Síða 1 af 1

Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Lau 18. Jan 2020 16:12
af Viktor


Ég er með ExpressVPN vegna Netflix, Hulu ofl. í Apple TV.

Mig langar að geta skipt um sjónvarpsbox og haft WIFI tækin á VPN án þess að þurfa að stilla hvert og eitt, en til dæmis að hafa PC leikjavélina á venjulega netinu. Sum sjónvörp og TV box leyfa manni ekki einu sinni að stilla DNS á sér, svo þetta þyrfti að gerast í router/switch eða hvar sem þetta er gert.

Fyrsta skrefið væri að setja WIFI á VPN en hafa wired tæki á venjulega ISP.

Hvernig græja ég þetta? Þarf ég að kaupa einhverjar græjur í þetta?

Ég er með Edgerouter X, TOUGHSwitch, Unifi AP.

EDIT:
Hér er config sem virkar. Setur tæki 192.168.1.150-199 á ExpressVPN (sjá leiðbeiningar neðar) nema íslensk traffík og nokkrir Amazon þjónar(vegna NovaTV) fara í gegnum ISP.

http://www.expressvpn.com > My Account > Set Up on More Devices/Set up on all your devices > See all devices > Manual Config > Manual Configuration
> OpenVPN >

Búa til textaskrá sem heitir user-pass.txt og setja Username á fyrstu línu og Password á næstu línu
user-pass.txt skrifaði:qgmtbnknkwjensq2h8qdx42n
4bhi78j3i12j7vweboejjj8e


Sækja eina OpenVPN skrá úr leiðbeiningunum, New York - 2, og skýra hana express.ovpn:
2. Download one or more OpenVPN configuration files for your account. The following locations are available:

Breyta einni línu í express.ovpn (auth-user-pass) til að nota user/pass.
auth-user-pass /config/auth/user-pass.txt ; route-nopull

Sækja WinSCP, tengjast router, setja skrárnar í /config/auth/
Sækja Putty, tengjast router og keyra þessar línur:

