I want to access some services that are blocked based on country, for example I want to watch youtube videos that are blocked by youtube in my country.
I've tried using popular VPN services and some of them allowed me to bypass regional blocking on youtube, but most of them are being blocked in my country, so they often don't work. I've tried setting up self-hosted VPN (OpenVPN, Wireguard, StrongSwan) on VPS located in another country. Self-hosted VPN worked really good to bypass the blocking by government, however it doesn't seem to be enough to bypass regional blocking on youtube.
Note: I've noticed that even not all popular VPN services can bypass regional blocking, but, for example, Windscribe can bypass regional blocking.
What do I need to do to enable self-hosted VPN to bypass regional blocking on youtube? Or maybe there is another solution other than VPN?
Related
I basically have an API that is going to be used with a web app and a mobile app. I don't want the API to publically available, where should I deploy it then? is there a way without using AWS? Thanks, Nav :)
There are multiple ways of doing this. This is a sensitive topic, as this is an opinion-based field.
However, I will try to answer below - and challange your way of approaching this.
It really depends on your 'operational' skills, funds, need for security, deadline(s) etc.
Basically you need to make an endpoint available on the www, without everybody being able to connect.
You could either:
Deploy a virtual machine or web app. in Azure/AWS/GCP/... and whitelist the IP's you need to connect from.
Rent a VPS from any provider, and deploy your application here - Again, whitelisting. (Edit: Not phones, since this IP changes constantly. A proxy can be implemented here (potential bottleneck), or any authentication mechanism like OAuth, JWT, Certificates etc. can be implemented either on the ingress controller (e.g. NGINX) or the application itself.)
Deploy the application on your Home-PC, order a static IP to your home and make a forwarded port and set up security on your premise (not recommended, and raises and bunch of other headaches)
Get in touch with a company that hosts web applications (Can be quite expensive)
Based on the limited information provided in your question, there is a ton of options, nice-2-haves and factors that comes in to play when choosing the setup that suits your needs.
You should also consider; VPN usage, Backup/disaster recovery, data leaks, redundancy, the need for future deploys, how you would access your environment in six months....
I hope this answered your question, but also raised a few for you to answer yourself.
Finally, I'd recommend you looking for inspiration here.
EDIT:
Question:
Whitelisting mobile IP's.
VPS selected.
Answer:
This becomes quite a task when mobile phones tend to change IP's frequently.
Since you are looking further into the VPS setup, you are more in control of the setup and can choose to look into OAuth and JWT.
Links:
OAuth - https://oauth.net/getting-started/ https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps
NGINX JWT - https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-jwt-authentication/
So - At the end of the day, you can make your app use a proxy (potential bottleneck) and whitelist this IP, or make the endpoint open (any -> 443) and implement an authentication mechanism like the ones mentioned above.
Consider implementing a DMZ zone for incoming traffic from the web.
https://en.wikipedia.org/wiki/DMZ_(computing)
and put your application behind this zone, making sure that the only the DMZ zone is facing the internet, and the server hosting your application is talking to the server in the DMZ.
Again, this is quite a big topic and is hard to simplify to a stackoverflow post.
If you are hosting the app on AWS you have a couple of options.
API Gateway now supports private endpoints. These endpoints can not be called via the public internet. That means if your app is hosted on AWS only the internal services of the app can call the end point. i.e. front end to database etc. I've used this method for internal micro services such as placing in house app data onto kinesis streams.
Alternatively, if you don't want to use API Gateway you have lots of options. Most of which would involve you creating rest APIs from where ever you plan on hosting your code. This could be on the server it's self or some sort of container.
API Gateway Private Endpoint Reference:
https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/
On Google Cloud Platform, how can I register/validate my Microsoft Windows machines, in a walled VPC?
For security reasons:
-Every connection goes through a proxy;
-Every Windows machine is not allowed to have an external IP address;
For money reasons:
-No Windows KMS relay server.
I read:
https://cloud.google.com/compute/docs/instances/windows/
https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances
https://cloud.google.com/compute/docs/instances/windows/getting-support-for-windows-instances
Unfortunately, an external IP address is required to activate a Windows instance with Google’s KMS servers. You cannot turn off the external IP for a Windows VM on Google Compute Engine as it requires re-activation every 30 days, however, Google is actively working on a fix to address this issue and to make it so you can activate against VMs with internal IP only.
