Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Netbúnaður, uppsetningar, WAN, LAN, heimanet og internet.
Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf Sallarólegur » Lau 18. Jan 2020 16:12



Ég er með ExpressVPN vegna Netflix, Hulu ofl. í Apple TV.

Mig langar að geta skipt um sjónvarpsbox og haft WIFI tækin á VPN án þess að þurfa að stilla hvert og eitt, en til dæmis að hafa PC leikjavélina á venjulega netinu. Sum sjónvörp og TV box leyfa manni ekki einu sinni að stilla DNS á sér, svo þetta þyrfti að gerast í router/switch eða hvar sem þetta er gert.

Fyrsta skrefið væri að setja WIFI á VPN en hafa wired tæki á venjulega ISP.

Hvernig græja ég þetta? Þarf ég að kaupa einhverjar græjur í þetta?

Ég er með Edgerouter X, TOUGHSwitch, Unifi AP.

EDIT:
Hér er config sem virkar. Setur tæki 192.168.1.150-199 á ExpressVPN (sjá leiðbeiningar neðar) nema íslensk traffík og nokkrir Amazon þjónar(vegna NovaTV) fara í gegnum ISP.

http://www.expressvpn.com > My Account > Set Up on More Devices/Set up on all your devices > See all devices > Manual Config > Manual Configuration
> OpenVPN >

Búa til textaskrá sem heitir user-pass.txt og setja Username á fyrstu línu og Password á næstu línu
user-pass.txt skrifaði:qgmtbnknkwjensq2h8qdx42n
4bhi78j3i12j7vweboejjj8e


Sækja eina OpenVPN skrá úr leiðbeiningunum, New York - 2, og skýra hana express.ovpn:
2. Download one or more OpenVPN configuration files for your account. The following locations are available:

Breyta einni línu í express.ovpn (auth-user-pass) til að nota user/pass.
auth-user-pass /config/auth/user-pass.txt ; route-nopull

Sækja WinSCP, tengjast router, setja skrárnar í /config/auth/
Sækja Putty, tengjast router og keyra þessar línur:

Kóði: Velja allt

configure

set firewall group network-group sendToInternetGroup network 13.224.0.0/14
set firewall group network-group sendToInternetGroup network 143.204.0.0/16
set firewall group network-group sendToInternetGroup network 5.23.64.0/19
set firewall group network-group sendToInternetGroup network 5.252.12.0/22
set firewall group network-group sendToInternetGroup network 31.15.112.0/21
set firewall group network-group sendToInternetGroup network 31.209.136.0/21
set firewall group network-group sendToInternetGroup network 31.209.144.0/20
set firewall group network-group sendToInternetGroup network 31.209.192.0/18
set firewall group network-group sendToInternetGroup network 37.152.64.0/21
set firewall group network-group sendToInternetGroup network 37.205.32.0/21
set firewall group network-group sendToInternetGroup network 37.235.49.0/24
set firewall group network-group sendToInternetGroup network 46.22.96.0/20
set firewall group network-group sendToInternetGroup network 46.28.152.0/21
set firewall group network-group sendToInternetGroup network 46.182.184.0/21
set firewall group network-group sendToInternetGroup network 46.239.192.0/18
set firewall group network-group sendToInternetGroup network 62.145.128.0/19
set firewall group network-group sendToInternetGroup network 77.73.32.0/22
set firewall group network-group sendToInternetGroup network 77.83.108.0/22
set firewall group network-group sendToInternetGroup network 78.40.248.0/21
set firewall group network-group sendToInternetGroup network 79.171.96.0/21
set firewall group network-group sendToInternetGroup network 80.248.16.0/20
set firewall group network-group sendToInternetGroup network 80.249.116.0/22
set firewall group network-group sendToInternetGroup network 81.15.0.0/17
set firewall group network-group sendToInternetGroup network 82.112.64.0/19
set firewall group network-group sendToInternetGroup network 82.148.64.0/19
set firewall group network-group sendToInternetGroup network 82.221.0.0/16
set firewall group network-group sendToInternetGroup network 83.173.0.0/18
set firewall group network-group sendToInternetGroup network 85.116.64.0/19
set firewall group network-group sendToInternetGroup network 85.197.192.0/18
set firewall group network-group sendToInternetGroup network 85.220.0.0/17
set firewall group network-group sendToInternetGroup network 87.237.32.0/21
set firewall group network-group sendToInternetGroup network 88.149.0.0/17
set firewall group network-group sendToInternetGroup network 88.151.48.0/21
set firewall group network-group sendToInternetGroup network 89.17.128.0/19
set firewall group network-group sendToInternetGroup network 89.104.128.0/19
set firewall group network-group sendToInternetGroup network 89.160.128.0/17
set firewall group network-group sendToInternetGroup network 91.199.134.0/24
set firewall group network-group sendToInternetGroup network 91.208.22.0/24
set firewall group network-group sendToInternetGroup network 91.216.255.0/24
set firewall group network-group sendToInternetGroup network 91.220.110.0/24
set firewall group network-group sendToInternetGroup network 92.43.192.0/21
set firewall group network-group sendToInternetGroup network 93.95.72.0/21
set firewall group network-group sendToInternetGroup network 93.95.224.0/21
set firewall group network-group sendToInternetGroup network 94.142.152.0/21
set firewall group network-group sendToInternetGroup network 94.198.48.0/23
set firewall group network-group sendToInternetGroup network 94.250.244.0/22
set firewall group network-group sendToInternetGroup network 128.140.232.0/21
set firewall group network-group sendToInternetGroup network 130.208.0.0/16
set firewall group network-group sendToInternetGroup network 139.28.0.0/22
set firewall group network-group sendToInternetGroup network 141.98.144.0/22
set firewall group network-group sendToInternetGroup network 147.78.128.0/22
set firewall group network-group sendToInternetGroup network 149.3.164.0/22
set firewall group network-group sendToInternetGroup network 149.126.80.0/21
set firewall group network-group sendToInternetGroup network 151.236.24.0/24
set firewall group network-group sendToInternetGroup network 153.92.128.0/19
set firewall group network-group sendToInternetGroup network 157.97.0.0/19
set firewall group network-group sendToInternetGroup network 157.157.0.0/16
set firewall group network-group sendToInternetGroup network 160.20.214.0/23
set firewall group network-group sendToInternetGroup network 160.210.0.0/16
set firewall group network-group sendToInternetGroup network 176.10.32.0/21
set firewall group network-group sendToInternetGroup network 176.57.224.0/20
set firewall group network-group sendToInternetGroup network 178.19.48.0/20
set firewall group network-group sendToInternetGroup network 178.248.16.0/21
set firewall group network-group sendToInternetGroup network 185.21.16.0/22
set firewall group network-group sendToInternetGroup network 185.24.0.0/22
set firewall group network-group sendToInternetGroup network 185.25.252.0/22
set firewall group network-group sendToInternetGroup network 185.27.36.0/22
set firewall group network-group sendToInternetGroup network 185.29.196.0/22
set firewall group network-group sendToInternetGroup network 185.30.184.0/22
set firewall group network-group sendToInternetGroup network 185.35.244.0/23
set firewall group network-group sendToInternetGroup network 185.40.120.0/22
set firewall group network-group sendToInternetGroup network 185.44.240.0/22
set firewall group network-group sendToInternetGroup network 185.56.12.0/22
set firewall group network-group sendToInternetGroup network 185.67.84.0/22
set firewall group network-group sendToInternetGroup network 185.67.180.0/22
set firewall group network-group sendToInternetGroup network 185.86.220.0/22
set firewall group network-group sendToInternetGroup network 185.93.156.0/22
set firewall group network-group sendToInternetGroup network 185.107.60.0/22
set firewall group network-group sendToInternetGroup network 185.109.100.0/22
set firewall group network-group sendToInternetGroup network 185.111.36.0/22
set firewall group network-group sendToInternetGroup network 185.112.144.0/22
set firewall group network-group sendToInternetGroup network 185.112.204.0/22
set firewall group network-group sendToInternetGroup network 185.118.32.0/22
set firewall group network-group sendToInternetGroup network 185.119.124.0/22
set firewall group network-group sendToInternetGroup network 185.123.196.0/22
set firewall group network-group sendToInternetGroup network 185.126.60.0/22
set firewall group network-group sendToInternetGroup network 185.138.172.0/22
set firewall group network-group sendToInternetGroup network 185.152.116.0/22
set firewall group network-group sendToInternetGroup network 185.154.116.0/22
set firewall group network-group sendToInternetGroup network 185.159.158.0/24
set firewall group network-group sendToInternetGroup network 185.169.188.0/23
set firewall group network-group sendToInternetGroup network 185.174.176.0/22
set firewall group network-group sendToInternetGroup network 185.177.132.0/22
set firewall group network-group sendToInternetGroup network 185.179.76.0/22
set firewall group network-group sendToInternetGroup network 185.191.232.0/22
set firewall group network-group sendToInternetGroup network 185.198.144.0/22
set firewall group network-group sendToInternetGroup network 185.202.180.0/22
set firewall group network-group sendToInternetGroup network 185.219.148.0/22
set firewall group network-group sendToInternetGroup network 185.221.176.0/22
set firewall group network-group sendToInternetGroup network 185.221.232.0/22
set firewall group network-group sendToInternetGroup network 185.240.40.0/22
set firewall group network-group sendToInternetGroup network 185.248.120.0/22
set firewall group network-group sendToInternetGroup network 192.30.37.0/24
set firewall group network-group sendToInternetGroup network 192.71.218.0/24
set firewall group network-group sendToInternetGroup network 192.147.34.0/24
set firewall group network-group sendToInternetGroup network 192.253.250.0/24
set firewall group network-group sendToInternetGroup network 193.4.0.0/16
set firewall group network-group sendToInternetGroup network 193.107.84.0/22
set firewall group network-group sendToInternetGroup network 193.109.16.0/20
set firewall group network-group sendToInternetGroup network 194.31.61.0/24
set firewall group network-group sendToInternetGroup network 194.105.224.0/19
set firewall group network-group sendToInternetGroup network 194.144.0.0/16
set firewall group network-group sendToInternetGroup network 195.130.193.0/24
set firewall group network-group sendToInternetGroup network 199.195.118.0/24
set firewall group network-group sendToInternetGroup network 212.30.192.0/18
set firewall group network-group sendToInternetGroup network 212.126.224.0/19
set firewall group network-group sendToInternetGroup network 213.167.128.0/19
set firewall group network-group sendToInternetGroup network 213.176.128.0/19
set firewall group network-group sendToInternetGroup network 213.181.96.0/19
set firewall group network-group sendToInternetGroup network 213.190.96.0/19
set firewall group network-group sendToInternetGroup network 213.213.128.0/19
set firewall group network-group sendToInternetGroup network 213.220.64.0/18
set firewall group network-group sendToInternetGroup network 217.9.128.0/20
set firewall group network-group sendToInternetGroup network 217.28.176.0/20
set firewall group network-group sendToInternetGroup network 217.151.160.0/19
set firewall group network-group sendToInternetGroup network 217.171.208.0/20