Kóði: Velja allt

configure

set firewall group network-group sendToInternetGroup network 13.224.0.0/14
set firewall group network-group sendToInternetGroup network 143.204.0.0/16
set firewall group network-group sendToInternetGroup network 5.23.64.0/19
set firewall group network-group sendToInternetGroup network 5.252.12.0/22
set firewall group network-group sendToInternetGroup network 31.15.112.0/21
set firewall group network-group sendToInternetGroup network 31.209.136.0/21
set firewall group network-group sendToInternetGroup network 31.209.144.0/20
set firewall group network-group sendToInternetGroup network 31.209.192.0/18
set firewall group network-group sendToInternetGroup network 37.152.64.0/21
set firewall group network-group sendToInternetGroup network 37.205.32.0/21
set firewall group network-group sendToInternetGroup network 37.235.49.0/24
set firewall group network-group sendToInternetGroup network 46.22.96.0/20
set firewall group network-group sendToInternetGroup network 46.28.152.0/21
set firewall group network-group sendToInternetGroup network 46.182.184.0/21
set firewall group network-group sendToInternetGroup network 46.239.192.0/18
set firewall group network-group sendToInternetGroup network 62.145.128.0/19
set firewall group network-group sendToInternetGroup network 77.73.32.0/22
set firewall group network-group sendToInternetGroup network 77.83.108.0/22
set firewall group network-group sendToInternetGroup network 78.40.248.0/21
set firewall group network-group sendToInternetGroup network 79.171.96.0/21
set firewall group network-group sendToInternetGroup network 80.248.16.0/20
set firewall group network-group sendToInternetGroup network 80.249.116.0/22
set firewall group network-group sendToInternetGroup network 81.15.0.0/17
set firewall group network-group sendToInternetGroup network 82.112.64.0/19
set firewall group network-group sendToInternetGroup network 82.148.64.0/19
set firewall group network-group sendToInternetGroup network 82.221.0.0/16
set firewall group network-group sendToInternetGroup network 83.173.0.0/18
set firewall group network-group sendToInternetGroup network 85.116.64.0/19
set firewall group network-group sendToInternetGroup network 85.197.192.0/18
set firewall group network-group sendToInternetGroup network 85.220.0.0/17
set firewall group network-group sendToInternetGroup network 87.237.32.0/21
set firewall group network-group sendToInternetGroup network 88.149.0.0/17
set firewall group network-group sendToInternetGroup network 88.151.48.0/21
set firewall group network-group sendToInternetGroup network 89.17.128.0/19
set firewall group network-group sendToInternetGroup network 89.104.128.0/19
set firewall group network-group sendToInternetGroup network 89.160.128.0/17
set firewall group network-group sendToInternetGroup network 91.199.134.0/24
set firewall group network-group sendToInternetGroup network 91.208.22.0/24
set firewall group network-group sendToInternetGroup network 91.216.255.0/24
set firewall group network-group sendToInternetGroup network 91.220.110.0/24
set firewall group network-group sendToInternetGroup network 92.43.192.0/21
set firewall group network-group sendToInternetGroup network 93.95.72.0/21
set firewall group network-group sendToInternetGroup network 93.95.224.0/21
set firewall group network-group sendToInternetGroup network 94.142.152.0/21
set firewall group network-group sendToInternetGroup network 94.198.48.0/23
set firewall group network-group sendToInternetGroup network 94.250.244.0/22
set firewall group network-group sendToInternetGroup network 128.140.232.0/21
set firewall group network-group sendToInternetGroup network 130.208.0.0/16
set firewall group network-group sendToInternetGroup network 139.28.0.0/22
set firewall group network-group sendToInternetGroup network 141.98.144.0/22
set firewall group network-group sendToInternetGroup network 147.78.128.0/22
set firewall group network-group sendToInternetGroup network 149.3.164.0/22
set firewall group network-group sendToInternetGroup network 149.126.80.0/21
set firewall group network-group sendToInternetGroup network 151.236.24.0/24
set firewall group network-group sendToInternetGroup network 153.92.128.0/19
set firewall group network-group sendToInternetGroup network 157.97.0.0/19
set firewall group network-group sendToInternetGroup network 157.157.0.0/16
set firewall group network-group sendToInternetGroup network 160.20.214.0/23
set firewall group network-group sendToInternetGroup network 160.210.0.0/16
set firewall group network-group sendToInternetGroup network 176.10.32.0/21
set firewall group network-group sendToInternetGroup network 176.57.224.0/20
set firewall group network-group sendToInternetGroup network 178.19.48.0/20
set firewall group network-group sendToInternetGroup network 178.248.16.0/21
set firewall group network-group sendToInternetGroup network 185.21.16.0/22
set firewall group network-group sendToInternetGroup network 185.24.0.0/22
set firewall group network-group sendToInternetGroup network 185.25.252.0/22
set firewall group network-group sendToInternetGroup network 185.27.36.0/22
set firewall group network-group sendToInternetGroup network 185.29.196.0/22
set firewall group network-group sendToInternetGroup network 185.30.184.0/22
set firewall group network-group sendToInternetGroup network 185.35.244.0/23
set firewall group network-group sendToInternetGroup network 185.40.120.0/22
set firewall group network-group sendToInternetGroup network 185.44.240.0/22
set firewall group network-group sendToInternetGroup network 185.56.12.0/22
set firewall group network-group sendToInternetGroup network 185.67.84.0/22
set firewall group network-group sendToInternetGroup network 185.67.180.0/22
set firewall group network-group sendToInternetGroup network 185.86.220.0/22
set firewall group network-group sendToInternetGroup network 185.93.156.0/22
set firewall group network-group sendToInternetGroup network 185.107.60.0/22
set firewall group network-group sendToInternetGroup network 185.109.100.0/22
set firewall group network-group sendToInternetGroup network 185.111.36.0/22
set firewall group network-group sendToInternetGroup network 185.112.144.0/22
set firewall group network-group sendToInternetGroup network 185.112.204.0/22
set firewall group network-group sendToInternetGroup network 185.118.32.0/22
set firewall group network-group sendToInternetGroup network 185.119.124.0/22
set firewall group network-group sendToInternetGroup network 185.123.196.0/22
set firewall group network-group sendToInternetGroup network 185.126.60.0/22
set firewall group network-group sendToInternetGroup network 185.138.172.0/22
set firewall group network-group sendToInternetGroup network 185.152.116.0/22
set firewall group network-group sendToInternetGroup network 185.154.116.0/22
set firewall group network-group sendToInternetGroup network 185.159.158.0/24
set firewall group network-group sendToInternetGroup network 185.169.188.0/23
set firewall group network-group sendToInternetGroup network 185.174.176.0/22
set firewall group network-group sendToInternetGroup network 185.177.132.0/22
set firewall group network-group sendToInternetGroup network 185.179.76.0/22
set firewall group network-group sendToInternetGroup network 185.191.232.0/22
set firewall group network-group sendToInternetGroup network 185.198.144.0/22
set firewall group network-group sendToInternetGroup network 185.202.180.0/22
set firewall group network-group sendToInternetGroup network 185.219.148.0/22
set firewall group network-group sendToInternetGroup network 185.221.176.0/22
set firewall group network-group sendToInternetGroup network 185.221.232.0/22
set firewall group network-group sendToInternetGroup network 185.240.40.0/22
set firewall group network-group sendToInternetGroup network 185.248.120.0/22
set firewall group network-group sendToInternetGroup network 192.30.37.0/24
set firewall group network-group sendToInternetGroup network 192.71.218.0/24
set firewall group network-group sendToInternetGroup network 192.147.34.0/24
set firewall group network-group sendToInternetGroup network 192.253.250.0/24
set firewall group network-group sendToInternetGroup network 193.4.0.0/16
set firewall group network-group sendToInternetGroup network 193.107.84.0/22
set firewall group network-group sendToInternetGroup network 193.109.16.0/20
set firewall group network-group sendToInternetGroup network 194.31.61.0/24
set firewall group network-group sendToInternetGroup network 194.105.224.0/19
set firewall group network-group sendToInternetGroup network 194.144.0.0/16
set firewall group network-group sendToInternetGroup network 195.130.193.0/24
set firewall group network-group sendToInternetGroup network 199.195.118.0/24
set firewall group network-group sendToInternetGroup network 212.30.192.0/18
set firewall group network-group sendToInternetGroup network 212.126.224.0/19
set firewall group network-group sendToInternetGroup network 213.167.128.0/19
set firewall group network-group sendToInternetGroup network 213.176.128.0/19
set firewall group network-group sendToInternetGroup network 213.181.96.0/19
set firewall group network-group sendToInternetGroup network 213.190.96.0/19
set firewall group network-group sendToInternetGroup network 213.213.128.0/19
set firewall group network-group sendToInternetGroup network 213.220.64.0/18
set firewall group network-group sendToInternetGroup network 217.9.128.0/20
set firewall group network-group sendToInternetGroup network 217.28.176.0/20
set firewall group network-group sendToInternetGroup network 217.151.160.0/19
set firewall group network-group sendToInternetGroup network 217.171.208.0/20

