> Sometimes i even dream of sending my europe traffic via the internal aws network via regions, but hey...

It's more work, but you can definitely do this. Inter-region traffic still carries egress charges though, so be aware of that in advance. This is a very common pattern in enterprise networking when building cloud-based SDWAN topologies: branch a,b,c connect to hub-1 in us-east-2; branch d,e,f connect to hub-2 in us-west-2; dc1 connects to hub-1 in us-east-2; dc2 connects to hub-2 in us-west-2; services in dc1 and dc2 can reach each other for DR and clients in branch f can reach services hosted in dc1.

Underlying all of these SDWAN technologies is essentially basic site-to-site VPN tunnels. Most still use IPSEC, although Wireguard is also used sometimes.

Oh man, i can not even imagine setting up something like this by hand. Maybe with terraform.

The only tricky part is the inter-region routing, and this can be managed largely within AWS using Transit Gateways (TGW), for a price, for more of a price AWS even makes it easier with Cloud WAN: https://aws.amazon.com/cloud-wan/

See: https://aws.amazon.com/blogs/networking-and-content-delivery...

Basically if you just link your VPCs in each region with the appropriate routing policies, you can just connect to your preferred VPN server in each region and ultimately get routed correctly. This is what companies with cloud-based SDWAN do for providing SASE services to end-user clients.

Thank you.

> problems like cloudflare blocking. [...] Sometimes i even dream of sending my europe traffic via the internal aws network via regions

I'd bet you'd see a lot of blocking coming from AWS IP pools too.

I set up a Debian vps, installed Tailscale with ufw and fail2ban. I use this as my exit node. Costing around 2 euros per month. No blocking so far.

Thank you.

I pay like 10 euro per month. For tailscale with Mullad VPN, which has like 50 countries setup with several exit-nodes in each country.

But with blocking. :)