We fire up YouTube without installing software on end devices
It's been a tough time for YouTube content consumers lately. Even the smallest local providers have already implemented that same video slowdown. In some cases (like mine), it's not even a slowdown, but simply a limitation of functionality. Videos simply don't load.
Let's leave aside the fact of blocking – it is not unfounded. But the amount of useful information that has been accumulated on the site over the years of its, in fact, monopoly ownership of this niche is colossal. Therefore, no matter what, we have to bypass this blocking.
There are several ways to do this:
the most common VPN and its variations – despite the ban on it, as practice shows, it works even as a standard OpenVPN solution (that's how it works for me)
various variations of anti-DPI solutions – in the form of software installed on end devices, proxy servers (which also need to be configured on end devices)
But I am a lazy person. There are quite a lot of devices at home, on the configuration of which I do not want to spend time. Therefore, we will perform the bypass transparently – at the router level.
For the simplest scenarios, there are solutions for routers based on OpenWRT and the like, but I have no way to install this, because the hardware of the Wi-Fi router does not allow this. But I have a home server with a hypervisor on which a smart home is running, but I also once raised an intermediate router on pfSense 2.7 nearby. What did I need it for? Yes, all for the same things – bypassing blocking by redirecting traffic to a VPN tunnel to my VPS somewhere in Europe, more functional DHCP services, DNS relay, etc., a VPN server for connecting from outside to an internal network, site-to-site VPN for combining a summer house and a garage into a common network. In general, there is a lot of functionality and if you have a similar configuration, I will show a simple example of setting up a bypass of speed limits for YouTube on pfSense (or any other unix-like router).
Solution
So, we will use a solution called zapret from bol-van (https://github.com/bol-van/zapret), which is a tcp proxy that obfuscates the information by which DPI determines the need for its intervention.
We are interested in the setup for FreeBSD, which is what pfSense is based on. But to get started and make things more convenient, you need to do a few things.
Allow connection via ssh (in the hypervisor virtual machine console, select item 14
Next, you can connect to the router using a convenient SSH client, which is what we do
Enabling FreeBSD repositories that are disabled by default
edit /usr/local/etc/pkg/repos/FreeBSD.conf edit /usr/local/etc/pkg/repos/pfSense.confChange the contents of FreeBSD: { enabled: no } to FreeBSD: { enabled: yes }
Pulling up the list of packages
pkg updateWe install the necessary ones
pkg git nanoClone the repository
mkdir /opt cd /opt git clone https://github.com/bol-van/zapret.gitCopy only tpws
cp zapret/binaries/freebsd-x64/tpws /usr/local/sbin chmod +x /usr/local/sbin/tpwsPreparing the configuration
nano /usr/local/etc/rc.d/zapret chmod +x /usr/local/etc/rc.d/zapret#!/bin/sh kldload ipfw kldload ipdivert pfctl -d ; pfctl -e pfctl -a zapret -f /etc/zapret.anchor pkill ^tpws$ tpws --daemon --port=988 --enable-pf --bind-addr=127.0.0.1 --bind-linklocal=force --split-http-req=method --split-pos=2Preparing the anchor (em1 – replace with your LAN interface)
nano /etc/zapret.anchorrdr pass on em1 inet proto tcp to port {80,443} -> 127.0.0.1 port 988We edit pfSense files (alas, there is no other way) – we search and insert the contents above the line of the view $natrules .= “# TFTP proxy\n”;
nano /etc/inc/filter.inc$natrules .= "# ZAPRET redirection\n"; $natrules .= "rdr-anchor \"zapret\"\n";Let's reboot
If you did everything correctly, then in 99% of cases YouTube will work again at full speed on all devices that will be in your LAN network without installing any software on them.
On some providers this trick may not work – you will have to play with the tcp proxy (tpws) settings – refer to the documentation (very detailed, actually).
Good luck!
