Hello,
At the moment I have a router / switch (Mikrotik CRS125-24G-1S-2HnD) with fiber optic internet (site 1) and a router (Mikrotik CRS125-24G-1S-2HnD) at another location and it is connected via an LTE (4G) connection (site 2). I can set up a VPN connection to the router of site 1 with a laptop on site 2 and this has worked well for years (internet, NAS, watching TV, etc.)
Now I have a Samsung Smart TV on site 2 and on it I want to use the KPN iTV app (TV from the largest Dutch provider) and it is connected via Ethernet to the router on site 2. Due to some rights I am not allowed to watch iTV because I am not in the network of the provider (KPN).
What I’m looking for now is the following connection:
iTV app (site 2) ⭢ Samsung Smart TV (site 2) ⭢ Ethernet (site 2) (only one port)⭢ Router (site 2) ⭢ VPN ⭢ Router (site 1) ⭢ WAN (site 1) ⭢ Provider (KPN)
Can someone help me with such a configuration or does someone have a simpler idea?
Thank you in advance.
Erik
If you’re ok with passing all the traffic from the TV over the VPN, this should be straightforward using wireguard and policy routing on the TV’s IP. If it’s only the traffic of the KPN app you want to route, it may involve a bit more wiresharking to work out the specific destinations and ports the app is using (and maintenance when KPN is making changes to their infrastructure). Only thing to watch for is for the tunnel MTU size if the ISP connecting is over PPPoE and you’re establishing the tunnel over IPv6 (i.e.: use MTU 1412 instead of the default 1420, assuming MTU 1492 of the PPPoE).
However as the CRS125 isn’t the best performing VPN router and there’s nothing in that traffic that needs to be kept private (eventually it’ll be routed over the internet anyway), you may also want to opt to route through a simple IPIP tunnel over public internet, without any encryption, or even over the public IP’s and just masquerade the traffic you forward from site 2 at site 2. Just make sure you limit forwarding at site 1 to traffic from site 2 so that you don’t become an open forwarder…
Cheers.