access ISP-blocked sites via proxy/VPN at router level?

[gneville]

My (UK) ISP is blocking more and more torrent sites / forums.

I read through this thread - but it doesn't actually work.

Does anyone implement any router-level fixes to get around this? I'd happily pay for a VPN if that was the answer - but Ideally I want a per-URL solution, so not all my traffic is routed through a proxy / VPN, only the troublesome websites.

Many thanks in advance.

 

[cosmoxl]

the latest firmware incorporates a policy based routing option for the openvpn client, thanks to Merlin. the method is that you select which client(s) goes through the VPN tunnel. sounds like this is what you need.

What router do you have? not all are capable of running openvpn fast enough to be useful.

 

[gneville]

I have the RT-N66U, is that good enough?

I'll definitely check out this new update as well.

Thanks

 

[cosmoxl]

sorry, no. I'm afraid you'll find that much too slow. Even the AC87 will peak at just about 50megabits/sec, so none of them are super fast. the N66 I would imagine could do only 10megabits/sec at best.

 

[gneville]

Thanks - but just to clarify - I'm not actually looking to do any downloading via proxy/VPN; just browsing to the torrent sites.

The torrent indexing websites are blocked. 'Torrenting' itself is fine.

Thanks again.

 

[CaptainSTX]

My (UK) ISP is blocking more and more torrent sites / forums.

I read through this thread - but it doesn't actually work.

Does anyone implement any router-level fixes to get around this? I'd happily pay for a VPN if that was the answer - but Ideally I want a per-URL solution, so not all my traffic is routed through a proxy / VPN, only the troublesome websites.

Many thanks in advance.

If you a simple solution, have an ASUS router, and are willing to pay for a VPN service try Astrill VPN. They have an app that installs under Merlin's firmware that will let you do exactly what you want to do.

Sign up for their service for a one month trial, install the app and see if it works for you.

Otherwise search the forum and read about creating your own routing using custom iptables and you can accomplish the same thing that Astrill's app does. It will require that you be a reasonably advanced in networking person. One advantage of rolling your own is that you might be able to find a cheaper VPN service than Astrill offers and save $1 - $2 dollars a month. Astrill's app only works with their VPN service.

If you have up to $500 to spend look at Sabai Technology's dual gateway firmware that has been flashed onto routers and their VPN accelerator. Using the accelerator in conjunction with my router I get a full 75/75 on my VPN connection. Now I also believe that they are offering their modified Tomato firmware for $49.95 unsupported.

 

[RMerlin]

I'm not sure how intelligent UK ISPs are, but have you tried just changing your DNS to OpenDNS or Google's servers? In case they went the easy way and just blocked the sites at the DNS level.

 

[gneville]

@cosmoxl
Testing the new feature (great stuff RMerlin) - and it works with a free VPN grabbed from VPNGate.net.

@CaptainSTX
Many thanks for the link and advice. That's probably too expensive for my needs - as it's literally just a handful of sites i'm circumventing.


@RMerlin -
Already using OpenDNS, doesn't do anything I'm afraid.

One question about the great new feature - I know it's experimental, but is it possible (or might it ever be possible) to filter based on URL as well IP..?

 

[RMerlin]

One question about the great new feature - I know it's experimental, but is it possible (or might it ever be possible) to filter based on URL as well IP..?

No. The whole implementation is done at the routing layer, regardless of the content, so it can only process IP addresses. Any kind of content-related filtering would be unreliable, as its implementation would conflict with the closed-source DPI engine, or whenever you are accessing an URL over https, which would be invisible to the router since it's already encrypted.

 

[hardtotell]

I have not tried this. However, it may be possible to configure Privoxy to use the Tor network whenever a URL host matches a "torrent sites".

SEE THIS:
http://www.privoxy.org/user-manual/actions-file.html#FORWARD-OVERRIDE

Briefly, you would need to:
(1) Turn on Tor. With Tor, you can restrict your exit node to specific countries.
(2) Setup Entware
(3) Install Privoxy
(4) Configure Privoxy to filter on the URL host of the "torrent sites" and then use a forward-socks5t override to send the request through Tor, otherwise your ISP would handle the request.

 

[hardtotell]

I have not tried this. However, it may be possible to configure Privoxy to use the Tor network whenever a URL host matches a "torrent sites".

