You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Hi,
What home solution would STW recommend for a home router that allows me to set time limits for particular users ? A bit like the hotspots you get in cafés and hotels where you have a limited time per ticket.
Family home, me and the Mrs need uninterupted access (WFH), youngest has screen time managed through Microsoft parental controls (works well), but teen has multiple devices and an admin password so can easily defeat MS controls. Current router allows setting time limits on particular devices, but it is easy enough for teen to spoof MAC addresses, so really to work it needs a user login with per user time limits or similar. Basically I want a system that allows him to experiment with his devices (hence admin rights etc) but that reliably cuts off internet for specific users (teen) at particular times (for sleep) and after a total elapsed time per day (for life beyond screens). He has a wired connection (for latency for gaming) so the solution needs to work for wired as well as wifi connections.
Appreciate that this is micromanagment, and we need to try to build self-limiting habits in teen, but TBH it is a lot of stress, and a system that 'just works' and forces him to get used to managing his screen time is what we need right now and a stepping stone to letting him manage it more himself. At least two nights a week, I power down the router at 7 to encourage social interaction (it works!) but can't do that every night (I often have late calls with W coast US for example). A lot of the social 'features' in modern games seem designed to create pressure to keep playing (eg you get booted out of your team if you don't start x games in a row) and it is understandably hard for a teen who wants to fit in to manage issues like that.
In the dim and distant past, I think I set something up (in a different setting), using Tomato firmware, but current documentation (freshtomato) is v limited, so not v obvious how to make it work. Any ideas of what current solution is? I am rusty on my bash, but happy to relearn command line stuff if need be, but ideally something a bit more point and click.
Thanks for any pointers.
What about giving him something like a TP-Link AC750 travel router and then connect that to the main network.
the wired connection would be slightly tricky but unless you are playing prolevel I am not sure it would make enough difference.
Interesting, so basically this would mean changing the wifi key on existing router so he can't access that directly and then connecting this box to the route and allowing him access via the t-link box, but without admin on the box so he can't play the same trick of spoofing addresses etc. Hmm, could work, thanks.
Agreed that the benefits of the wired connection are probably perceived rather than real, though I find a wired connection much more robust for work calls etc (esp during lockdown when all of us at home and online), so removing that would be a bit of a battle, but not insurmountable.
thanks, will investigate further...
Do you mean a RADIUS server?
Some routers have these built in - essentially instead of having one WPA password there are per user passwords; I assume you can set access limitations for these. Also means you can totally revoke access for a given user should you need to.
No idea how easy it is though, I wondered about it but thought it would be over complicated for my usage case.
Openwrt?
Not sure how dynamic MAC addresses are these days (I think iPhones can adjust them for privacy reasons) but can't your router block all MACs you don't specifically allow? Will stop him bypassing the system via spoofing.
can’t your router block all MACs you don’t specifically allow?
Unfortunately the router (plusnet) is pretty dumb and will only allow blocking of specific device names / mac addresses, no "block all except whitelisted" option. And he is clever enough to clone the mac of a device not being used at the time, so really needs user authentication.
openwrt / RADIUS
Interesting, looks like FreeRADIUS on openwrt could be a (somewhat heavyweight) solution that allows him to keep the wired connection. From reading the configuration examples, I worry about falling foul of the "Mrs must not experience any interuption to connection, save perhaps one change of password" criterion, which is somewhat important... Will read up more and see if I can practice before trying to deploy...
but without admin on the box so he can’t play the same trick of spoofing addresses etc.
Yup. I have a shared connection and use it to isolate my stuff into my own network. If you search for "travel router" there are plenty of choices but that just happens to be the one I have (balance of functionality I needed vs cost)
The problem would be protecting your main router password once you change it against him so depends on how well locked down the other devices are in being able to expose it to him but in theory should work.
Another advantage is some routers do get moody depending on how devices are connecting to it so if you channel a bunch via one connection it can help.
Get a Draytek router and create a 'Teen' SSID that has a time of day schedule to limit his access.
https://www.draytek.co.uk/support/guides/kb-wireless-lan-scheduling
Then for the wired port, a logon with time of day
https://www.draytek.com/support/knowledge-base/5497
Can you run FreeRADIUS on a RaspberryPi? If so you might find that lots of third party routers can use it without going down the openWRT route (though I assume eg. BT routers won’t work as they’re not meant for commercial use)
Old school. Separate wifi access point with own ssid plugged into a timer :). Easy to override when you need to
But as soon as they have a mobile phone with data you are lost
Perhaps take a look at pfsense which can be run on old desktop pcs easily if you get an additional nic card give the option of captive portal or radious server on a per subnet basis iirc. If you don’t have / want to use an old pc then they sell there own turn key solutions
You can also use with a managed switch to limit his wired access to the “restricted” vlan.
I use the tp-link Omada range of switches and access points with my pfsense setup
I think the TPlink Deco X20 can assign time limits to specific MACs on the wifi network. I keep threatening to switch off my daugther's access when she's being a pain.
If can also run 2 separate networks so you could have time limit on one of them
Appreciate that this is micromanagment, and we need to try to build self-limiting habits in teen, but TBH it is a lot of stress, and a system that ‘just works’ and forces him to get used to managing his screen time is what we need right now and a stepping stone to letting him manage it more himself.
Really if he's got to the stage of spoofing mac addresses to bypass any simple controls you are fighting a losing battle adding system based controls. If he doesn't hack yours, he'll hack a neighbours or use data on phone. One of my son's friends had a secret device his parents didn't know about because their default punishment was to take his phone off him whenever he misbehaved. I don't want to be preachy but I'd suggest a frank conversation and ask him how he thinks you should manage it. Its probably a bit cheesy but rewarding him for sticking to the "rules" rather than trying to make it impossible to bypass them will probably work better.
I'm with Poly on this. He seemingly knows more about this stuff than you do so a tech solution is a losing battle, he'll likely see it as a challenge. I would have. Tell him to behave and then if he doesn't then pull the circuit breaker for the power to his bedroom.
Is gaming latency not a bit of an old-school problem / argument? I'm at the other end of the house from my router and latency over Wi-Fi is about 10ms.
Let him keep the wired connection if possible. Packet loss can be very noticeable in games even when the overall latency seems fine.
Perhaps less of an issue on newer WiFi standards, I admit I don't know too much about them.
Poly +1
Thanks all some great ideas there, will look into them.
As I tried to say in the op, really understand that conversations and building his capacity to manage it are the sustainable way forward, and believe me we have tried, but we think that at the moment some kind of routine and limits is needed as a stepping stone.
thanks again for the input