Is it possible to use an OPNsense routers VPN to create a VPN without a static IP (Comcast Home internet) the idea is to set up my Dad with an OPNsense router that I can remotely access and have my OPNsense router route all traffic to Netflix through the VPN to my dad’s network (making Netflix think I am at my dad’s IP) with the bonus of allowing me to update my dad’s router as well.
Comcast is relatively stable - so even if you configured the VPN by IP only you’d rarely have to fix it. I think I’ve had the same IP for a couple of years at this point.
You can also set up dynamic DNS and set the endpoint as the dynamic record - this will probably require a restart of the VPN client when the remote IP is changed to fix as most (all?) of the VPN clients won’t query DNS again once the tunnel is built.
You could use Zerotier which won’t care about dynamic IPs - assuming optimal conditions your traffic will flow directly between endpoints but it is possible for traffic to flow through a mid-point if the endpoints can’t talk directly.
Use Dynamic DNS and if you want a fancy domain name use a CNAME pointing to your dyndns address.
Get a public DNS name. Install the os-ddclient plugin. Refresh the page. Go to Services->Dynamic DNS->Settings. Enable. Click on Accounts and add one for your DNS name. Select your DNS provider from the list. Fill in provider-specific fields like account #/API key. Now when your public IP address changes, opnsense will soon thereafter update your DNS provider with the new address using their API.
Should be possible with Tailscale…
My Comcast IPv4 and IPv6 have been stable for months. I have 3 separate WireGuard interfaces running at any given time: (1) commercial VPN provider; (2) my devices inbound to route over commercial VPN provider; and (3) my devices inbound to route over Comcast (geolocation for certain streaming services like the Comcast app).
I have a gateway setup for the commercial VPN out, and firewall rules to appropriately direct traffic from my inbound devices. The reason I have 2 different interfaces for my devices inbound is to simplify firewall rules. I don’t use the commercial VPN on my primary desktop at home (or most trusted devices) due to streaming at home. It is much easier for me to have the separate interfaces than trying to manage dozens of firewall rules and/or changing IPs of streaming services for IP-based split tunneling.
I am investigating a similar setup to what you want, but for my sister and brother-in-law to be able to watch sporting events. The regional sports network does not have a reliable streaming option for my BIL’s favorite sport — baseball.
Just setup a site to site and have his TV/device route all traffic through it.
Use a dynamic DNS tool so you’re always looking at a CNAME. You can then use that as an allow rule so your VPN is that much more obscured. (Obscurity isn’t security but it helps )
I would prefer to not have to fix it and just have it set, how well would Dynamic DNS work? and how well would Zerotier work with OPNsense, the important thing is that only Netflix traffic is routed through the VPN and never through my own network.
I just have my DNS hosted AWS Route53, the opnsense Dynamic DNS service supports updating that via an API key.
Custom domain name ($7 a year for a very short but memorable one I registered on one of the new tlds), no DynDNS provider required, no monthly fee beyond the Route53 cost which is minimal and usefully flexible for many other things, like obtaining certificates for endpoints in the hosted zone, or using it as your own custom domain name for mail or squarespace or wordpress or whatever.
How well would that work to have all Netflix traffic routed via tailscale between 2 OPNsense routers?
I have nine OPNsense routers I manage for friends and family all across the US, and I use DDNS for every one of them with WireGuard tunnels to each of them. They are on everything from Comcast, Cox, Spectrum, you name it, and I’ve never had connectivity issues.
Zerotier is probably the closest to the ol’ “set it and forget it” that you’ll get. I do have a setup with some video being shuffled around that way and it works well. Personally, as stable as my Comcast IP has been, I’d just use IPsec.
You’ll also have to do some routing magic - I’m not certain opnsense supports ASN lookup in routing/rules so you might have to create an alias and manage it manually.
DDNS works really well.
I have no idea. The bottleneck, most likely, will be at your location; your router will have to download Netflix content, encrypt it on the fly, and push it out to your dad’s router. So a lot will ride on your Internet connection and your router’s processing power…
the VPN is more for netflix than remote management, actually it’s really the main point otherwise not really worth the cost (buying hardware, extra power draw, etc), the remote management is just an added plus