I recently subscribed to Netflix and being in the UK I found that they have loads more available in the US to watch. To get around this in a way that would also allow me to stream programmes to my chromecast is actually quite complicated. As I have small Linux box on my network to provide IPv6 via a tunnel I thought I would allow this to also allow access via a GRE tunnel to a VPS running in the US.
The first thing you need to do is setup the machine in the US so it can do NAT just like your home router can do with the following:
#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F FORWARD
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -A INPUT -i us-gre -j ACCEPT
iptables -A FORWARD -i us-gre -j ACCEPT
iptables -A INPUT -i us-gre -j ACCEPT
iptables -A FORWARD -i us-gre -j ACCEPT
Your then need to setup a GRE tunnel between your VM running in another country and your home network. One thing to be aware of is that GRE tunnels use a specific IP protocol number rather than TCP or UDP. This means that your need to either activate an option which enables this or setup the machine doing the routing on your home network as the DMZ host.
I used the following to setup a GRE tunnel on the VPS which will forward all data to my home network over the tunnel (my home network has addresses in the 192.168.x.x range).
ip tunnel del us-gre
ip tunnel add us-gre mode gre remote local ttl 255
ip link set us-gre up
ip addr add 192.168.X.1/24 dev us-gre
echo add routes
ip route add 192.168.0.0/16 via 192.168.X.10 dev us-gre
#ip route add 192.168.0.0/16 dev us-gre
Once you have everything setup on the VPS VM then your need to do the same on your home network with the following:
# VPN hosts.
ip rule add from 192.168.0.x table vpn
# Add default routes for vpn table.
ip route add default via 10.9.0.1 dev tun0 table vpn
ip route flush cache
ip tunnel del us-gre
ip tunnel add us-gre mode gre remote local ttl 255
ip link set us-gre up
ip addr add 192.168.8.10/24 dev us-gre
echo add default route
ip route add 0.0.0.0/1 via 192.168.8.1 dev us-gre table vpn
You will also need to run the following to add a table so you can have different routing destinations for different hosts which route via this machine.
echo 200 vpn >> /etc/iproute2/rt_tables
In order to make a machine use the tunnel your need to adjust your DHCP settings so the machine you want uses the machine with the tunnel as it’s default route. Once this is done your use:
ip rule add from
table vpn on the machine with the tunnel on it. This creates a rule which makes the requested machine use a different routing table to all other traffic.