Kicking of my webpage this time with this bit on how I fool my Chromecast to think it's in the US.

So I bought myself a Chromecast a while back and played around with it. One of the first things I tried was using it with Netflix. This works as expected, but the Netfilx content is not so great here in good old Norway. To solve that I have been using Private Internet Access to make Netfilx think I am in the US, UK or any other place that might have the content I am looking for. The Chromecast is not as easily fooled though as my phone or computer. It starts it's own Netflix app and streams using that. Since that's not on VPN I don't get to see the content on my TV.

For a while now I have had an OpenBSD router running at home doing the basic NAT for all my home computing needs. Below I will explain how I made the router access the VPN and force only select clients out over it:

Installing OpenVPN on OpenBSD is easy:

# pkg_add -v openvpn

Then fetching the necessary configuration files from my VPN provider and unzipping

# mkdir /usr/local/etc/openvpn
# cd /usr/local/etc/openvpn
# ftp https://www.privateinternetaccess.com/openvpn/openvpn.zip
# unzip openvpn.zip

This gives me a bunch of files named SomeCountry.ovpn. I want to use the US East VPN gateway so I find the file US East.ovpn and added some lines: _(can't take all the credit here. I adapted the solution described by DaCa here)_

script-security 2
route-noexec
route-up /usr/local/etc/openvpn/route-up.sh

The first line allows me to run a script when the connection starts. The second tells OpenVPN not to change the routing table The third refers to my script. Then I make(read: modify) the script:

#!/bin/sh
VPN_HOSTS="{ 192.168.1.4 }"
/sbin/pfctl -a vpn -f - <<!
pass in on em0 from $VPN_HOSTS to \!em0:network route-to (tun0 $route_vpn_gateway)
!

This uses runtime variables from openvpn to make a dynamic pf rule to the anchor vpn. (To clarify; my DHCP always provide the Chromecast with the same IP adress) And I add an anchor to the pf.conf called vpn along with some other rules:

pass in on tun0
anchor vpn
block out on egress from $vpn_clients to any

That last line is very optional. I use it for another client that I also have going on VPN. It acts as an internet kill switch. When the VPN is running the traffic can pass out on tun0 thanks to the anchor rule. But when the VPN goes down, no traffic from $vpn_clients can pass out on the "normal" interface.

That's it folks.