OSA - VPN Discussion
Discussion
This is a more 'technical' discussion on defeating the 'protections' of OSA, particularly re VPN's. Not interested in opinions, stick them in the NP&E forum.
Also, to be clear, this isn't particularly about Porn but relating to a good bit of the other things that are getting caught up in it.
I don't really want to send ALL traffic out via a VPN, and I also do not really want to do it on a per device basis (but may do that in future).
Right now, for my main gateway, I use OPNsense on a Proxmox VM. I have set up a VPN gateway (to NordVPN for now, likely to change to Mullvad with Wireguard, but I had NordVPN) on it and created a firewall rule to direct all traffic to certain websites out via that gateway.
It seems to work ok for Reddit and Discord, even when I am remote and sending traffic back through tailscale and using my home network as the exit. I have had to inspect the traffic when going to both to make sure all the domains and subdomains are captured (you would be surprised at how many they both use).
I have spoken to a friend who has a Ubiquiti Unifi Cloud Gateway Fibre and apparently it works with policy based routing (what I am doing above) well and their support page does indicate host policy based routing is directly supported if using the DNS on the device, although his goes via adguard (mine goes via pihole), but does work. My only issue with moving to that is I already have OPNsense and the Cloud Gateway is £240. I guess the question is, is it worth it? Is it that much better/more reliable?
Anyone doing anything else, just sending it all out via a VPN etc or have a more elegant solution?
Also, to be clear, this isn't particularly about Porn but relating to a good bit of the other things that are getting caught up in it.
I don't really want to send ALL traffic out via a VPN, and I also do not really want to do it on a per device basis (but may do that in future).
Right now, for my main gateway, I use OPNsense on a Proxmox VM. I have set up a VPN gateway (to NordVPN for now, likely to change to Mullvad with Wireguard, but I had NordVPN) on it and created a firewall rule to direct all traffic to certain websites out via that gateway.
It seems to work ok for Reddit and Discord, even when I am remote and sending traffic back through tailscale and using my home network as the exit. I have had to inspect the traffic when going to both to make sure all the domains and subdomains are captured (you would be surprised at how many they both use).
I have spoken to a friend who has a Ubiquiti Unifi Cloud Gateway Fibre and apparently it works with policy based routing (what I am doing above) well and their support page does indicate host policy based routing is directly supported if using the DNS on the device, although his goes via adguard (mine goes via pihole), but does work. My only issue with moving to that is I already have OPNsense and the Cloud Gateway is £240. I guess the question is, is it worth it? Is it that much better/more reliable?
Anyone doing anything else, just sending it all out via a VPN etc or have a more elegant solution?
I used to laugh at the Chinese...
If you don't want to move your whole network gateway to VPN, there's a useful Docker container named DelugeVPN which contains Privoxy and everything needed to route via a VPN connection. If you wish to use VPN then you flick your browser over to use the proxy.
If you don't want to move your whole network gateway to VPN, there's a useful Docker container named DelugeVPN which contains Privoxy and everything needed to route via a VPN connection. If you wish to use VPN then you flick your browser over to use the proxy.
Scolmore said:
I used to laugh at the Chinese...
If you don't want to move your whole network gateway to VPN, there's a useful Docker container named DelugeVPN which contains Privoxy and everything needed to route via a VPN connection. If you wish to use VPN then you flick your browser over to use the proxy.
That's not what he's done. He's used selective routing (presumably for IP blocks) that means 'ordinary' traffic goes via his ISPs gateway, and anything requiring age verification is routed via a VPN in a different country.If you don't want to move your whole network gateway to VPN, there's a useful Docker container named DelugeVPN which contains Privoxy and everything needed to route via a VPN connection. If you wish to use VPN then you flick your browser over to use the proxy.
Totally seamless and not requiring any browser or WiFi switch to access 'age appropriate' content.
jan8p said:
Pretty much the same. How are you listing the sites to route? I have the CIDR ranges in an alias and then referencing that in the firewall rule. Works OK.
For now I've done it with the actual FQDNs. I have had to look through DNS lookups when accessing the sites to make sure I have captured everything (Discord in particular had some odd domains).I did reduce the refresh time on the IPs for the aliased FQDNs to 30 seconds (default is 5 minutes).
I think if I wanted many more sites I may have to go with CIDR blocks.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff