General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Mr_Blobby
(newbie) Mon 22-Jun-15 11:26:47
Print Post

Upgrade dilema and BT lockdown


[link to this post]
 
Superfast broadband has just become available in our area so its a good time to upgrade my service and my router. Unfortunately in a rather timely manner we have been reminded of the dangers of the Internet as we have just experienced a rather nasty incident which has necessitated police involvement. The result is that I'm not only thinking about the technology, but also appropriate parental controls to protect younger family members.

I currently have a basic ADSL modem, a Cisco 877 router which acts as a firewall and VPN endpoint for work as well as a couple of D-Link 613's running DD-WRT acting as an APs and an extender-bridge.

No 1. shouldn't be too difficult to sort - in theory. I spent a while doing a bit of research and it would seem that a new router with VDSL2 support should do the trick. If I upgrade with my current ISP, I will automatically get an Openreach VDSL Modem to which I can connect my router via Ethernet cable. With BT (who appear to have a good deal at the moment) you get a HUB5 which does away with the need for an Openreach Modem as it has VDSL2 built in.

However, I am then told that ISP's like BT and Sky lock their routers and link down so that you cannot connect another router to the line. So, I need to understand exactly what they do and how it restricts me as it would seem that if I went with their package, buying another router would seem to be pointless as I would be stuck with whatever facilities they lock me in to.

No2. appears to be a more difficult challenge. For this to work, I would need to be able to apply parental controls only to specific devices, with a more relaxed policy for mysef and wife. Is seems that such a service would need to exist iat a central point on our home network so the router seems the obvious place. After a bit of research I find that most routers - even very expensive ones - have only very basic options that apply a single filtering policy to every device on the home network. But in fact, my ISP already does the same thing as does OPenDNS. Some routers (e.g. Linksys) have an offering that you need to subscribe to at considerable extra cost. Then I discovered that ASUS routers can apply filtering policies on a per device basis using the mac address which seemed ideal. I was then told by the PC World rep that they are unreliable and since the model I was looking for (Asus RT-AC87U) was not in stock, they sold me a Netgear router instead (Nighthawk X6) assuring me that it would do the same thing. While this router undeniably has excellent WiFi facilities, for parental control it uses OpenDNS which I could have subscribed to for free instead of paying £189 to buy a router, and whoch can pnly apply on filtering policy for the entrire household. What;'s more, you have to regularly update the dynamic IP address your BB provider assigns whoch seems to change every few days. What is even worse, is that this router reveals passwords in clear text on both the router and the Genie application as well as featuring a bypass option. I cannot have confidence that this is likely to be secure. so no thanks - its going back today.

I have also tried K9 and the Microsoft parental controls built in to Windows 7. K9 unacceptably slows down the PC. The Microsoft tool seems to have become very basic in nature. There used to be categories that you can select, but all you get now is an option to block 'unacceptable sites'. There seems to be no explanation as to what this actually means although there is also a blacklist option, but this would require me to list every site site I can think of, with the possibility that the ids would find others as a workaround.

Does anyone have experience of the ASUS routers and the parental control tool on them?
Administrator MrSaffron
(staff) Mon 22-Jun-15 11:32:02
Print Post

Re: Upgrade dilema and BT lockdown


[re: Mr_Blobby] [link to this post]
 
To be honest all the parental controls have their pros and cons and only real way is to enforce a white list scenario of approved sites. This will often break lots of other stuff too but keeps the device locked down.

There are tablets with parental controls built in aimed at the younger audience.

As the ISP locking down, the BT one is easy enough and no problem to get around. With Sky you just need to sniff the username and password from their existing router, so more work but possible.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User jabuzzard
(newbie) Mon 22-Jun-15 15:06:24
Print Post

Re: Upgrade dilema and BT lockdown


[re: Mr_Blobby] [link to this post]
 
The only way I know of doing per device filtering is using a Draytek 2860 with their GlobalView service. The simplest way is then to create multiple WiFi networks with different passwords, put them in different VLAN's and give them different filtering. You can also filter the six 1GbE ports on the back of the router and it has a built in VDSL modem so it is a one box solution.

Unfortunately the more SOHO orientated 2760 is not able to do this so the GlobalView subscription goes from £26 a year to £45. You could do it with a 2760 if you created port based VLAN's and attached WiFi access points to those and filtered on port based VLAN's. However this would be something of a nightmare cable wise and you have to hope that the WiFi channels around you are not congested because you cannot have multiple SSID's on the same channel from the same device type of WiFi networking.

It is a crying shame the 2760 can't put the different WiFi networks on different VLAN's and hence do the filtering at more home friendly price.


Register (or login) on our website and you will not see this ad.

Standard User panda
(committed) Mon 22-Jun-15 16:52:54
Print Post

Re: Upgrade dilema and BT lockdown


[re: Mr_Blobby] [link to this post]
 
Research pfSense and/or Smoothwall.
Both can utilise DansGuardian/e2Guardian to provide per client web filtering (amongst many other things).

Eats shoots and leaves.
Standard User Mr_Blobby
(newbie) Tue 07-Jul-15 19:44:09
Print Post

Re: Upgrade dilema and BT lockdown


[re: jabuzzard] [link to this post]
 
Thanks for the replies. In the end I opted for a Draytek Vigor 2860ac. This router is quite costly for a home solution, but it does everything I need. Apart from the fact that the management interface is soooo frustrantingly sllllooooow - which almost convinced me that it had to be faulty and needed to be sent back for refund, everything else seems to work OK, so I can live with it.

As it turned out though, I could not use per user filtering firstly because the user login was unacceptably slow. I tried to solve this by using mac to IP binding instead, but the WiFi extender would not pass the device mac addresses so it didn't work for any devices connected to the extender. In the end I solved this by setting up two SSIDs, mapping them to separate VLANs each with its own subnet, and assigning a different filtering policy to each of the subnets - one for children and one for the adults. At least the Vigor is quite flexible in that way.

Rather curiously, for some reason my ADSL speed dropped to less than 0.5mbps a day or two prior to the migration, which was actually lower than the upload speed which was still 0.75mbps. Initially, I thought this was a problem with the modem, but PlusNet advised me that the speed was set to this low level at the exchange. The usual speed I got before that was around 2.5-3.5mps. The Openreach engineer switched me to Infinity today and said this had nothing to do with the migration process. I have tried setting up the 2860 both using the Openreach modem via the WAN2 ethernet interface, and using the WAN1 ADSL/VDSL interface. Either way, Speedtest earlier showed a speed of around 25mbps but now in the evening it is hitting 28mbps which I suppose is not bad considering the expected speed was 22mbps and considering that according to the Openreach engineer I am around 800 metres from the cabinet.
  Print Thread

Jump to