Hi All, First post and looking for advice. I use a company called VPN express and stupidly and very ignorant of the detail around security until I happed to come across your fantastic site and videos. I am looking to add some type of firewall with encryption and geo location features like i get from the software provider VPN express so that all devices and my children have some protection.
Can you suggest some options.
I would like to learn more around the security and parental controls as well.
Those VPN services don’t as rule offer “safe” controls for a parent, they simply mask your IP address with theirs.
If you want to ensure your children don’t come across dodgy material, then I believe some DNS services have family offerings, look up cloudflare, OpenDNS etc. it will block some stuff.
I think you are not clear on what protection VPNs offer it’s not what you think, ignore their claims.
Depending on your knowledge levels and pain thresholds, if you get pfsense running you can add pfblocker across your network, it will cut out a lot of crap, porn, gambling etc. the beauty of this solution is that regardless of what your children do it will be difficult for them to circumvent.
Encryption is between two points, so basically with VPN providers you are paying for the ISP not to see what you are doing.
If you are down the pub and want to use their free wifi, then with pfsense and OpenVPN you can create a secure/encrypted connection for free back to your home network and out to the internet, however, in this case (depending on your knowledge) using a paid for VPN might be easier to set up.
If you are not up to the effort of pfsense, then you can easily buy an Asus router (which allows OpenVPN clients) and set up a paid for VPN on it for the whole network, if you believe they block out all the crap then it can be applied across the network.
Your best bet for preventing kids at home from accessing content they shouldn’t is some type of content aware filter services at the network edge (router/firewall), filtering by domain or ip alone isn’t the most effective way.
Thank you. I am looking to do a few things content filtering is one and encryption / security another. Just needed advice on the direction. Lookks like a firewall / router upgrade. I really appreciate the advice…I have a lot of reading to do. Thanks again
I did make an error thinking that a 48-Port PoE switch would be much more expensive compared to adding an 8-Port PoE switch which is what I did, the costs turned out to be similar in the end.
You will end up with vlans so ensure your access point can handle multiple SSiDs, the TPLink can take 8x2 it works very well and has a good set up for a guest wifi access with vouchers similar to hotels, meaning no need to share passwords.
Bought the router barebones, adding the HDD and RAM which I already had, the Netgate routers are fine but kinda pricey for me. The best thing is that even if the router fails I can swap out the components or restore the config to a new device.
vlans - you can set up your childrens vlan, locking it down with pfblocker, you can also use a schedule to cut internet access at bedtime without affecting the other vlans
security - you can set up as many openvpn servers and clients as you need, your paid for VPN can be setup on a vlan giving access to all users on that vlan. Additionally you can setup an openVPN server which you can access from the pub but goes out via your paid for VPN. There is probably a limitation on the number of VPN connections you can have from your provider, you can overcome this by doing the above.
I’d say doing the above gives you a good balance between; costs, security, scalability.
