[rqebmm]

Full Disclosure: I work for a private VPN company

This depends on the VPN provider. Private VPN services share IPs between customers, and the extra layer of privacy they provide comes with high potential for abuse. Some providers care more about preventing fraud than others. Cloudfront is likely just blocking IPs that have behaved poorly in the past, so I'd suggest you look for more reputable VPN providers that actively weed out fraudulent users.

[redblacktree]

Could you provide some more advice (or links to advice) on this? I'd like to set up whole-house, always-on VPN, but I'm concerned about service quality issues, specifically blocking. (i.e. the wife will make me take it down if it adversely impacts her ability to watch Netflix or inconveniences her in any other way)

[rqebmm]

Sure! Our company has been working on a "whole-house, always-on" product for a while, but it hasn't taken off because of the difficulties involved with having users flash Tomato onto their routers. I'm guessing HN readers are a bit more comfortable with that :).

https://www.goldenfrog.com/vyprvpn/vpn-router