set interfaces openvpn vtun0 config-file /config/auth/express.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN'

set firewall modify express_vpn_route rule 9 action modify
set firewall modify express_vpn_route rule 9 destination group network-group sendToInternetGroup
set firewall modify express_vpn_route rule 9 modify table main

set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0
set interfaces switch switch0 firewall in modify express_vpn_route
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save
exit

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 17:23
af kizi86
félagi minn er með svona: https://www.amazon.com/GL-iNET-GL-MT300 ... lp_pl_dp_2
router fyrir usa netflix og svoleiðis

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 19:11
af Hizzman
getur etv sett openVPN á borðtölvu og bætt í hana netkorti(wifi eða vír) og fengið VPN neti út þar.

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 19:23
af Viktor
Takk,

Ég náði að stilla þetta á EdgeRouter með þessum leiðbeiningum og með smá breytingu: https://community.ui.com/questions/Expr ... 976c26d142

Nú eru öll tæki frá 192.168.1. 150 til 199 á Express VPN svo ég get fundið tækið í Edgerouter listanum, smellt á Map Static IP og gefið hverju tæki IP tölu á þessu bili.

Kóði: Velja allt

configure
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN' 
set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1 
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save


Notaði Putty og WinSCP.

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 22:24
af selur2
Sælir,
Hvernig lætur Rúv eða Stoð 2 ( eða hinar íslensku ) stöðvarnar þegar þú ert með apple tv á VPN
ég var með VPN á Routernum hjá á öll tæki heimilisins, en þá var straumurinn íslenski til vandræða.
er með apple tv fyrir allt...

