[GTALUG] VPN Recommendations?

[D. Hugh Redelmeier]

| From: James Knott <james.knott at rogers.com>

| On 02/21/2016 03:01 PM, phiscock at ee.ryerson.ca wrote:
| > Any recommendations from this group? Maybe OpenVPN?
| 
| I've used OpenVPN in the past and it worked well.  However, you may want
| to consider IPSec, as it's supported by many devices and operating
| systems.

James: you do realize that Peter isn't actually asking for a VPN, he's
asking for a "total solution" for spoofing his node's country, don't you?

Peter: that's a bad use of the term VPN.

IPSec is a fine answer to the literal question (I'm biased).

Spoofing is inherently dodgy.  The spoofing exit nodes can generally
be catalogued if the server's organization cares.  Hola's approach is
a little harder to nail due to the diversity of exit nodes (all Hola
users in the target country).

If Netflix were really trying to ban spoofing, it should be easy to
catalogue all IP addresses that use an unreasonably high amount of
bandwidth (or have a bunch of Netflix accounts).  That would catch all
exit nodes that were amortized over an economically reasonable number
of customers of a commercial spoofing service.

This will fail for Netflix customers behind "carrier grade NAT"
(yuck).  Those could be whitelisted.

I once heard that only DNS traffic had to be spoofed to "fool"
Netflix.  I have no idea if this was or is true.

Spoofing Netflix doesn't appear to hurt Netflix.  It only hurts those
who hold the licensing rights in the actual country of the user (they
don't get paid).  In fact, it is a reason many subscribe to Netflix.
That is surely why Netflix has been turning a blind eye to spoofing.