For the interim, if you wish to restrict outbound communication you can set up egress firewall rules as follows:
Create a deny egress firewall rule for the IP range 0.0.0.0/0 on all ports
Create an allow egress rule to the IP 173.255.119.204 and the port tcp:1688. This will allow the VM to talk to the KMS Servers.
The allow rule should have a higher priority ( i.e. a lower number) than deny rule.
As mentioned earlier, there's a feature request to that is still in development and being tested internally. Unfortunately, there's no ETA at this time.
That being said, I would recommend that you follow the Google Cloud Platform Blog page, so you are aware once the feature is released, or use the above-provided workaround.
Finally, should you decide to continue using Windows OS without activation, keep in mind that the following may occur as per Microsoft Product Activation article in Wikipedia
Windows Server 2016 has a 30-day grace period and if not activated, the operating system may go into what is called Reduced Functional mode which means that certain functionality will be disabled, you may also see a watermark showing the edition of Windows as not activated.
Access to all Windows Updates with confidence that your Windows software has the latest security and reliability enhancements may be removed.
You will be prompted every time you log in to Activate, as well as receive periodic prompts to activate your software.
I hope this information is helpful.
A friend has a PC with access to the internet. I also have internet but I want to connect to the internet through my friend's computer, using his computer as a VPN, so that I can access websites blocked by my current ISP.
I know I can use logmein (For example) to control his PC and surf there, but I just need the ability to connect to his PC/network and surf through his internet, just like a VPN does.
my question is: what software / method can help us achieve this?
Note: he has dynamic i.p internet
Bypassing DNS blocks isn't that hard.
You can use Google DNS to reach about every site. You change your Domain Name Settings[*] to those of Google and you'll be able to visit TPB or other blocked sites.
If you want to work with a VPN, it'd be best if your friend sets his IP to static.
This way you can use the built-in VPN client in Microsoft to connect to him. Check out this tutorial on how to make a VPN on his pc and connect with it from yours.
[*] DNS-settings are needed to retreive an IP from your ISP. If you change them to Google DNS, you'll get an IP from Google and your DNS-lookups (when you surf to a site) will go via Google instead of via your ISP. This allowes you to bypass local DNS-blocks and some sites will load a few miliseconds faster.
I often visit various sites and like to do so anonymously from behind a proxy. However, it seems as if some websites are still able to detect my real IP address. I know this because they use the IP address to attempt to geolocate me for services.
How did they actually get my real IP Address if I am using a proxy?
How can I truly hide myself?
Most proxies you'll find online are so-called 'transparant proxies'. This means they identify themselves as proxy and even give your real IP-address to the site.
These proxies are commonly used to load pages on the proxy-server instead of your PC.
IP proxies won't protect you at all, to be honest.
What you need are VPN's (Virtual Private Networks) a.k.a. Network Tunnel.
VPN's allow you to do everything online via an external PC inside that network. You'll get that PC's IP and all loading etc happens on that PC.
Not all VPN's are undetected. If you always want to browse the web anonymously, you'll need to find some HQ VPN's (barely for free) and you'll need to change VPN frequently.
Try searching on HideMyAss, SecurityKISS, ... or maybe even the TOR-network
I am trying to develop one application which can block all urls using win32 api on windows desktop application.
So is there any api or any procedure doing programmatically so that i can block all urls?
It's impossible to block just URLs. If you want to make sure no one can access the internet the only way to do this would be to unplug the ethernet cable. (Or whatever is giving you connectivity) Here's why:
Blocking all DNS resolution won't stop someone from accessing http://206.132.84.265/
Blocking port 80 and 443 won't stop someone from accessing a web site hosted on a non-standard port.
Denying access to IE and installation of any other software won't stop someone from downloading a browser that doesn't require to be installed (Like a text browser) and putting it on a thumb drive.
Buying an expensive firewall that blocks HTTP traffic won't be able to stop SSL operating on a non-standard port.
Believe me, back in highschool I worked in a warehouse with a scanner gun and figured out how I could check my email with it (with a little help from my computer at home) since an internet gateway was on the same network.
If you want to block people from surfing the web, disconnect the internet.
I suppose you can do it using the Windows Firewall API
http://msdn.microsoft.com/en-us/library/Aa366453.aspx
You can do this using Windows Firewall Protocol. This is an API provided by Microsoft.
For Vista it's straight-forward, but for XP you need to do some work around, as examples are not available for that.