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 23:06
af bjornvil
Ótrúlega fyndin tilviljun, ég var einmitt að skoða návæmlega sama í gærkvöldi og var að fara eftir sömu leiðbeiningum og þú. Geri sömu skipanir og þú í configinu á Edgerouter X en fæ alltaf error þegar ég ætla að committa þetta. Fæ eftirfarandi:

[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Failed to start OpenVPN tunnel.

Loggið segir þetta:

bjornvil@ubnt:~$ show log | grep openvpn
Jan 18 01:21:28 ubnt openvpn[10143]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 01:21:28 ubnt openvpn[10143]: Use --help for more information.
Jan 18 22:41:44 ubnt openvpn[11280]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 22:41:45 ubnt openvpn[11280]: Use --help for more information.
Jan 18 23:00:50 ubnt openvpn[11901]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 23:00:50 ubnt openvpn[11901]: Use --help for more information.
bjornvil@ubnt:~$

Nú veit ég ekkert...

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Lau 18. Jan 2020 23:16
af bjornvil
bjornvil skrifaði:Ótrúlega fyndin tilviljun, ég var einmitt að skoða návæmlega sama í gærkvöldi og var að fara eftir sömu leiðbeiningum og þú. Geri sömu skipanir og þú í configinu á Edgerouter X en fæ alltaf error þegar ég ætla að committa þetta. Fæ eftirfarandi:

[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Failed to start OpenVPN tunnel.

Loggið segir þetta:

bjornvil@ubnt:~$ show log | grep openvpn
Jan 18 01:21:28 ubnt openvpn[10143]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 01:21:28 ubnt openvpn[10143]: Use --help for more information.
Jan 18 22:41:44 ubnt openvpn[11280]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 22:41:45 ubnt openvpn[11280]: Use --help for more information.
Jan 18 23:00:50 ubnt openvpn[11901]: Options error: Unrecognized option or missing or extra parameter(s) in /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn:26: auth-user-pass (2.4.0)
Jan 18 23:00:50 ubnt openvpn[11901]: Use --help for more information.
bjornvil@ubnt:~$

Nú veit ég ekkert...


DISREGARD
Var að fatta þetta, var smá villa í VPN config skránni minni :)

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Sun 19. Jan 2020 11:02
af bjornvil
Sallarólegur skrifaði:Takk,

Ég náði að stilla þetta á EdgeRouter með þessum leiðbeiningum og með smá breytingu: https://community.ui.com/questions/Expr ... 976c26d142

Nú eru öll tæki frá 192.168.1. 150 til 199 á Express VPN svo ég get fundið tækið í Edgerouter listanum, smellt á Map Static IP og gefið hverju tæki IP tölu á þessu bili.

Kóði: Velja allt

configure
set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN' 
set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1 
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save


Notaði Putty og WinSCP.


Hvernig er þetta að virka hjá þér? Ég ætlaði að setja Panasonic sjónvarpið mitt á VPN en Netflix í því neitaði að spila, fékk bara meldingu frá Netflix um að það sé VPN í gangi. Er einhver leið framhjá því?

EDIT

Er að nota ExpressVPN, sama server og þú sýnist mér...

Re: Setja ákveðin tæki á VPN miðlægt

Sent: Sun 19. Jan 2020 12:18
af Viktor
selur2 skrifaði:Sælir,
Hvernig lætur Rúv eða Stoð 2 ( eða hinar íslensku ) stöðvarnar þegar þú ert með apple tv á VPN
ég var með VPN á Routernum hjá á öll tæki heimilisins, en þá var straumurinn íslenski til vandræða.
er með apple tv fyrir allt...


RÚV appið virkar fínt, NovaTV sýnir bara villu um að ekki sé hægt að nota það í US. Það er hægt að setja ákveðnar IP tölur á VPN, spurning hvort það sé hægt að nota töflu yfir íslenskar IP tölur og senda þær beint í gegnum ISP en ekki VPN.

Sjá: https://www.rix.is/english/is-as-nets-en.html

bjornvil skrifaði:
Hvernig er þetta að virka hjá þér? Ég ætlaði að setja Panasonic sjónvarpið mitt á VPN en Netflix í því neitaði að spila, fékk bara meldingu frá Netflix um að það sé VPN í gangi. Er einhver leið framhjá því?

EDIT

Er að nota ExpressVPN, sama server og þú sýnist mér...