set interfaces openvpn vtun0 config-file /config/auth/express.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN'

set firewall modify express_vpn_route rule 9 action modify
set firewall modify express_vpn_route rule 9 destination group network-group sendToInternetGroup
set firewall modify express_vpn_route rule 9 modify table main

set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set interfaces switch switch0 firewall in modify express_vpn_route
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save
exit


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller

Skjámynd

kizi86
Vaktari
Póstar: 2070
Skráði sig: Lau 26. Sep 2009 18:08
Reputation: 126
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf kizi86 » Lau 18. Jan 2020 17:23

félagi minn er með svona: https://www.amazon.com/GL-iNET-GL-MT300 ... lp_pl_dp_2
router fyrir usa netflix og svoleiðis


AsRock Fatal1ty Z77 Professional Intel 3770K@4.4GHz Asus GTX 980OC Strix 4GB GeiL Leggera DDR3 2x4GB@2133MHz 1.5TB Seagate Barrracuda 7200rpm stýrikerfi: Crucial m4 240GB SSD 2TB Hitachi 7200rpm 27" 1440p Shimian IPS LED WD RED 4TB 3TB WD Green Aerocool XpredatorAerocool X-Strike 1100w PSU


Hizzman
Gúrú
Póstar: 521
Skráði sig: Fös 22. Apr 2016 18:48
Reputation: 81
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf Hizzman » Lau 18. Jan 2020 19:11

getur etv sett openVPN á borðtölvu og bætt í hana netkorti(wifi eða vír) og fengið VPN neti út þar.



Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf Sallarólegur » Lau 18. Jan 2020 19:23

Takk,

Ég náði að stilla þetta á EdgeRouter með þessum leiðbeiningum og með smá breytingu: https://community.ui.com/questions/Expr ... 976c26d142

Nú eru öll tæki frá 192.168.1. 150 til 199 á Express VPN svo ég get fundið tækið í Edgerouter listanum, smellt á Map Static IP og gefið hverju tæki IP tölu á þessu bili.

Kóði: Velja allt

configure
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN' 
set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1 
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save


Notaði Putty og WinSCP.


