Imgur geo-blocked the UK, so I geo-unblocked my network

> Second, even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy.

This is what routers are for. My router (a cheap fanless box with several network ports running linux) is the only thing on my network that knows there's a VPN. I can selectively route whatever I want through it, including having a separate SSID/VLAN from which everything is routed through the VPN. It's wireguard based so there's no "installing a VPN", just an interface/network configured in systemd-networkd (once, on the router).

Edit: Routing by domain name could be tricky, though. I haven't had a need for that, and a proxy with local DNS override (as in the article) might needed if it came to that. I'd still do it on the router, though.

I was hoping, from the title ("Geo-Unblocked") that this would be about arranging an IP address block that wasn't associated with the UK, rather than just selectively running some traffic through a VPN.

"Is this overkill for viewing the occasional Imgur image? Probably."

From the last couple of weeks of researching some stuff, it makes perfect sense - I keep stumbling across blogs and documentation that uses Imgur, and it's really quite annoying that I can't see the screenshot or image that is being referenced. It hasn't /quite/ hit the point to put something in place, but this is super helpful for the final straw - when it comes!

Imgur is one of the more annoying UK geoblocks because they persist it with cookies, so if you want to view something you can’t just switch to VPN for a second without also changing browser sessions.

Reddit is worse… you can’t even view someone’s profile if they’ve ever submitted a post labeled NSFW.

This can be done on UniFi using policy based routing too trivially if anyone wants to repeat this.

Instructions using the unifi mobile app as it’s what I have to hand:

1) download wireguard conf file from vpn provider. On mobile app settings -> vpn client -> add new -> wireguard. Upload the file and save it

2) settings -> policy engine -> policy based routes. New. Select what to route -> specific traffic. Source = all devices. destination = domain name. Here add any domains you like. Interface = add the vpn you added in step 1

I've done similar. But I just used PBR (policy based routing) on my OpenWRT router. Took about 15 minutes to set it up. You can pick which domains go through VPN. Works great.

I feel like I'd rather solve this with a proxy PAC file. I recently started using this on airplane Wi-Fi where they'd block VPNs, but strangely not SSH. Dynamic forwarding with a good PAC to "direct" connect the onboard entertainment and flight tracking hosts/URLs works great!

they block VPNs too, if yours is working it's just a matter of time until they get to it. Avoid using imgur entirely. What I find insidious is that unlike reddit and some other sites, they won't tell you it's blocked, they'll give you this:

{"data":{"error":"Imgur is temporarily over capacity. Please try again later."},"success":false,"status":403}

> even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop? Every device would need the VPN running, and I’d have to remember to connect it before browsing. It’s messy.

Is there a way to install a VPN such that requests to/from certain domains (e.g. imgur.com) are routed via the VPN and the rest of your traffic is via non-VPN?

This would solve the problem of constantly having to dis/re connect VPN, and do it in an automatic fashion (i.e. without the manual steps of first recognising there's an unavailable asset on the page, opening VPN app, switching it on etc).

Such a configuration would also be very useful in other situations, e.g:

- using social media in countries that require age-verification

- using apps that geoblock (e.g. spotify blocks my subscription every few days because it detects a change in country, but what it's really detecting is simply whether or not my VPN happens to be on/off)

- accessing sites which are blocked (e.g. Thailand blocks common UK news sites which have said unflattering things about Thai royalty).

> First, I just upgraded to 2.5 Gbps internet and I don’t want to route all my traffic through a VPN and take the speed hit. I have this bandwidth for a reason

You don't have to. You create a container which runs openvpn to connect to your vpn provider, and also hosts an ssh daemon. The ssh daemon receives incoming SOCKS5 connections from a firefox portable browser, which has been configured to use the proxy (your Docker openvpn-container) for browsing and DNS resolution, and pipes it through the VPN tunnel.

So you have that one browser just to surf imgur. if that's your thing. And you could also use Firefox on Android (maybe also iOS) with those proxy settings (a secondary Firefox browser, like the beta version).

So you get very high control about what you are using the VPN for, you don't just pipe your entire OS's network traffic through the VPN.

This took me a good 4 hours uninterupted to setup as I had not a single item in the stack setup yet (PiHole, Traefik, etc.) but do have Docker running on my NAS, but the end result is satisfying.

To anyone that wants to follow this article, it's more general guidance than an actual tutorial, there's a lot of holes to figure out.

It also doesn't work when directly accessing imgur, even if you add rules for the domain and the other subdomains they use, which is annoying.

> Second, even if I installed a VPN on my main machine, what about my phone? My laptop? My desktop?

Also, Imgur blocks many VPN IPs. I use Mullvad and I have not yet found a single Mullvad IP that can access Imgur.

a-ha, if you happen to have a Unifi router then a simpler setup would be to do policy based routing by hostnames through a vpn client maintained in the router config

Nice work.

