How to prevent bypassing parental control on Flint? Maybe ban IP of VPN and DNS resolvers? But Tor will work anyway...
Maybe DPI? Is it possible to set router to ban all non HTTPS traffic?
As long as the kids have their own devices with admin permissions … you can't really block them.
There are plenty of ways to get around parental control including MAC spoofing, DNS changing, VPN and so on.
Is it possible to set router to ban all non HTTPS traffic?
That would break HTTPS as well and is not a good approach. (And what should it prevent? All sites are HTTPS since a few years)
Only solution is blocking their methods.
i guess best is to use something like tcpdump and use it in wireshark from a pcap dump, to make it easier to get only their traffic use a vlan 
Then you could restrict all ports except 443 and 80 towards wan this likely also block remote dns.
In luci you could make a firewall traffic rule like:
src: vlanzone
dst: wan
destination port: !80, !443
action: drop
But it is not 100% waterproof it is blocked, one can still use a vpn on 80 and 443, however i think if you are able to find such traffic you can also disable internet for a week or a few days?
Maybe a bit strict, but i'm sure kids eventually get bored since they learn about the consequences.
As for dpi... you can look into things like suricata or snort, but these are not recommend on a router and may also have many false positives, a true dpi system is super expensive, i think manually looking to the network is a much better approach.
You won't find it. I mean ... how would you look for it without having some DPI and traffic statistics. Just by going through tcpdump? Good luck 
Well with the limitation of ports its easier to see if one constantly connects to the same ip, true you can never be sure if that is vpn.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.