Question How to block tiktok at the router level? Using ASUS RT-AX88U

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,099
126
Old PC can be used as pfSense router, but you need to add an USB ethernet adapter or PCIe NIC, however it will use too much electricity. Running pfsense in a VM also require a PC that's always on 24/7 and probably need complex config mentioned by @Fallen Kell

You can run pfsense on Zimaboard (6 watts only)


As you can see, Realtek NIC has some combability issue with pfsense but seems easy to solve.

Or any mini PC with dual Intel NICs or more available on Amazon also will do and can have better compatibility.
 
Last edited:

Fallen Kell

Diamond Member
Oct 9, 1999
5,993
413
126
Yeah, mine typically draws about 45W, and hits around 60W at real heavy load, which is not bad for a full blown x86_64 system. I figure I saved much more than that on swapping out incandescent lightbulbs for LED based ones across most of the house (~40 lights) over the last couple years.

I could have run this as a VM on my VM server (a Supermicro SC846 running XCP-NG) but I do automated maintenance on that and didn't want to lose the network when it reboots.
 

iamgenius

Senior member
Jun 6, 2008
803
80
91
Placement is pretty specific. You might be able to get away with it on a VM from a host physically connected to your wireless router, but you would need to take advantage of VLANs to do so, and also need a wireless router that supports VLAN trunk ports (i.e. a port that is associated with multiple VLANs). Not all wireless routers will give you this capability.

For this example:

Create new VLAN (make it something not in use, probably something like VLAN ID 11) on wireless router (router/software specific, so directions need to be looked up for your hardware), and assign one of the ports to that VLAN (example below assumes port 2). Setup port 3 to default untagged data to main VLAN used by the rest of the switch ports (probably VLAN ID 2, but this varies from manufacturer to manufacturer), but also allow the tagged use of VLAN 11 on port 3. Connect the following:

((INTERNET)) <--> [ISP modem] <---> [Port 2 on Wireless router]

Connect your computer running the VM to port 3. Then when you setup pfsense VM, you can specify that it uses VLANs for routing between the public (WAN) and private (LAN) networks, and specify the appropriate VLAN ID (11 for public, and 2 for the private in this example). When configuring the LAN, specify the an IP address for whatever network you are using on your wireless router's internal net (i.e. if you are using 192.168.1.1 for your wireless router, make the pfsense LAN interface be 192.168.1.2).

You will then need to chage in your wireless router and set it to be in access point mode (and not router mode), and change the default route to be 192.168.1.2 on the wireless router. You can then either let pfsense be your DHCP server or assuming your router still supports it, let it continue to be the DHCP server while acting as an access point (not all wireless routers will allow this level of fine tuning, but DD-WRT/OpenWRT firmware would let you do this).


As you can see it is a lot easier with a physical system, which is partly why I have a physical system (not that I don't have a much more complex setup on mine and am also using VLANs to perform the routing, but that is because I configured my pfsense system to be a router-on-a-stick (i.e. I only have a single physical network cable going to my system, but that said, the single cable I have connected is a QSFP+ 40Gbps link, this way I am prepped in case my ISP ever expands to 10Gbps or higher, as I would simply change the modem, configured a 10Gbps port on my main switch to be my external VLAN, and connect it to that port).
This is too much for me and for only blocking tiktok. Thanks for your effort though.
 

iamgenius

Senior member
Jun 6, 2008
803
80
91
Old PC can be used as pfSense router, but you need to add an USB ethernet adapter or PCIe NIC, however it will use too much electricity. Running pfsense in a VM also require a PC that's always on 24/7 and probably need complex config mentioned by @Fallen Kell

You can run pfsense on Zimaboard (6 watts only)


As you can see, Realtek NIC has some combability issue with pfsense but seems easy to solve.

Or any mini PC with dual Intel NICs or more available on Amazon also will do and can have better compatibility.
This Zimaboard thingie looks nice. It can easily fit anywhere in my tiny office. I think I'll go this route now. Thanks.
 
Last edited:

iamgenius

Senior member
Jun 6, 2008
803
80
91
So, to understand things better, the wan cable coming from my ISP should connect to the Zimaboard and the other port will be used to link the board with my wireless router? And if I use pfsense, I should stop using my wireless router as a router? And do you have a pfsense setup guide that you recommend? I'll load it into a VM to see how it looks.

Thanks.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,099
126
pfsense lan and wan must be in different ip range.

all devices --- lan|wifi router|wan -- lan|pfsense|wan-- internet
or all devices --- lan1|wifi router in ap mode, gateway ip set as pfsense lan ip|lan2 -- lan|pfsense|wan-- internet

Unfortunately, I won't be available in coming days for quite sometime, will be overseas with my family. Hope someone else can help.

recommendation:
join pfsense forum/discussion groups

I like to click on search result images and then go back to articles.




==
Don't know what your VM environment is.

Also don't know why English "search" became German "Suche" :rolleyes:
 
Last edited:

iamgenius

Senior member
Jun 6, 2008
803
80
91
Well, I'm busy myself preparing for an interview and research essay in the coming weeks. Will not be able to do this until later so it is fine. Many thanks.
 

Ajay

Lifer
Jan 8, 2001
15,332
7,789
136
Well, I'm busy myself preparing for an interview and research essay in the coming weeks. Will not be able to do this until later so it is fine. Many thanks.
Well, good luck with all that. Fortunately, all the smart guys chimed in on you network needs.
 

iamgenius

Senior member
Jun 6, 2008
803
80
91
Well, good luck with all that. Fortunately, all the smart guys chimed in on you network needs.
Yeah....I appreciate all the help. You know I wanted to resort to time scheduling using my router parental controls for the time being, but you know what? I discovered that iphones change their MAC address every time they connect to the network. The world is plotting against parental controls. They call it private wifi address.