alt Hacker NewsImgur Geo-Blocked the UK, So I Geo-Unblocked My Network
Comments
I was hoping, from the title ("Geo-Unblocked") that this would be about arranging an IP address block that wasn't associated with the UK, rather than just selectively running some traffic through a VPN.
"Is this overkill for viewing the occasional Imgur image? Probably."
From the last couple of weeks of researching some stuff, it makes perfect sense - I keep stumbling across blogs and documentation that uses Imgur, and it's really quite annoying that I can't see the screenshot or image that is being referenced. It hasn't /quite/ hit the point to put something in place, but this is super helpful for the final straw - when it comes!
> First, I just upgraded to 2.5 Gbps internet and I don’t want to route all my traffic through a VPN and take the speed hit. I have this bandwidth for a reason
You don't have to. You create a container which runs openvpn to connect to your vpn provider, and also hosts an ssh daemon. The ssh daemon receives incoming SOCKS5 connections from a firefox portable browser, which has been configured to use the proxy (your Docker openvpn-container) for browsing and DNS resolution, and pipes it through the VPN tunnel.
So you have that one browser just to surf imgur. if that's your thing. And you could also use Firefox on Android (maybe also iOS) with those proxy settings (a secondary Firefox browser, like the beta version).
So you get very high control about what you are using the VPN for, you don't just pipe your entire OS's network traffic through the VPN.
I've done similar. But I just used PBR (policy based routing) on my OpenWRT router. Took about 15 minutes to set it up. You can pick which domains go through VPN. Works great.
I feel like I'd rather solve this with a proxy PAC file. I recently started using this on airplane Wi-Fi where they'd block VPNs, but strangely not SSH. Dynamic forwarding with a good PAC to "direct" connect the onboard entertainment and flight tracking hosts/URLs works great!
So you are just a simple GB citizen and some external site blocked access by country affiliation?! Is there any practical reason for blocking access to that site by geotargeting?
a-ha, if you happen to have a Unifi router then a simpler setup would be to do policy based routing by hostnames through a vpn client maintained in the router config
Nice work.
I've thought about doing something similar as well! It drives me nuts this ban, everywhere I look I see these blocked images. I thought about making a chrome extension that proxies.
Could this be built into open source routers? If you wanted to get fancy you could even select the best VPN for the particular service.
I've not managed to succesfully use a VPN to get around the geoblock. It seems that most of VPN exit nodes are also blocked (but in a different way)
Interesting. I have nextdns.io and VPN proxy and a unifi router. Is this possible for me?
This is quite easy with OpenWRT.
Install the Wireguard packages, create a connection to your VPN of choice in a nearby country (I chose Sweden). Then I used the "vpn-policy-routing" package to route Imgur IPs (199.232.196.193 199.232.192.193) through the VPN.
Works for websites that keep nagging you for age verification too.
But seriously, it's been more emotional than I'd expected to get my cat memes back.
For some reason T-Mobile in the Bay Area can get randomly geoIPed to the UK so imgur just randomly breaks on my phone. Marvelous
Another thing that you can do when you have the IP address range is just run a traditional split-tunnel. A simple way to do that is to run Wireguard on a cheap VPS, then have only traffic to those fixed IPs go to that tunnel. The nice thing about this is that tiny WiFi routers (e.g. hAP AX S) these days support Wireguard at pretty decent speeds. Then anyone on your network gets this, and if you want it while you roam you can just run the Wireguard VPN on your phone as well with the same rules.
Great work! Perhaps not the appropriate OSI layer, but would be cool if this could pull the imgur blob from the wayback machine if unavailable on imgur proper. You'd still need this networking setup, as archive.org is blocked as well in the UK per ground truth from others on HN.
Imagine having to install a vpn to browse the internet in a first world country.
[dead]
[dead]
[dead]
> ⌘+F, "vote", Not found
Seems the author forgot one step.
> Second, even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy.
This is what routers are for. My router (a cheap fanless box with several network ports running linux) is the only thing on my network that knows there's a VPN. I can selectively route whatever I want through it, including having a separate SSID/VLAN from which everything is routed through the VPN. It's wireguard based so there's no "installing a VPN", just an interface/network configured in systemd-networkd (once, on the router).
Edit: Routing by domain name could be tricky, though. I haven't had a need for that, and a proxy with local DNS override (as in the article) might needed if it came to that. I'd still do it on the router, though.