Netflix og Hulu virka bara í Apple TV hjá mér, fæ villu bæði í Netflix og Hulu með Firestick(Android TV). Þarf líklega að hafa samband við ExpressVPN support.

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 15:42
af Viktor
Fékk góð svör á Ubiquiti forums!

Hér er config til að íslensk umferð fari venjulegu leiðina, en erlend traffík í gegnum VPN. Þessi listi hjá RIX virðist samt ekki vera tæmandi, til dæmis er NovaTV.is á íslenskri IP tölu 78.40.250.30 en 78.40.250.0 er ekki á listanum.

Einnig lagar þetta ekki NovaTV appið þar sem það er að nota erlendan CDN til að athuga hvaðan IP talan kemur - svo það lendir á VPN.

Þarf að prófa þetta betur, sýnist þetta vera "simplestreamcdn.com" sem athugar hvaðan maður kemur inn í NovaTV appið. Ef einhver er með IP range fyrir það væri það vel þegið.

Kóði: Velja allt

configure

set firewall group network-group sendToInternetGroup network 5.23.64.0/19
set firewall group network-group sendToInternetGroup network 5.252.12.0/22
set firewall group network-group sendToInternetGroup network 31.15.112.0/21
set firewall group network-group sendToInternetGroup network 31.209.136.0/21
set firewall group network-group sendToInternetGroup network 31.209.144.0/20
set firewall group network-group sendToInternetGroup network 31.209.192.0/18
set firewall group network-group sendToInternetGroup network 37.152.64.0/21
set firewall group network-group sendToInternetGroup network 37.205.32.0/21
set firewall group network-group sendToInternetGroup network 37.235.49.0/24
set firewall group network-group sendToInternetGroup network 46.22.96.0/20
set firewall group network-group sendToInternetGroup network 46.28.152.0/21
set firewall group network-group sendToInternetGroup network 46.182.184.0/21
set firewall group network-group sendToInternetGroup network 46.239.192.0/18
set firewall group network-group sendToInternetGroup network 62.145.128.0/19
set firewall group network-group sendToInternetGroup network 77.73.32.0/22
set firewall group network-group sendToInternetGroup network 77.83.108.0/22
set firewall group network-group sendToInternetGroup network 78.40.248.0/21
set firewall group network-group sendToInternetGroup network 79.171.96.0/21
set firewall group network-group sendToInternetGroup network 80.248.16.0/20
set firewall group network-group sendToInternetGroup network 80.249.116.0/22
set firewall group network-group sendToInternetGroup network 81.15.0.0/17
set firewall group network-group sendToInternetGroup network 82.112.64.0/19
set firewall group network-group sendToInternetGroup network 82.148.64.0/19
set firewall group network-group sendToInternetGroup network 82.221.0.0/16
set firewall group network-group sendToInternetGroup network 83.173.0.0/18
set firewall group network-group sendToInternetGroup network 85.116.64.0/19
set firewall group network-group sendToInternetGroup network 85.197.192.0/18
set firewall group network-group sendToInternetGroup network 85.220.0.0/17
set firewall group network-group sendToInternetGroup network 87.237.32.0/21
set firewall group network-group sendToInternetGroup network 88.149.0.0/17
set firewall group network-group sendToInternetGroup network 88.151.48.0/21
set firewall group network-group sendToInternetGroup network 89.17.128.0/19
set firewall group network-group sendToInternetGroup network 89.104.128.0/19
set firewall group network-group sendToInternetGroup network 89.160.128.0/17
set firewall group network-group sendToInternetGroup network 91.199.134.0/24
set firewall group network-group sendToInternetGroup network 91.208.22.0/24
set firewall group network-group sendToInternetGroup network 91.216.255.0/24
set firewall group network-group sendToInternetGroup network 91.220.110.0/24
set firewall group network-group sendToInternetGroup network 92.43.192.0/21
set firewall group network-group sendToInternetGroup network 93.95.72.0/21
set firewall group network-group sendToInternetGroup network 93.95.224.0/21
set firewall group network-group sendToInternetGroup network 94.142.152.0/21
set firewall group network-group sendToInternetGroup network 94.198.48.0/23
set firewall group network-group sendToInternetGroup network 94.250.244.0/22
set firewall group network-group sendToInternetGroup network 128.140.232.0/21
set firewall group network-group sendToInternetGroup network 130.208.0.0/16
set firewall group network-group sendToInternetGroup network 139.28.0.0/22
set firewall group network-group sendToInternetGroup network 141.98.144.0/22
set firewall group network-group sendToInternetGroup network 147.78.128.0/22
set firewall group network-group sendToInternetGroup network 149.3.164.0/22
set firewall group network-group sendToInternetGroup network 149.126.80.0/21
set firewall group network-group sendToInternetGroup network 151.236.24.0/24
set firewall group network-group sendToInternetGroup network 153.92.128.0/19
set firewall group network-group sendToInternetGroup network 157.97.0.0/19
set firewall group network-group sendToInternetGroup network 157.157.0.0/16
set firewall group network-group sendToInternetGroup network 160.20.214.0/23
set firewall group network-group sendToInternetGroup network 160.210.0.0/16