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller


selur2
Græningi
Póstar: 45
Skráði sig: Lau 15. Ágú 2009 12:22
Reputation: 0
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf selur2 » Lau 18. Jan 2020 22:24

Sælir,
Hvernig lætur Rúv eða Stoð 2 ( eða hinar íslensku ) stöðvarnar þegar þú ert með apple tv á VPN
ég var með VPN á Routernum hjá á öll tæki heimilisins, en þá var straumurinn íslenski til vandræða.
er með apple tv fyrir allt...




bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf bjornvil » Lau 18. Jan 2020 23:06

Ótrúlega fyndin tilviljun, ég var einmitt að skoða návæmlega sama í gærkvöldi og var að fara eftir sömu leiðbeiningum og þú. Geri sömu skipanir og þú í configinu á Edgerouter X en fæ alltaf error þegar ég ætla að committa þetta. Fæ eftirfarandi:

[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Failed to start OpenVPN tunnel.

Loggið segir þetta:

bjornvil@ubnt:~$ show log | grep openvpn
Jan 18 01:21:28 ubnt openvpn[10143]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 01:21:28 ubnt openvpn[10143]: Use --help for more information.
Jan 18 22:41:44 ubnt openvpn[11280]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 22:41:45 ubnt openvpn[11280]: Use --help for more information.
Jan 18 23:00:50 ubnt openvpn[11901]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 23:00:50 ubnt openvpn[11901]: Use --help for more information.
bjornvil@ubnt:~$

Nú veit ég ekkert...




bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf bjornvil » Lau 18. Jan 2020 23:16

bjornvil skrifaði:Ótrúlega fyndin tilviljun, ég var einmitt að skoða návæmlega sama í gærkvöldi og var að fara eftir sömu leiðbeiningum og þú. Geri sömu skipanir og þú í configinu á Edgerouter X en fæ alltaf error þegar ég ætla að committa þetta. Fæ eftirfarandi:

[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Failed to start OpenVPN tunnel.

Loggið segir þetta:

bjornvil@ubnt:~$ show log | grep openvpn
Jan 18 01:21:28 ubnt openvpn[10143]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 01:21:28 ubnt openvpn[10143]: Use --help for more information.
Jan 18 22:41:44 ubnt openvpn[11280]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 22:41:45 ubnt openvpn[11280]: Use --help for more information.
Jan 18 23:00:50 ubnt openvpn[11901]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 23:00:50 ubnt openvpn[11901]: Use --help for more information.
bjornvil@ubnt:~$

Nú veit ég ekkert...


DISREGARD
Var að fatta þetta, var smá villa í VPN config skránni minni :)




bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf bjornvil » Sun 19. Jan 2020 11:02

Sallarólegur skrifaði:Takk,

Ég náði að stilla þetta á EdgeRouter með þessum leiðbeiningum og með smá breytingu: https://community.ui.com/questions/Expr ... 976c26d142

Nú eru öll tæki frá 192.168.1. 150 til 199 á Express VPN svo ég get fundið tækið í Edgerouter listanum, smellt á Map Static IP og gefið hverju tæki IP tölu á þessu bili.

Kóði: Velja allt

configure
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN' 
set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1 
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save


Notaði Putty og WinSCP.


Hvernig er þetta að virka hjá þér? Ég ætlaði að setja Panasonic sjónvarpið mitt á VPN en Netflix í því neitaði að spila, fékk bara meldingu frá Netflix um að það sé VPN í gangi. Er einhver leið framhjá því?

EDIT

Er að nota ExpressVPN, sama server og þú sýnist mér...



Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt

Pósturaf Sallarólegur » Sun 19. Jan 2020 12:18

selur2 skrifaði:Sælir,
Hvernig lætur Rúv eða Stoð 2 ( eða hinar íslensku ) stöðvarnar þegar þú ert með apple tv á VPN
ég var með VPN á Routernum hjá á öll tæki heimilisins, en þá var straumurinn íslenski til vandræða.
er með apple tv fyrir allt...


RÚV appið virkar fínt, NovaTV sýnir bara villu um að ekki sé hægt að nota það í US. Það er hægt að setja ákveðnar IP tölur á VPN, spurning hvort það sé hægt að nota töflu yfir íslenskar IP tölur og senda þær beint í gegnum ISP en ekki VPN.

Sjá: https://www.rix.is/english/is-as-nets-en.html

bjornvil skrifaði:
Hvernig er þetta að virka hjá þér? Ég ætlaði að setja Panasonic sjónvarpið mitt á VPN en Netflix í því neitaði að spila, fékk bara meldingu frá Netflix um að það sé VPN í gangi. Er einhver leið framhjá því?

