What would be the best/easiest option to my home networking setup openwrt vs ddwrt vs pfsense


#1

Current TPLink TL-WDR4300 router with original firmware has parental control which is very limited.
It has only 4 entries for trusted devices. So, my ability is to either turn on parental control meaning only 4 devices can connect. What is not enough just for me, but I also need to give access to my wife, chromecast

I only know 3 options:

  • openwrt
  • ddwrt
  • pfsense

I need:

  • Better parental control features:

    • more entries for trusted devices
    • be able to limit traffic to kids. let's say from block from 9pm to 6am. With ability to quickly release that lock for 30/60/2h window.
    • ideally an advanced filter to youtube for kids. Lets say I would like to block certain videos which have in their description certain words. There're some cartoons for kids which I'd like to block.
    • some reports about what my kids are doing online. Ideally a table with next columns: Incoming traffic, outcoming traffic, time spent, resource category. Some details for each row would be nice and some advanced filtering for those details
  • intrusion detection and prevention, some immediate alerts if something is happening or reports for less important stuff.

  • vpn to my home network

  • a good QoS with ability to set priorities for different users.

  • as better as possible isolate my son from my network as he installs some stuff I don't trust.

What hardware I have:

The last one I bought for pfsense. But honestly I would rather use it for Ubuntu running docker containers as it is quiet and low powered.

About me: A developer with limited knowledge about networks. Have good experience with Ansible/Docker and prefer scripts to the UI.

I tend to think to go with Openwrt using TPLink Archer C7(Provided by ISP as a gift for being with them 3 years). I think I should be able to flash it, in the worst case using UART.

The only thing is that I'm afraid spending time and find out that I had to go with pfsense and spend the time learning pfsense.


#2

I think you should install Debian or Centos or Arch or something you know on the x86 and then run OpenWrt in either a container or VM on that machine. Use the other two as access points/smart switches.
https://openwrt.org/docs/guide-user/virtualization/start
in particular see the end of https://openwrt.org/docs/guide-user/virtualization/qemu for a virsh /KVM example

You will want to learn about VLANs and create a separate VLAN to put all your trusted devices, and you will want to set up a squid proxy to do time of day and site based filtering and keep logs of usage.

TLS has basically eliminated the possibility of content filtering by keywords etc, so probably forget that but you can do things like limit total transfer from YouTube or similar.

Intrusion detection is often done in Snort or similar and should be run in separate container or VM on the x86

Start small and build up, getting everything you mention will take some significant time investment, but you can get isolation of two networks, time limitations, and QoS pretty much right away. X86 routers are by far the best thing going.


#3

Thanks for your answer. For now I decided to try with Openwrt on Archer C7 and then if anything I would put on x86 either pfsense or openwrt.