SEE THIS:
http://www.privoxy.org/user-manual/actions-file.html#FORWARD-OVERRIDE

Briefly, you would need to:
(1) Turn on Tor. With Tor, you can restrict your exit node to specific countries.
(2) Setup Entware
(3) Install Privoxy
(4) Configure Privoxy to filter on the URL host of the "torrent sites" and then use a forward-socks5t override to send the request through Tor, otherwise your ISP would handle the request.

Apparently this is possible with Privoxy and the Tor network.

Here Privoxy is configured to use the Tor network, unless we tell it to do something different in the user.action file.

If your default behavior is to use your ISP normally, not the Tor network, then just switch around the "forward-socks5t" and "forward" commands in the two configuration files.

/opt/etc/privoxy/config

# by default, use the Tor network with remote DNS resolution
forward-socks5t  /  127.0.0.1:9050 .

/opt/etc/privoxy/user.action

# otherwise, use my ISP directly for these requests
{+forward-override{forward .} \
-hide-if-modified-since  \
-overwrite-last-modified  \
}
.github.com/.*
.debian.org/.*
.vmware.com/.*

 

[netware5]

sorry, no. I'm afraid you'll find that much too slow. Even the AC87 will peak at just about 50megabits/sec, so none of them are super fast. the N66 I would imagine could do only 10megabits/sec at best.

Just to clarify - my RT-N66U is doing 14 Mbits/s with AES-256 CBC encryption. According to Merlin's tests it is capable to do about 25 Mbits/s with AES-128 CBC. To reach these speeds you should disable LZO compression.

P.S. The above speed (14 Mbits/s) is with 10% overclocking. Without overclocking my RT-N66U is doing 12 Mbits/s with AES-256 CBC encryption.

 

[Cake]

You could look into obfsproxy for openvpn. I have no idea how you would make it work on your router though, and what vpn server providers out there that support it. obfsproxy is basically for if your isp is throttling your vpn connection or you want to obscure the vpn traffic from your isp or ....

 

[Chrysalis]

as far as I know uk isps only block the frontend websites, not the trackers. They definitely do not block the peers and seeders.

So you probably only need to reroute the websites via the vpn, and possibly also the trackers, but you should be able to connect direct to seeders and peers.

 

[scyto]

I just started researching this. Is astrill still the 'easy way' to do this or are their add-ons / easy UI scripts to do this now?

 

[primitivo]

I just started researching this. Is astrill still the 'easy way' to do this or are their add-ons / easy UI scripts to do this now?

Yes, it is super easy with Astrill. Their desktop apps when using OpenWEB (which is proxy-tunnel) allows you to specify URLs that you want to go through proxy or which you wan to exclude. It means you can for example use it for selected websites which are blocked by your ISP.

When using VPN however you can filter traffic per website IP, not per domain name like it is possible with their OpenWEB solution. OpenWEB however is not available on the router.

 

[Bawbag]

Why not choose the easy option? I`m with a UK ISP who blocks these sites. Use Opera browser and enable Opera Turbo Mode (it's own proxy) and all these sites are accessible! That's what I do.

 

[Bawbag]

I take it you've either got BT or Virgin Media? Use Opera! I`m not being cheeky but I see no need for the long winded and complex method of accessing a simple torrent site where the tracker or peers are not affected.

 

[Jorge111]

My (UK) ISP is blocking more and more torrent sites / forums.

I read through this thread - but it doesn't actually work.

Does anyone implement any router-level fixes to get around this? I'd happily pay for a VPN if that was the answer - but Ideally I want a per-URL solution, so not all my traffic is routed through a proxy / VPN, only the troublesome websites.

Many thanks in advance.

I don´t know if this is posible. What you need is a VPN service like "Hidemyass". Here are there features: https://anonymweb.co.uk/hidemyass-review/

 

[AlbaGeor]

My (UK) ISP is blocking more and more torrent sites / forums. I read through this thread - but it doesn't actually work. Does anyone implement any router-level fixes to get around this? I'd happily pay for a VPN if that was the answer - but Ideally I want a per-URL solution, so not all my traffic is routed through a proxy / VPN, only the troublesome websites. Many thanks in advance.