EDIT

Er að nota ExpressVPN, sama server og þú sýnist mér...


Netflix og Hulu virka bara í Apple TV hjá mér, fæ villu bæði í Netflix og Hulu með Firestick(Android TV). Þarf líklega að hafa samband við ExpressVPN support.


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller

Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf Sallarólegur » Sun 19. Jan 2020 15:42

Fékk góð svör á Ubiquiti forums!

Hér er config til að íslensk umferð fari venjulegu leiðina, en erlend traffík í gegnum VPN. Þessi listi hjá RIX virðist samt ekki vera tæmandi, til dæmis er NovaTV.is á íslenskri IP tölu 78.40.250.30 en 78.40.250.0 er ekki á listanum.

Einnig lagar þetta ekki NovaTV appið þar sem það er að nota erlendan CDN til að athuga hvaðan IP talan kemur - svo það lendir á VPN.

Þarf að prófa þetta betur, sýnist þetta vera "simplestreamcdn.com" sem athugar hvaðan maður kemur inn í NovaTV appið. Ef einhver er með IP range fyrir það væri það vel þegið.

Kóði: Velja allt

configure

set firewall group network-group sendToInternetGroup network 5.23.64.0/19
set firewall group network-group sendToInternetGroup network 5.252.12.0/22
set firewall group network-group sendToInternetGroup network 31.15.112.0/21
set firewall group network-group sendToInternetGroup network 31.209.136.0/21
set firewall group network-group sendToInternetGroup network 31.209.144.0/20
set firewall group network-group sendToInternetGroup network 31.209.192.0/18
set firewall group network-group sendToInternetGroup network 37.152.64.0/21
set firewall group network-group sendToInternetGroup network 37.205.32.0/21
set firewall group network-group sendToInternetGroup network 37.235.49.0/24
set firewall group network-group sendToInternetGroup network 46.22.96.0/20
set firewall group network-group sendToInternetGroup network 46.28.152.0/21
set firewall group network-group sendToInternetGroup network 46.182.184.0/21
set firewall group network-group sendToInternetGroup network 46.239.192.0/18
set firewall group network-group sendToInternetGroup network 62.145.128.0/19
set firewall group network-group sendToInternetGroup network 77.73.32.0/22
set firewall group network-group sendToInternetGroup network 77.83.108.0/22
set firewall group network-group sendToInternetGroup network 78.40.248.0/21
set firewall group network-group sendToInternetGroup network 79.171.96.0/21
set firewall group network-group sendToInternetGroup network 80.248.16.0/20
set firewall group network-group sendToInternetGroup network 80.249.116.0/22
set firewall group network-group sendToInternetGroup network 81.15.0.0/17
set firewall group network-group sendToInternetGroup network 82.112.64.0/19
set firewall group network-group sendToInternetGroup network 82.148.64.0/19
set firewall group network-group sendToInternetGroup network 82.221.0.0/16
set firewall group network-group sendToInternetGroup network 83.173.0.0/18
set firewall group network-group sendToInternetGroup network 85.116.64.0/19
set firewall group network-group sendToInternetGroup network 85.197.192.0/18
set firewall group network-group sendToInternetGroup network 85.220.0.0/17
set firewall group network-group sendToInternetGroup network 87.237.32.0/21
set firewall group network-group sendToInternetGroup network 88.149.0.0/17
set firewall group network-group sendToInternetGroup network 88.151.48.0/21
set firewall group network-group sendToInternetGroup network 89.17.128.0/19
set firewall group network-group sendToInternetGroup network 89.104.128.0/19
set firewall group network-group sendToInternetGroup network 89.160.128.0/17
set firewall group network-group sendToInternetGroup network 91.199.134.0/24
set firewall group network-group sendToInternetGroup network 91.208.22.0/24
set firewall group network-group sendToInternetGroup network 91.216.255.0/24
set firewall group network-group sendToInternetGroup network 91.220.110.0/24
set firewall group network-group sendToInternetGroup network 92.43.192.0/21
set firewall group network-group sendToInternetGroup network 93.95.72.0/21
set firewall group network-group sendToInternetGroup network 93.95.224.0/21
set firewall group network-group sendToInternetGroup network 94.142.152.0/21
set firewall group network-group sendToInternetGroup network 94.198.48.0/23
set firewall group network-group sendToInternetGroup network 94.250.244.0/22
set firewall group network-group sendToInternetGroup network 128.140.232.0/21
set firewall group network-group sendToInternetGroup network 130.208.0.0/16
set firewall group network-group sendToInternetGroup network 139.28.0.0/22
set firewall group network-group sendToInternetGroup network 141.98.144.0/22
set firewall group network-group sendToInternetGroup network 147.78.128.0/22
set firewall group network-group sendToInternetGroup network 149.3.164.0/22
set firewall group network-group sendToInternetGroup network 149.126.80.0/21
set firewall group network-group sendToInternetGroup network 151.236.24.0/24
set firewall group network-group sendToInternetGroup network 153.92.128.0/19
set firewall group network-group sendToInternetGroup network 157.97.0.0/19
set firewall group network-group sendToInternetGroup network 157.157.0.0/16
set firewall group network-group sendToInternetGroup network 160.20.214.0/23
