AiProtection & router-based VPN are incompatible

[495TuhCx+aptain]

Any traffic that reaches the router from the local LAN before getting into VPN tunnel running on the router are subject to analysis by TrendMicro, which is what implements ASUS AiProtection. For many of its specific functions, some portion of the router traffic is being actually send out to TrendMicro by ASUS routers, including MAC and IP addresses (local and external ones in each web request). This largely negates the privacy protections provided by any kind of VPN running on the router (either as a server or a client). External traffic being received from the VPN tunnels running on the router have the same destiny ones it gets out of the tunnel.

Does Entware SKYNET also sending local traffic somewhere (although its functionality is different from AiProtection)?

 

[L&LD]

Welcome to the forums @495TuhCx+aptain.

No, I don't believe that is how it works at all.

Also, Skynet doesn't send data out either.

 

[Tech9]

subject to analysis by TrendMicro

Everything TrendMicro related is optional function, default disabled and with data sharing agreement. You have to decide what do you want.

Skynet is an IP-blocker. Unsolicited inbound connections are blocked by the built-in firewall. You have to decide what do you want Skynet for.

 

[495TuhCx+aptain]

My Wireguard VPN (client on the router) traffic has created stats shown by AiProtection.
Are those stats (particularly, as to what kind of apps are using the Internet through the router) are created exclusively on the router?
Is the traffic from my local hosts not analyzed on the presence of viruses and malware and this is done at TrandMicro, not locally?

 

[495TuhCx+aptain]

Everything TrendMicro related is optional function, default disabled and with data sharing agreement. You have to decide what do you want.

Skynet is an IP-blocker. Unsolicited inbound connections are blocked by the built-in firewall. You have to decide what do you want Skynet for.

No, I realize that AiProtection can be turned off. It just seemed that there is quite a bit of engagement with this feature among ASUS routers’ users.

As for SKYNET, Diversion is an IP blocker. Doesn’t SKYNET need to learn?

 

[Tech9]

this is done at TrandMicro, not locally?

It's not done at TrendMicro. TrendMicro collects anonymized stats data. It's done on the router, but not a true IDS/IPS. Mostly URL blocking since the engine doesn't see anything encrypted. Some people use it, some prefer not to. A matter of choice. You have to agree to data sharing.

Diversion is an IP blocker

Diversion is a DNS-blocker.

 

[495TuhCx+aptain]

It's not done at TrendMicro. TrendMicro collects anonymized stats data. It's done on the router, but not a true IDS/IPS. Mostly URL blocking since the engine doesn't see anything encrypted. Some people use it, some prefer not to. A matter of choice. You have to agree to data sharing.



Diversion is a DNS-blocker.

How can they be blocking infected clients on the local network based only on the anonymized statistics about their traffic?

 

[bbunge]

Easy solution...don't run a VPN client on the router. Just slows things down anyway...

 

[Tech9]

based only on the anonymized statistics

Blocking is done based on signature files downloaded to the router periodically. When you enable anything TrendMicro related in Administration, Firmware Upgrade section of the GUI appears Signature Version field with information about the version and update date. Updated once per month usually.

don't run a VPN client on the router.

Indeed. VPN client on-device goes straight through AiProtection. It can't see anything.