set firewall group network-group sendToInternetGroup network 176.10.32.0/21
set firewall group network-group sendToInternetGroup network 176.57.224.0/20
set firewall group network-group sendToInternetGroup network 178.19.48.0/20
set firewall group network-group sendToInternetGroup network 178.248.16.0/21
set firewall group network-group sendToInternetGroup network 185.21.16.0/22
set firewall group network-group sendToInternetGroup network 185.24.0.0/22
set firewall group network-group sendToInternetGroup network 185.25.252.0/22
set firewall group network-group sendToInternetGroup network 185.27.36.0/22
set firewall group network-group sendToInternetGroup network 185.29.196.0/22
set firewall group network-group sendToInternetGroup network 185.30.184.0/22
set firewall group network-group sendToInternetGroup network 185.35.244.0/23
set firewall group network-group sendToInternetGroup network 185.40.120.0/22
set firewall group network-group sendToInternetGroup network 185.44.240.0/22
set firewall group network-group sendToInternetGroup network 185.56.12.0/22
set firewall group network-group sendToInternetGroup network 185.67.84.0/22
set firewall group network-group sendToInternetGroup network 185.67.180.0/22
set firewall group network-group sendToInternetGroup network 185.86.220.0/22
set firewall group network-group sendToInternetGroup network 185.93.156.0/22
set firewall group network-group sendToInternetGroup network 185.107.60.0/22
set firewall group network-group sendToInternetGroup network 185.109.100.0/22
set firewall group network-group sendToInternetGroup network 185.111.36.0/22
set firewall group network-group sendToInternetGroup network 185.112.144.0/22
set firewall group network-group sendToInternetGroup network 185.112.204.0/22
set firewall group network-group sendToInternetGroup network 185.118.32.0/22
set firewall group network-group sendToInternetGroup network 185.119.124.0/22
set firewall group network-group sendToInternetGroup network 185.123.196.0/22
set firewall group network-group sendToInternetGroup network 185.126.60.0/22
set firewall group network-group sendToInternetGroup network 185.138.172.0/22
set firewall group network-group sendToInternetGroup network 185.152.116.0/22
set firewall group network-group sendToInternetGroup network 185.154.116.0/22
set firewall group network-group sendToInternetGroup network 185.159.158.0/24
set firewall group network-group sendToInternetGroup network 185.169.188.0/23
set firewall group network-group sendToInternetGroup network 185.174.176.0/22
set firewall group network-group sendToInternetGroup network 185.177.132.0/22
set firewall group network-group sendToInternetGroup network 185.179.76.0/22
set firewall group network-group sendToInternetGroup network 185.191.232.0/22
set firewall group network-group sendToInternetGroup network 185.198.144.0/22
set firewall group network-group sendToInternetGroup network 185.202.180.0/22
set firewall group network-group sendToInternetGroup network 185.219.148.0/22
set firewall group network-group sendToInternetGroup network 185.221.176.0/22
set firewall group network-group sendToInternetGroup network 185.221.232.0/22
set firewall group network-group sendToInternetGroup network 185.240.40.0/22
set firewall group network-group sendToInternetGroup network 185.248.120.0/22
set firewall group network-group sendToInternetGroup network 192.30.37.0/24
set firewall group network-group sendToInternetGroup network 192.71.218.0/24
set firewall group network-group sendToInternetGroup network 192.147.34.0/24
set firewall group network-group sendToInternetGroup network 192.253.250.0/24
set firewall group network-group sendToInternetGroup network 193.4.0.0/16
set firewall group network-group sendToInternetGroup network 193.107.84.0/22
set firewall group network-group sendToInternetGroup network 193.109.16.0/20
set firewall group network-group sendToInternetGroup network 194.31.61.0/24
set firewall group network-group sendToInternetGroup network 194.105.224.0/19
set firewall group network-group sendToInternetGroup network 194.144.0.0/16
set firewall group network-group sendToInternetGroup network 195.130.193.0/24
set firewall group network-group sendToInternetGroup network 199.195.118.0/24
set firewall group network-group sendToInternetGroup network 212.30.192.0/18
set firewall group network-group sendToInternetGroup network 212.126.224.0/19
set firewall group network-group sendToInternetGroup network 213.167.128.0/19
set firewall group network-group sendToInternetGroup network 213.176.128.0/19
set firewall group network-group sendToInternetGroup network 213.181.96.0/19
set firewall group network-group sendToInternetGroup network 213.190.96.0/19
set firewall group network-group sendToInternetGroup network 213.213.128.0/19
set firewall group network-group sendToInternetGroup network 213.220.64.0/18
set firewall group network-group sendToInternetGroup network 217.9.128.0/20
set firewall group network-group sendToInternetGroup network 217.28.176.0/20
set firewall group network-group sendToInternetGroup network 217.151.160.0/19
set firewall group network-group sendToInternetGroup network 217.171.208.0/20