set firewall group network-group sendToInternetGroup network 160.210.0.0/16
set firewall group network-group sendToInternetGroup network 176.10.32.0/21
set firewall group network-group sendToInternetGroup network 176.57.224.0/20
set firewall group network-group sendToInternetGroup network 178.19.48.0/20
set firewall group network-group sendToInternetGroup network 178.248.16.0/21
set firewall group network-group sendToInternetGroup network 185.21.16.0/22
set firewall group network-group sendToInternetGroup network 185.24.0.0/22
set firewall group network-group sendToInternetGroup network 185.25.252.0/22
set firewall group network-group sendToInternetGroup network 185.27.36.0/22
set firewall group network-group sendToInternetGroup network 185.29.196.0/22
set firewall group network-group sendToInternetGroup network 185.30.184.0/22
set firewall group network-group sendToInternetGroup network 185.35.244.0/23
set firewall group network-group sendToInternetGroup network 185.40.120.0/22
set firewall group network-group sendToInternetGroup network 185.44.240.0/22
set firewall group network-group sendToInternetGroup network 185.56.12.0/22
set firewall group network-group sendToInternetGroup network 185.67.84.0/22
set firewall group network-group sendToInternetGroup network 185.67.180.0/22
set firewall group network-group sendToInternetGroup network 185.86.220.0/22
set firewall group network-group sendToInternetGroup network 185.93.156.0/22
set firewall group network-group sendToInternetGroup network 185.107.60.0/22
set firewall group network-group sendToInternetGroup network 185.109.100.0/22
set firewall group network-group sendToInternetGroup network 185.111.36.0/22
set firewall group network-group sendToInternetGroup network 185.112.144.0/22
set firewall group network-group sendToInternetGroup network 185.112.204.0/22
set firewall group network-group sendToInternetGroup network 185.118.32.0/22
set firewall group network-group sendToInternetGroup network 185.119.124.0/22
set firewall group network-group sendToInternetGroup network 185.123.196.0/22
set firewall group network-group sendToInternetGroup network 185.126.60.0/22
set firewall group network-group sendToInternetGroup network 185.138.172.0/22
set firewall group network-group sendToInternetGroup network 185.152.116.0/22
set firewall group network-group sendToInternetGroup network 185.154.116.0/22
set firewall group network-group sendToInternetGroup network 185.159.158.0/24
set firewall group network-group sendToInternetGroup network 185.169.188.0/23
set firewall group network-group sendToInternetGroup network 185.174.176.0/22
set firewall group network-group sendToInternetGroup network 185.177.132.0/22
set firewall group network-group sendToInternetGroup network 185.179.76.0/22
set firewall group network-group sendToInternetGroup network 185.191.232.0/22
set firewall group network-group sendToInternetGroup network 185.198.144.0/22
set firewall group network-group sendToInternetGroup network 185.202.180.0/22
set firewall group network-group sendToInternetGroup network 185.219.148.0/22
set firewall group network-group sendToInternetGroup network 185.221.176.0/22
set firewall group network-group sendToInternetGroup network 185.221.232.0/22
set firewall group network-group sendToInternetGroup network 185.240.40.0/22
set firewall group network-group sendToInternetGroup network 185.248.120.0/22
set firewall group network-group sendToInternetGroup network 192.30.37.0/24
set firewall group network-group sendToInternetGroup network 192.71.218.0/24
set firewall group network-group sendToInternetGroup network 192.147.34.0/24
set firewall group network-group sendToInternetGroup network 192.253.250.0/24
set firewall group network-group sendToInternetGroup network 193.4.0.0/16
set firewall group network-group sendToInternetGroup network 193.107.84.0/22
set firewall group network-group sendToInternetGroup network 193.109.16.0/20
set firewall group network-group sendToInternetGroup network 194.31.61.0/24
set firewall group network-group sendToInternetGroup network 194.105.224.0/19
set firewall group network-group sendToInternetGroup network 194.144.0.0/16
set firewall group network-group sendToInternetGroup network 195.130.193.0/24
set firewall group network-group sendToInternetGroup network 199.195.118.0/24
set firewall group network-group sendToInternetGroup network 212.30.192.0/18
set firewall group network-group sendToInternetGroup network 212.126.224.0/19
set firewall group network-group sendToInternetGroup network 213.167.128.0/19
set firewall group network-group sendToInternetGroup network 213.176.128.0/19
set firewall group network-group sendToInternetGroup network 213.181.96.0/19
set firewall group network-group sendToInternetGroup network 213.190.96.0/19
set firewall group network-group sendToInternetGroup network 213.213.128.0/19
set firewall group network-group sendToInternetGroup network 213.220.64.0/18
set firewall group network-group sendToInternetGroup network 217.9.128.0/20
set firewall group network-group sendToInternetGroup network 217.28.176.0/20
set firewall group network-group sendToInternetGroup network 217.151.160.0/19
set firewall group network-group sendToInternetGroup network 217.171.208.0/20

