Menu
What's new
By:
Filters Better Search

Block Hotspot VPN use on Guest Network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bertthefreak

New Around Here
Hi,

Just wondering if it's possible to block the use of hot-spot shield on the guest network or altogether. I've noticed that some of the teenagers coming into the premises are using it to bypass the parental controls, firewall and dns filters.

I want to stop them but still allow them to use the network for their homework etc.

I've an AC66U with firmware RT-AC66U_3.0.0.4_374.42_0

Any tips would be appreciated

Thanks
Bert
 
Anyone?

I've found this for another router and was wonder could I apply the same principle using iptables or something.

ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4w2d chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers \
address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers \
content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList \
address-list-timeout=4w2d chain=prerouting comment=WhiteList content=\
!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
Click to expand...

ip firewall filter
add action=log chain=forward comment="Allow WhiteLists" disabled=no \
dst-address-list=WhiteList log-prefix=WhiteLists
add action=accept chain=forward comment="" disabled=no dst-address-list=\
WhiteList
add action=log chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers
add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \
src-address-list=HotSpotShieldUsers
Click to expand...

Here's the source site: Source Site
 
Would be nice to block VPN services on the guest lan.
The specific service you mention maybe only use port 443, but a lot of VPN providers use all kind of ports. Also port 80 is used for this.

So, destination port blocking doesn't solve the problem.
I guess you need some SPI firewall to fix this issue.
However that is very CPU intensive.
Probably out of the range for the routers we use.

So, let's talk to the teenagers again. :rolleyes:
 
You must log in or register to reply here.

Similar threads

OakleyFreak
Solved Guest network On VPN on 3004-388.8_2
Replies
2
Views
557
OakleyFreak
OakleyFreak
D
Network Services Filter - rules don't persist?
Replies
13
Views
2K
L&LD
L&LD
J
Guest Network Pro and printer
Replies
13
Views
592
bennor
B
M
Any workaround to expand Guest Network 'features' on Mesh for IoT Devices | AX86U
Replies
2
Views
474
ChatmanR
ChatmanR
J
Pihole/Yazfi with guest network
Replies
4
Views
943
jsn2233
J
Similar threads
Thread starter Title Forum Replies Date
V Does DNS director block port 53 and/or 853 outgoing? Asuswrt-Merlin 3
K Solved "Block internet access" does nothing Asuswrt-Merlin 7
R Addition of Block Internet Access Asuswrt-Merlin 5
K How to block LAN access for a wired device on ASUS Merlin (Firmware 3004.388.8_2)? Asuswrt-Merlin 12
M URL block List Asuswrt-Merlin 5
N IPv6 6RD tunnel block/allow by mac/IP Asuswrt-Merlin 3
elrengo RT-AX88U Pro - Block YouTube on Smart TV Asuswrt-Merlin 12
L "Block internet access" toggle in Client Status GUI doesn't stick Asuswrt-Merlin 3
C Is there any easy solution in Merlin for a VPN server that is hard to block/detect? Asuswrt-Merlin 14
C isp block dns over tls and poison any unencrypted dns resolution Asuswrt-Merlin 14

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 715 (members: 20, guests: 695)
Top