The company (NordVPN) is based in Panama, not sure if that would make a difference but according to them Netflix blocks VPN usage by IP address, if they detect multiple uses of the same IP then they will blacklist it over possible VPN usage, switching servers fixes this (at least temporarily). They said if I bought a dedicated IP address from them it may fix it, if this is the only case but can't be 100% sure. i may have to resort to use something like the Fire TV for entertainment services, using network with VPN off for this device only, every other device connected to VPN ON network however this process isn't the funnest to deal with either, but I guess every upside has a downside
I think you have the gist of it just about right. Netflix bans IPs they suspect of being a VPN service, so that people in say Europe can't watch American Netflix content... the whole thing sucks eggs.
rent a VPS, use wireguard which is far easier and better than OpenVPN, and tunnel your browsing through the VPS. it's probably the easiest solution.
another method is to set up a proxy such as squid on your network. then have squid go direct to these sites like Netflix, and send all other sites through your nord vpn.
Thank you, I will take a look into doing that.
As for a VPS, do you think using a seperate computer I have using something like Ubuntu Server Edition would work for tunneling all the traffic using wireguard (assuming its a powerful enough pc, always on and connected)? Since I do have another pc I could use, i didn't know if in the meantime I could avoid paying another monthly fee, at least until I know how to get it properly setup and configured and then I could decide to rent a VPS for convenience. I am very concerned about privacy, I mean my computers are all encrypted with luks, my external devices with VeraCrypt, long passwords and you know the drill. So renting a VPS, not like I can do full disk encryption in a secure way which just means I have to be careful I don't put anything remotely sensitive on it. I dont have all the free time i'd like now to mess around with it which Is why i want to avoid more monthly fees until its setup in an automatic, set it and forget it way.
given your concerns it might be best to get a good fast router, run squid on it, and set up a commercial VPN. then squid directs Netflix and Amazon streaming and etc directly and sends all other browsing through the VPN. also all other traffic can go via VPN. the big concern is to choose a provider you trust.
doing this requires an explicit proxy config on the clients.
in squid you use tcp_outgoing_address to specify source address of your VPN device
I will look into squid as the first one then, however I use netflix and those streaming services primarily on the amazon fire tv which has limited methods of device modification, so maybe proxy configs are possible on it if your talkinb about proxy option you get while in the wifi network selection. I do have VPN-Policy-Routing install on lede although I can only seem to bypass VPN for specific device IP's. Whenever adding a site like netflix.com (Well this was actually with VPNBypass by same developers) typing in /netflix.com/vpnbypass as they states did not work. Although it worked for speedtest by adding /speedtest.net/vpnbypass other people from this forum told me its caused because netflix has many different sub-addresses when accessing their site which makes sense.
yes that's right. also Netflix content doesn't come from netflix.com but rather some other site like nflxcdn.net or whatever. you will have to do some investigation.
the reason to use a proxy is exactly that it can set policy based on domain name rather than IP address.
I think im starting to understand more, but ive never had a use before for using a proxy and dont know much about it's setup and use. I will go ahead and install squid on my router now. According to its github page, thats opkg install squid through ssh, which im looging in at the moment.
Thanks for your help, i think i can take it from here
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.