set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN'

set firewall modify express_vpn_route rule 9 action modify
set firewall modify express_vpn_route rule 9 destination group network-group sendToInternetGroup
set firewall modify express_vpn_route rule 9 modify table main

set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller


phillipseamore
Nýliði
Póstar: 9
Skráði sig: Fim 07. Jan 2016 05:32
Reputation: 7
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf phillipseamore » Sun 19. Jan 2020 15:56

Sallarólegur skrifaði:Fékk góð svör á Ubiquiti forums!
Hér er config til að íslensk umferð fari venjulegu leiðina, en erlend traffík í gegnum VPN. Þessi listi hjá RIX virðist samt ekki vera tæmandi, til dæmis er NovaTV.is á íslenskri IP tölu 78.40.250.30 en 78.40.250.0 er ekki á listanum.


It is, the 78.40.248.0/21 is CIDR notation and translates to 78.40.248.0 - 78.40.255.255




bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf bjornvil » Sun 19. Jan 2020 16:19

Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...



Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf Sallarólegur » Sun 19. Jan 2020 16:41

Að bæta við þessari IP frá Amazon lagar http://www.NovaTV.is en ekki í Apple TV, stendur bara að ég sé í US ennþá. Samt er Apple ID Store á stillt á Iceland.

143.204.0.0/16

Getur einhver fundið út hvert Nova TV apple TV appið er að rútast? :baby

bjornvil skrifaði:Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...


15Mbps

Ertu með nýjasta firmware á routernum?

Mynd


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller


bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf bjornvil » Sun 19. Jan 2020 17:36

bjornvil skrifaði:
bjornvil skrifaði:Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...


15Mbps

Ertu með nýjasta firmware á routernum?

Mynd


Hah, þetta gerði gæfumuninn, fæ sama hraða og þú núna. Kærar þakkir :)

En Netflix er ekki að virka hjá mér, fæ Proxy villu. Held að ástæðan sé að ég held áfram að nota Cloudflare DNS sem ég er búinn að setja Edgerouter upp í að nota í stað þess að nota ExpressVPN DNS serverana. Hvernig ert þú með DNS forwarding uppsett hjá þér?

EDIT

Ég fann út úr þessu skv. þessum leiðbeiningum: https://community.ui.com/questions/EdgeOS-Privacy-DNS-Forwarding-Through-OpenVPN-Tunnel-vtun0/83e2ef34-f622-41e6-8f40-6aafce46994b



Skjámynd

Höfundur
Sallarólegur
Internetsérfræðingur
Póstar: 5881
Skráði sig: Mán 04. Apr 2005 11:01
Reputation: 487
Staðsetning: https://viktor.ms
Hafðu samband:
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf Sallarólegur » Sun 19. Jan 2020 19:56

NovaTV komið í gang aftur :)

Ég keyrði TCP dump á VPN interface og fór í Nova TV appið. Þá kom upp nýr Amazon server sem appið talar við server-13-225-62-102.ewr53.r.cloudfront.net.

