Best approach for country VPN for multiple devices



  • We travel full time, and we have a lot of devices. iPads, laptops, soon to be Kindle Fires, and we would like to be able to use the things that we already pay for, like Netflix and Amazon Prime, on these devices while traveling. Netflix works in most countries, but has a different selection depending on where you are. Amazon Prime only works in the USA. We are considering getting a Fire TV gaming console too, if we can figure this issue out. Does anyone have an idea for a solution? I use Hola on my laptop (paid version) but it is cumbersome on iPads and I not available for the FireTV. I also don't think it works that well and causes lag a lot of the time.



  • Because I have a house with internet service in the US, I simply setup my ERL with OpenVPN connections for my devices.

    I use this when out of the country to get my US based IP. I feel no need to pay for a third party service to provide a VPN because the amount of travel I do is low enough to be not worth it. Also, these third party services are being targeted more and more by the media companies to prevent the work arounds.

    Also by using my own router to setup a typical OpenVPN design, I have little problem making it work on all devices.



  • Yeah I was thinking along the same lines as Jared. Setup a hosted linux box somewhere and VPN/proxy through it.

    Though, didn't we just have a discussion about how/why geo-ip'ing doesn't really work?



  • @Dashrender said:

    Though, didn't we just have a discussion about how/why geo-ip'ing doesn't really work?

    It works quite well, @scottalanmiller's opinion to the contrary. It will start working less and less well, but the media companies will work on their own solutions for that too.



  • I've been using PIA https://www.privateinternetaccess.com/ for almost 2 years now and pretty happy with it. Its cheap and can connect up to 5 devices at the same time with one account. Works well with my Android phone, ipad, MAC and Windows. Use it for Netflix streaming connecting to US as Netflix is not available yet in the middle east



  • @Dashrender said:

    Though, didn't we just have a discussion about how/why geo-ip'ing doesn't really work?

    We had a discussion about why it is bad and unreliable for the provider. If you are hosting a site and use Geo-IP to force opinion (blocking, language, filtering, currency) to users you will make mistakes and not do what you claim that you are doing. That providers WILL do bad things, that providers will be unthinking when it comes to their users or that people will sign contracts that require this are not in question.



  • @JaredBusch said:

    It works quite well, @scottalanmiller's opinion to the contrary. It will start working less and less well, but the media companies will work on their own solutions for that too.

    Actually it works hardly at all and the media stuff that we are discussing is partially why. Nearly everyone who cares today and "show up" as an IP from almost anywhere. This whole thread is about doing so. Any solution presented here is an example of Geo-IP not working because it can be so easily faked. Even my non-technical in laws who use Chromebooks and nothing else, do absolutely nothing technical, have VPNs for this and mess up the Geo-IP.

    So the Geo-IP issues tend to present annoyances but almost never a true obstacle. It's not my opinion, it is pretty clear fact that both real world users (@Carnival-Boy and myself) get detected as the wrong country when doing nothing to represent ourselves that way (and wrong city is almost always a given, it's very rare that I get shown in the right one there) and it is fact that many, many people are using simple tricks to get around Geo-IP, even non-technical people who are completely unaware that that is what they are doing.

    Those parts are not opinion. The only opinion that I've offered is that using something unreliable like this to determine content is bad - because it doesn't do what people expect it to do.



  • @Ambarishrh said:

    I've been using PIA https://www.privateinternetaccess.com/ for almost 2 years now and pretty happy with it. Its cheap and can connect up to 5 devices at the same time with one account. Works well with my Android phone, ipad, MAC and Windows. Use it for Netflix streaming connecting to US as Netflix is not available yet in the middle east

    Does it work with the Kindle Fire TV is the big question. Almost nothing does.



  • This sounds like you would need a different device, or a VPN gateway on a laptop or something that network devices can communicate through. Do you bring a router with you or was that one of the things you leave behind?



  • @JaredBusch said:

    It works quite well, @scottalanmiller's opinion to the contrary.

    Define "works quite well." From what I've seen it does not work at all - but we may have different definition of "works."

    I say that it does not work well because:

    • Mistakes are common resulting in lost or annoyed customers. (Blocking legit customers.)
    • It presents opportunity for assumption (you go to a site you want and get redirected to one you do not.)
    • Location does not imply what people tend to think that it implies (where your customer is now does not imply where they live or work or the location of the business itself.)
    • It is trivial, to the point of being transparent for non-technical users, to intentionally bypass and mislead.


  • If by "works well" you simply mean that "most of the time it guesses the right country", then sure. But I would not at all consider that working well. That's similar to the "block all" approach of firewalls, yes the average packet coming in in malicious so if you block absolutely everything you block more malicious than non-malicioius. So by a purely statistical approach if sounds like it is good. But it also means you blocked the purpose of the service.

    Obviously an extreme example, but the question around "working well" becomes - what is the goal with it? If it is to block malicious users it might work well if we are meaning only casual ones. If it is to determine where someone is to change services, it is trivial to modify that. What's the use case where it significantly does what people believe it will do or they intend for it to do?



  • You could use AWS-EC2 free-tier linux instance to build an OpenVPN server and encapsulate the traffic in SSL. This is kinda shady, and depending on your locale could be considered less than legal, but it works.



  • @coliver said:

    This sounds like you would need a different device, or a VPN gateway on a laptop or something that network devices can communicate through. Do you bring a router with you or was that one of the things you leave behind?

    If you can provide your own gateway device to your Amazon device you could be able to VPN to wherever you like from the gateway appliance.



  • @RamblingBiped said:

    You could use AWS-EC2 free-tier linux instance to build an OpenVPN server and encapsulate the traffic in SSL. This is kinda shady, and depending on your locale could be considered less than legal, but it works.

    No different than for ANY modification of source IP address.



  • @scottalanmiller said:

    Does it work with the Kindle Fire TV is the big question. Almost nothing does.
    Not sure how Kindle fire network connectivity is. When i had a Roku3, which didn't have a VPN option on its networking, what i did was to use the L2TP/IPSec setup of PIA on my iMAC, used that VPN for Internet Sharing from MAC to Roku3.



  • Once we do this move we will have a computer there that will be available for this but ideally we do not want to be running a high performance, big power draw PC all day long. Part of the point of the Fire TV is that it is a low power device for doing simple things like watching YouTube.



  • Tried any DNS services like https://www2.unotelly.com/home



  • @Ambarishrh said:

    Tried any DNS services like https://www2.unotelly.com/home

    Fire TV locks DNS, does it not?



  • Setting up our own VPN is not ideal, because equipment will then have to be kept somewhere out there, and we don't have a home base.



  • @Dominica That is the nice thing about using an AWS-EC2 instances. You can have pre-built/configured VPN servers in different locales (US East-Virginia, EU-Ireland, Asia Pacific-Singapore, South America-Sao Paolo) and bring up/take down an instance as you travel to different parts of the world. The last time we had people travel to Asia I spun up an EC2 instance in Singapore and they were able to connect to email and other services with little to no latency.

    Traveling to Europe? Take down the Singapore instance and bring up an instance in Ireland.

    Their free-tier is good for a year of use if I remember correctly, and should be more than enough oomph for personal use.



  • No free for us, we used up the free tier long ago.



  • It is only getting access to the US that we are looking for.



  • @Dominica Hosted solves that.



  • Why would you need a power hungry PC for this? Couldn't you use something like an ERL? If you wired access, you could plug the ERL into the internet, and hang a UAP off the other side (the 5 port ERL has POE) and you should be good.

    If you only have wireless access, you'd need two UAPs, one for connection to your provider, and one to your stuff, assuming you couldn't get a VLAN situation working, then you might be able to do it all with one.



  • Please check this, http://help.unotelly.com/support/solutions/articles/193478-setting-up-unodns-on-your-amazon-fire-tv-

    and probably as trial, try the DNS entries:
    Primary DNS: 5.100.250.54

    Secondary DNS: 103.250.184.116



  • Looks promising, checking that one out.



  • So it appears that this will work for the Fire TV but there is one little catch - there is no advanced option when your WiFi doesn't use a password - which the one that we are on here in Galveston does not. So I am attempting to test this and the setting that I need to enter doesn't exist for us 😞


  • Banned

    @scottalanmiller said:

    So it appears that this will work for the Fire TV but there is one little catch - there is no advanced option when your WiFi doesn't use a password - which the one that we are on here in Galveston does not. So I am attempting to test this and the setting that I need to enter doesn't exist for us 😞

    Can you make a profile for a non-broadcasting ssid? If so maybe try making one with the advance settings and then just remove the password.



  • Yes, you are correct, I think that that will work. Trying to figure out how to manually set the IP address in that case as it seems to want to not allow DHCP and the pool of IP addresses here is large so it makes it rather complicated.


Log in to reply