set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_usa_-_new_york_udp.ovpn
set interfaces openvpn vtun0 description 'ExpressVPN'

set firewall modify express_vpn_route rule 9 action modify
set firewall modify express_vpn_route rule 9 destination group network-group sendToInternetGroup
set firewall modify express_vpn_route rule 9 modify table main

set firewall modify express_vpn_route rule 10 description 'ExpressVPN'
set firewall modify express_vpn_route rule 10 source address 192.168.1.150-192.168.1.199
set firewall modify express_vpn_route rule 10 modify table 1

set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0 
set interfaces switch switch0 firewall in modify express_vpn_route 
set service nat rule 5001 description 'ExpressVPN'
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface vtun0
set service nat rule 5001 type masquerade
commit ; save

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 15:56
af phillipseamore
Sallarólegur skrifaði:Fékk góð svör á Ubiquiti forums!
Hér er config til að íslensk umferð fari venjulegu leiðina, en erlend traffík í gegnum VPN. Þessi listi hjá RIX virðist samt ekki vera tæmandi, til dæmis er NovaTV.is á íslenskri IP tölu 78.40.250.30 en 78.40.250.0 er ekki á listanum.


It is, the 78.40.248.0/21 is CIDR notation and translates to 78.40.248.0 - 78.40.255.255

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 16:19
af bjornvil
Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 16:41
af Viktor
Að bæta við þessari IP frá Amazon lagar http://www.NovaTV.is en ekki í Apple TV, stendur bara að ég sé í US ennþá. Samt er Apple ID Store á stillt á Iceland.

143.204.0.0/16

Getur einhver fundið út hvert Nova TV apple TV appið er að rútast? :baby

bjornvil skrifaði:Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...


15Mbps

Ertu með nýjasta firmware á routernum?

Mynd

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 17:36
af bjornvil
bjornvil skrifaði:
bjornvil skrifaði:Sallarólegur hvernig hraða ertu að fá á þetta? Ég hef ekki prófað að setja tölvuna á VPN í gegnum routerinn en sjónvarpið er ónothæft, er ekki að fá neitt til að tala um yfir þessa tengingu...

Edit

Prófaði þetta á PC vélina og það er sama, fæ IP tölu en næ varla að tengjast vefsíðum. Þaðner eitthvað að...


15Mbps

Ertu með nýjasta firmware á routernum?

Mynd


Hah, þetta gerði gæfumuninn, fæ sama hraða og þú núna. Kærar þakkir :)

En Netflix er ekki að virka hjá mér, fæ Proxy villu. Held að ástæðan sé að ég held áfram að nota Cloudflare DNS sem ég er búinn að setja Edgerouter upp í að nota í stað þess að nota ExpressVPN DNS serverana. Hvernig ert þú með DNS forwarding uppsett hjá þér?

