¡Gracias, primo! Espero verte en el malecón.

It is always odd to find someone who has no clue that other people have different needs and priorities.

Others report the same issue including someone commenting in this posting. From what I can tell Google is targeting private VPN servers on residential IPs.

I’ve used a different private VPN running on a commercial cloud server when traveling internationally. Google has never fucked with the location of that IP.

They were serving you pages in Spanish? That is really fucked up even for Google.

Do you believe a multinational company’s business polices are targeting you specifically each time you have a problem?

I believe Google specifically does this to discourage VPN use. It screws up their primary reason for existing: advertising revenue.

It’s already my primary search engine, but unfortunately it’s not a full Google replacement.

I avoid changing the MAC to pull a new address because family members actively use the VPN server via DNS and it can take a while for DDNS to update everywhere, but that’s what I’m going to have to do.

Whois correctly returns Charter Communications and every single IP location service shows a U.S. location. This is strictly Google’s fuckery.

I don’t sign in unless there’s some reason to. In this case Google is using cell towers to determine my phone’s location while in Mexico (and on my VPN) and then applying that location to everything on my Spectrum IP.

Interestingly Google has never done this when I’m using a VPN on a cloud server instead of my home server.

My neighbors (on the same Spectrum subnet) aren’t seeing this so it only affects my IP address. Google doesn’t give a crap about single user problems, in fact I think they’re doing this to discourage VPN use.

This happens on devices that have never been in Mexico. On those I took with me I’ve deleted cookies, cache, and used different browsers. Even allowing location on our phones and PCs and then updating the Google location on their website is only a temporary fix and as soon as cookies are cleared everything’s back in Mexico.

Home Assistant regularly reminds me of Arthur C. Clark’s adage: “Any sufficiently advanced technology is indistinguishable from magic.”

An excerpt from the Wireguard Whitepaper:

One design goal of WireGuard is to avoid storing any state prior to authentication and to not send any responses to unauthenticated packets. With no state stored for unauthenticated packets, and with no response generated, WireGuard is invisible to illegitimate peers and network scanners. Several classes of attacks are avoided by not allowing unauthenticated packets to influence any state.

After opening an SSH port and watching the number of attacks I understand the concern about opening any port on a router, but it seems the worry about opening a port for WG is way overblown.

As of now I can find zero reports of a properly configured open WG port ever being successfully used by attackers to access a network.

Anyone have better/more recent info?

A cheap device like an Onn (~$20) would solve that, probably without requiring the device have Internet access once set up.

I’ve had so many instances of free to use, lifetime licenses, and purchased software that have turned into subscription services that I refuse to install anything that requires an account unless it can’t be avoided. The fact that Plex required an account be created to view my own local content years before they started charging for use made it obvious subscription fees were coming.

Jellyfin works great. Combined with Wireguard it works great anywhere.

I’m like you and did not want any kind of corporate entity involved in my network if it could be avoided. I settled on Wireguard and rather than deal with management constantly I set up 3 times as many peer configurations as initially needed. When a new device is added I just copy a spare configuration to the device and change the name of the config on the server. Tasker is used to connect the WG tunnel on our phones whenever home wifi is not connected. The open port on the router looks closed to the outside and only responds when the correct key is received so there’s no known way to breach the network.

Everything from my phone is run through WG and it only uses a tiny amount of additional mobile data. Syncthing adds nothing of consequence except when syncing big files. Battery life is fine even with both WG and Syncthing running.

Once set up it’s required zero attention or maintenance.

Technology websites should just add a top level menu - “Google Abandoned”

What are the tunnel subnets? Are you using a reverse proxy to access local devices, or DNS rewrites?

I’d start by looking for subnet overlap somewhere.

I’m not clear about your setups at all sites. In the details for case 4 there’s a Firestick (customized Android) connected to WG (WG running on the Firestick?) but in your summary there’s a laptop in case 4 and the Firestick isn’t mentioned.

I suspect at least part of the problem is that Android does not tunnel hotspot client traffic. It provides Internet but not WG connectivity. Only the phone’s apps will be able to connect through the WG tunnel.