Hugga Wugga
New Around Here
I've been reading through some of the threads on scripts such as Diversion, Unbound, Skynet, etc and I'm a little confused on what exactly I need to support the setup I want - or its even possible. I'm just wondering if one of you seasoned pros could point me in the right direction. I've been looking at the DNS filter functionality but I'm not when this happens. Would scripts still work with the devices that were filtered? Basically I'm looking for a setup as follows:
all devices.
-----------
Unbound DNS Server (with stubby or preferably DNSCrypt)
Blocking of adblock and malware
kids devices
------------
Additional blocking of adult sites, and proxy sites (to prevent bypassing - I want to at least make them work for their freedom!)
Intercepted DNS to prevent them setting their own DNS on client devices
Tor blocked
adults devices.
--------------
Ability to bypass DNS with settings on client devices
Policy based OpenVPN
Tor allowed
With regards to the blocking of proxy sites, I've not seen anything in the threads I've read that suggest this could be done with any of the available scripts. The cleanbrowsing DNS server would be a possibility, but if I used DNS filter to send the kids devices to this DNS server, would they still be able to take advantage of diversion? Is it possible to enforce (intercept) DNS for select devices and allow other clients to bypass it? Is it possible to restrict OpenVPN traffic on certain devices? With regards to tor - I guess the best bet would be to use a regularly updated ipset of known exit points and use it to block outgoing traffic from select devices
I have a DSL-AC68U modem/router and am planning on installing the gnuton firmware in the next week. I'm just trying to familiarise myself as much as possible beforehand and have some kind of plan of action. I don't mind getting my hands dirty if necessary... I may be a noob to routers and this firmware but I'm very familiar with Linux (server and desktop)
all devices.
-----------
Unbound DNS Server (with stubby or preferably DNSCrypt)
Blocking of adblock and malware
kids devices
------------
Additional blocking of adult sites, and proxy sites (to prevent bypassing - I want to at least make them work for their freedom!)
Intercepted DNS to prevent them setting their own DNS on client devices
Tor blocked
adults devices.
--------------
Ability to bypass DNS with settings on client devices
Policy based OpenVPN
Tor allowed
With regards to the blocking of proxy sites, I've not seen anything in the threads I've read that suggest this could be done with any of the available scripts. The cleanbrowsing DNS server would be a possibility, but if I used DNS filter to send the kids devices to this DNS server, would they still be able to take advantage of diversion? Is it possible to enforce (intercept) DNS for select devices and allow other clients to bypass it? Is it possible to restrict OpenVPN traffic on certain devices? With regards to tor - I guess the best bet would be to use a regularly updated ipset of known exit points and use it to block outgoing traffic from select devices
I have a DSL-AC68U modem/router and am planning on installing the gnuton firmware in the next week. I'm just trying to familiarise myself as much as possible beforehand and have some kind of plan of action. I don't mind getting my hands dirty if necessary... I may be a noob to routers and this firmware but I'm very familiar with Linux (server and desktop)