Kóði: Velja allt

sudo tcpdump -i vtun0


Pingaði hann og fékk 13.225.62.102 sem er hluti af 13.224.0.0/14 :)

Kóði: Velja allt

set firewall group network-group sendToInternetGroup network 13.224.0.0/14


Set heildar configið í upprunalega þráðinn. Svo er spurning hvað þetta endist lengi og hvort maður eigi að white-lista fleiri Amazon CIDR. Kemur í ljós.


AMD Ryzen5 3600 • GTX1080 founders edition • ASRock Fatal1ty B450 Gaming-ITX/ac • Corsair Ven 2x8GB 3200Mhz • Samsung 970 Evo Plus 250GB • Corsair SF600 • G Pro Wireless • WASD V2 Ch.MX brown • Corsair Virtuoso SE

Alienware Ultrawide 34.1" WQHD 1900R IPS 3440 x 1440p 4ms 120Hz •

EdgeRouter-X • TOUGHSwitch TS-5-POE • Unifi AP AC LITE • Raspberry Pi Unifi controller


bjornvil
Ofur-Nörd
Póstar: 260
Skráði sig: Fim 24. Jan 2008 00:10
Reputation: 6
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf bjornvil » Mán 20. Jan 2020 16:15

bjornvil skrifaði:
En Netflix er ekki að virka hjá mér, fæ Proxy villu. Held að ástæðan sé að ég held áfram að nota Cloudflare DNS sem ég er búinn að setja Edgerouter upp í að nota í stað þess að nota ExpressVPN DNS serverana. Hvernig ert þú með DNS forwarding uppsett hjá þér?

EDIT

Ég fann út úr þessu skv. þessum leiðbeiningum: https://community.ui.com/questions/EdgeOS-Privacy-DNS-Forwarding-Through-OpenVPN-Tunnel-vtun0/83e2ef34-f622-41e6-8f40-6aafce46994b


Svona FYI ef einhverjir eru í sömu pælingum og ég þá gerði þetta set protocol static interface-route lausn sem er í þessum link eitthvað sem varð til þess að Netflix (og mögulega fleiri vefsíður þótt ég athugaði það ekki) hætti að hlaðast nema að vera tengdur á VPN þannig þetta er ekki að virka fyrir mig eins og er. Þarf að skoða þetta betur ef ég nenni :/



Skjámynd

kornelius
has spoken...
Póstar: 168
Skráði sig: Þri 09. Jan 2018 09:15
Reputation: 42
Staða: Ótengdur

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Pósturaf kornelius » Mán 20. Jan 2020 17:53

Sallarólegur skrifaði:NovaTV komið í gang aftur :)

Ég keyrði TCP dump á VPN interface og fór í Nova TV appið. Þá kom upp nýr Amazon server sem appið talar við server-13-225-62-102.ewr53.r.cloudfront.net.

Kóði: Velja allt

sudo tcpdump -i vtun0


Pingaði hann og fékk 13.225.62.102 sem er hluti af 13.224.0.0/14 :)

Kóði: Velja allt

set firewall group network-group sendToInternetGroup network 13.224.0.0/14


Set heildar configið í upprunalega þráðinn. Svo er spurning hvað þetta endist lengi og hvort maður eigi að white-lista fleiri Amazon CIDR. Kemur í ljós.



Hér er síðan smá automation script sem þú getur keyrt á hverri nóttu til að listi sé réttur :

Kóði: Velja allt

#!/bin/sh

dagur=$(date +%Y-%m-%d)
file1=is-net.txt
file2=$dagur.is-net.txt
mv $file1 $file2

cd /config

curl https://www.rix.is/english/is-net.txt > is-net.txt

diff $file1 $file2 > /dev/null 2>&1
error=$?
if [ $error -eq 0 ]

then
   echo "$file1 og $file2 eru eins - gera ekki neitt"
elif [ $error -eq 1 ]

then
   > config.conf
   cp config.boot $dagur.config.boot
   for i in `cat $file1` ; do
   echo "set firewall group network-group sendToInternetGroup network $i" >> config.conf
   # hér væri síðan hægt að mergja saman öll config með skipun
   # cat config.conf > config.boot
   # cat Amazon.conf >> config.boot
   # cat Nova.conf >> config.boot
   # og hérna reboot
   # semsagt keyra þetta að nóttu til sem root crontab
   # og þá ertu alltaf með nýjasta lista yfir íslenskar ip-tölur
   # Reboot verður því bara ef listi er uppdærður
done
else
   echo "Thad er eitthvert vesen med diff"
fi