EDIT

Ég fann út úr þessu skv. þessum leiðbeiningum: https://community.ui.com/questions/EdgeOS-Privacy-DNS-Forwarding-Through-OpenVPN-Tunnel-vtun0/83e2ef34-f622-41e6-8f40-6aafce46994b

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Sun 19. Jan 2020 19:56
af Viktor
NovaTV komið í gang aftur :)

Ég keyrði TCP dump á VPN interface og fór í Nova TV appið. Þá kom upp nýr Amazon server sem appið talar við server-13-225-62-102.ewr53.r.cloudfront.net.

Kóði: Velja allt

sudo tcpdump -i vtun0


Pingaði hann og fékk 13.225.62.102 sem er hluti af 13.224.0.0/14 :)

Kóði: Velja allt

set firewall group network-group sendToInternetGroup network 13.224.0.0/14


Set heildar configið í upprunalega þráðinn. Svo er spurning hvað þetta endist lengi og hvort maður eigi að white-lista fleiri Amazon CIDR. Kemur í ljós.

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Mán 20. Jan 2020 16:15
af bjornvil
bjornvil skrifaði:
En Netflix er ekki að virka hjá mér, fæ Proxy villu. Held að ástæðan sé að ég held áfram að nota Cloudflare DNS sem ég er búinn að setja Edgerouter upp í að nota í stað þess að nota ExpressVPN DNS serverana. Hvernig ert þú með DNS forwarding uppsett hjá þér?

EDIT

Ég fann út úr þessu skv. þessum leiðbeiningum: https://community.ui.com/questions/EdgeOS-Privacy-DNS-Forwarding-Through-OpenVPN-Tunnel-vtun0/83e2ef34-f622-41e6-8f40-6aafce46994b


Svona FYI ef einhverjir eru í sömu pælingum og ég þá gerði þetta set protocol static interface-route lausn sem er í þessum link eitthvað sem varð til þess að Netflix (og mögulega fleiri vefsíður þótt ég athugaði það ekki) hætti að hlaðast nema að vera tengdur á VPN þannig þetta er ekki að virka fyrir mig eins og er. Þarf að skoða þetta betur ef ég nenni :/

Re: Setja ákveðin tæki á VPN miðlægt & íslensk traffík í gegnum ISP

Sent: Mán 20. Jan 2020 17:53
af kornelius
Sallarólegur skrifaði:NovaTV komið í gang aftur :)

Ég keyrði TCP dump á VPN interface og fór í Nova TV appið. Þá kom upp nýr Amazon server sem appið talar við server-13-225-62-102.ewr53.r.cloudfront.net.

Kóði: Velja allt

sudo tcpdump -i vtun0


Pingaði hann og fékk 13.225.62.102 sem er hluti af 13.224.0.0/14 :)

Kóði: Velja allt

set firewall group network-group sendToInternetGroup network 13.224.0.0/14


Set heildar configið í upprunalega þráðinn. Svo er spurning hvað þetta endist lengi og hvort maður eigi að white-lista fleiri Amazon CIDR. Kemur í ljós.



Hér er síðan smá automation script sem þú getur keyrt á hverri nóttu til að listi sé réttur :

Kóði: Velja allt

#!/bin/sh

dagur=$(date +%Y-%m-%d)
file1=is-net.txt
file2=$dagur.is-net.txt
mv $file1 $file2

cd /config

curl https://www.rix.is/english/is-net.txt > is-net.txt

diff $file1 $file2 > /dev/null 2>&1
error=$?
if [ $error -eq 0 ]

then
   echo "$file1 og $file2 eru eins - gera ekki neitt"
elif [ $error -eq 1 ]

then
   > config.conf
   cp config.boot $dagur.config.boot
   for i in `cat $file1` ; do
   echo "set firewall group network-group sendToInternetGroup network $i" >> config.conf
   # hér væri síðan hægt að mergja saman öll config með skipun
   # cat config.conf > config.boot
   # cat Amazon.conf >> config.boot
   # cat Nova.conf >> config.boot
   # og hérna reboot
   # semsagt keyra þetta að nóttu til sem root crontab
   # og þá ertu alltaf með nýjasta lista yfir íslenskar ip-tölur
   # Reboot verður því bara ef listi er uppdærður
done
else
   echo "Thad er eitthvert vesen med diff"
fi