I've thought about doing something similar as well! It drives me nuts this ban, everywhere I look I see these blocked images. I thought about making a chrome extension that proxies.

Next-gen VPN: content-aware routing. Just as NAT keeps track of who is talking to what, VPNs will one day actively detect that traffic is hitting blocks and re-route that through exits not subject to blocks. Bypassing local restrictions on an ad-hoc basis will become seemless.

Could this be built into open source routers? If you wanted to get fancy you could even select the best VPN for the particular service.

Did this with policy based routing in my opnsense (pfsense) router a couple of weeks ago. egress via a specific tailscale exit node for a list of domains including Imgur.

Also browsing Minecraft mods/shaders was my motivation ha.

So imgur is still alive?

From Italy (no VPN) I've been getting «{"data":{"error":"Imgur is temporarily over capacity. Please try again later."},"success":false,"status":403}» for any imgur url for maybe an year

> The key detail is network_mode: "service:gluetun"

Such a clear giveaway that this was written by an AI

That's a lot of steps for something that would be a simple route rule or mangle + mark routing on mikrotik.

The route rule would route out a VPN instead of the main route.

If the domain name resolves to many IPs you can keep an address list up to date using a simple script.

There is currently no alternative to geo-blocking the UK if you don't want to get threatening legal letters from Ofcom that order you to break the laws of your country.

Possibly a great way to circumvent stuff like Netflix/Spotify/whoever's "same household" requirements? A RasPi or cheapo Mini pc configured with this and PiHole that I can set up in my "remote family's house to funnel their Netflix/Spotify traffic through my internet connection/IP address?

If your VPN provider offers a socks5 instance you can do this entire thing with a socat oneliner + the dns hijack of course.

For some reason T-Mobile in the Bay Area can get randomly geoIPed to the UK so imgur just randomly breaks on my phone. Marvelous

It works great till you leave your house.

Unless you vpn back to your house, but then again, now you are using double vpn!

This is quite easy with OpenWRT.

Install the Wireguard packages, create a connection to your VPN of choice in a nearby country (I chose Sweden). Then I used the "vpn-policy-routing" package to route Imgur IPs (199.232.196.193 199.232.192.193) through the VPN.

Works for websites that keep nagging you for age verification too.

But seriously, it's been more emotional than I'd expected to get my cat memes back.

This is the correct way to make exceptions for hostnames, not policy based routing on a router that merely translates hostnames to IPs, IPs which could be shared by 1000s of services and thus a much wider whitelist than you wanted. Nice

What's annoying about this block is that Imgur detects Telegram's server for image previews as coming from the UK but they are in the Netherlands so when someone sends an imgur link through Telegram with the little preview attached you now only get the "not available" image as prevew...

Interesting. I have nextdns.io and VPN proxy and a unifi router. Is this possible for me?

So you are just a simple GB citizen and some external site blocked access by country affiliation?! Is there any practical reason for blocking access to that site by geotargeting?

I've not managed to succesfully use a VPN to get around the geoblock. It seems that most of VPN exit nodes are also blocked (but in a different way)

Why not call it split tunneling, which is what it is.

I wonder how did you overcome https. As I understand the request that goes to rerouted Imgur proxy will have different cert.

This is such a deep rabbit hole! Other alternatives include CDN and residential proxies, no VPN required

> Back when Reddit embedded everything on Imgur, maybe fifteen years ago, it was genuinely useful.

This is true, and I learned to hate every bit of this fact. It taught me to despise hotlinking with passion.

All of those links are now down the train, and you have to pray that someone not only backed up the specific image you're looking for, but that they did so in a discoverable way.

Another thing that you can do when you have the IP address range is just run a traditional split-tunnel. A simple way to do that is to run Wireguard on a cheap VPS, then have only traffic to those fixed IPs go to that tunnel. The nice thing about this is that tiny WiFi routers (e.g. hAP AX S) these days support Wireguard at pretty decent speeds. Then anyone on your network gets this, and if you want it while you roam you can just run the Wireguard VPN on your phone as well with the same rules.

it could be easily done by policy based routing on your machine or your router.

look at controld.com

Imgur doesn't even let me sign into my almost 10 year old account from many countries while traveling. Never seen this kind of wack shit anywhere else. The fuck's their problem?

in summary: wasn't using a vpn, is now using a vpn ¯\_(ツ)_/¯

Imagine having to install a vpn to browse the internet in a first world country.

[dead]

[dead]

[dead]

> ⌘+F, "vote", Not found

Seems the author forgot one step.

Great work! Perhaps not the appropriate OSI layer, but would be cool if this could pull the imgur blob from the wayback machine if unavailable on imgur proper. You'd still need this networking setup, as archive.org is blocked as well in the UK per ground truth from others on HN.