On Sunday, May 8, 2022, Riccardo Giuntoli <tag...@gmail.com> wrote: > Hello there, I've got a little wireless service provider where the edge > connect to different VPS providers in many geographic locations. One of > them, based in US, is applying DMCA doing DPI above no encrypted traffic. > > Now all my VPS are OpenBSD I want to apply the same policy to not incur in > service problems or fees. > > Want I want to archive is redirect all no TLS/SSL traffic to an engine > (nDPI? relayd?) that could after interact with PF using an anchor. > > Someone got an idea to do this? > > Kindly regards, > > -- > Name: Riccardo Giuntoli > Email: tag...@gmail.com > Location: sant Pere de Ribes, BCN, Spain > PGP Key: 0x67123739 > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739 > Key server: hkp://wwwkeys.eu.pgp.net >
Would this solution be ok? Setup a VPN (wireguard?) between the USA VPS and other VPS in a different region ( Asia for example). Let 443 and other tls ports (465, 993) go normally via USA default route for the VPS. All other ports will use PF binat to masquerade the non-tls traffic via the Asian endpoint of the VPN. Cheers. -- Atenciosamente, Fabio Martins (+5521) 97914-8106 (Signal) https://www.linkedin.com/in/fabio1337br/
