It could be and I already done using rdomains, pair and pf match with tag and pass with route-to.
What I just start to use (yesterday after writing this email) is in the head of the wireless internet service provider, one application of my network, is using nDPI iptables module in mangle PREROUTING just to create different ToS, better saying, DSCP classes and then route in the OSPF OpenBSD network over IKEv2 depending on the value assigned to this IPv4 field. I've found a distfiles on the fr openbsd mirror: https://ftp.fr.openbsd.org/pub/OpenBSD/distfiles/ndpi-4.2.tar.gz Someone try it? Nice regards, On Mon, May 9, 2022 at 1:19 AM Fabio Martins <fosf...@gmail.com> wrote: > On Sunday, May 8, 2022, Riccardo Giuntoli <tag...@gmail.com> wrote: > > > Hello there, I've got a little wireless service provider where the edge > > connect to different VPS providers in many geographic locations. One of > > them, based in US, is applying DMCA doing DPI above no encrypted traffic. > > > > Now all my VPS are OpenBSD I want to apply the same policy to not incur > in > > service problems or fees. > > > > Want I want to archive is redirect all no TLS/SSL traffic to an engine > > (nDPI? relayd?) that could after interact with PF using an anchor. > > > > Someone got an idea to do this? > > > > Kindly regards, > > > > -- > > Name: Riccardo Giuntoli > > Email: tag...@gmail.com > > Location: sant Pere de Ribes, BCN, Spain > > PGP Key: 0x67123739 > > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739 > > Key server: hkp://wwwkeys.eu.pgp.net > > > > Would this solution be ok? > > Setup a VPN (wireguard?) between the USA VPS and other VPS in a different > region ( Asia for example). > > Let 443 and other tls ports (465, 993) go normally via USA default route > for the VPS. > > All other ports will use PF binat to masquerade the non-tls traffic via the > Asian endpoint of the VPN. > > Cheers. > > > -- > Atenciosamente, > > Fabio Martins > > (+5521) 97914-8106 (Signal) > https://www.linkedin.com/in/fabio1337br/ > -- Name: Riccardo Giuntoli Email: tag...@gmail.com Location: sant Pere de Ribes, BCN, Spain PGP Key: 0x67123739 PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739 Key server: hkp://wwwkeys.eu.pgp.net
