Geo routing of packets based on destination IP

The other day I was just thinking and had a complicated thought that I am not sure is possible. I was wondering, many of us have to run VPNs to access sites or applications in other countries. I was thinking, just for thinking, if it would be possible to create tunnels to different countries that would have different internet IP addresses, and then have routing inside of the LAN to select which of the tunnels, or local interface, to use based on the destination IP address of the request. Has anyone seen something like this? It is probably very complicated but as a thought process, it was interesting.

You can mark traffic matching a specific country:
https://openwrt.org/packages/pkgdata/iptables-mod-geoip
And then utilize PBR to route the marked traffic to a specific interface.
However, running multiple VPNs can be problematic and not worth the hassle.

4 Likes

Very interesting. I will explore it. Thank you very much for the answer. Can I bother you for an explanation as to why you think it is not worth the hassle to run multiple VPNs? I am curious.

To add to @vgaetera reply, you can use your own custom script to vpn-policy-routing (which is one of the methods to achieve PBR), so you can utilize ipsets/tables created by VPR.

1 Like

Thank you very much. I will really look into this. It is fascinating.

In short, it raises the level of complexity and increases resource consumption but provides no substantial benefits, since major content providers typically already have geographically distributed CDNs.
In addition, it can be unreliable and may even work incorrectly for some sites, such as those that utilize CDNs and DNS-based load balancing.

1 Like

Makes sense. Thank you.

1 Like

True, if you want to use multiple VPNs for example to bypass geo-blocking then it's probably a good idea to use proxies. If the proxies look up DNS names using the same VPN connection it may work better.

1 Like