Category: Fun

Keeping The Kids Safe Part 2: MITM Lessons Learned

We lasted about a day with the new content filtering that I put in place before we switched the kids back to the old open WiFi network. We encountered two problems: Missing whitelist entries, and well built apps that depended on not messing with their certificates with a MITM attack.

Amazon Video, for one, will not communicate with its servers if you tamper with its certificates. Given that the sort of inspection I am doing is a Man-In-The-Middle (MITM) Attack, they have a point. I thought I had prevented this problem, but as it happens, I did not understand two things: SSL inspection, and how Squid decides to mess with certificates.

Continue reading “Keeping The Kids Safe Part 2: MITM Lessons Learned”

Keeping the Kids Safe from the Internet with Filtering

This part of the project is easily the most complicated I did, and also took me the most time. There is a quote from a book that I read that ‘information wants to be free’  (a little googling tells me it’s been around for a long time, but I read it in a book by Charles Stross), and this certainly proves it. Trying to make it so kids can’t get to the bad parts of the internet is a good example of this, since you need to do a ton of things to make the filtering work. Here is what I did:

The Goal

The goal is to have a transparent proxy for http and https that keeps my kids away from bad content and redirects them to a friendly error page to tell them that. I wanted to have content screening and filtering, with whitelists to add in what I want them to have access to.

This design is complicated, and it took a while to make me familiar with all the technologies involved. Plus there are some things that I just could not have with my technology.

Continue reading “Keeping the Kids Safe from the Internet with Filtering”

Logging into my Wifi With RADIUS

I have been using my UniFi system for a few months and I’m very pleased. The WiFi is very fast, I can roam around the house seamlessly, and the handoffs are seamless. Now I want to move to the two final stages: advanced access control and then content control for the kids. For access control, I’m going to use RADIUS, specifically pfsense’s freeRADIUS package. I’ve read that this it is a bit arcane, but my experimentation has shown that it’s actually pretty straightforward.

Continue reading “Logging into my Wifi With RADIUS”

Setting Up a VLAN in pfSense

I got a reminder today of why my VLAN project will help me out. My 6 year old son had a play date with a friend, whom I’ll call Jake. I left them watching a movie in the attic while I worked around the house, and was very surprised when my wife found me and asked why I had let them surf the web. Here is what had happened:

My son has an old laptop that he uses to ‘write’ in Microsoft Word. Mostly, he writes the word ‘Ninjago’. His friend Jake, however, knows how to google. Jake, as it happens, is also a 6-year-old who is convinced that Bigfoot is real, and apparently took the available laptop and started to google videos about Bigfoot and other ‘cousins of Bigfoot’. I don’t know if there are content filters for cryptozoology, but there will be when this project is done. Continue reading “Setting Up a VLAN in pfSense”

VLANs in the Home

So it’s been a few weeks of selling old video cards (and anything else I could scrounge) to reduce my clutter and to free up funds for my UniFi setup. I now have my 3 APs, and 3 UniFi switches. The icing on the cake is that I also pulled fiber between them, so now I have a really cool setup to play with. Further, my WiFi is noticeably better, especially when wandering around using FaceTime.  Now it’s time to implement my VLAN design. Continue reading “VLANs in the Home”

First Results of my New Ubiquiti UniFi WiFi Installation

First Impressions of Ubiquiti UniFi

I am really pleased with my Ubiquiti Unifi WiFi installation. My first impressions are very positive. The controller is great software. The interface makes all the configuration central and easy. Where I used to have to log into 3 APs (none of which I could keep straight), now I can just log into one place, and see everything.

UniFi Network Clients View
Network Clients

It lets you see everything that is connected, and its IP information. Further, you can edit the names for them so you can write a descriptive name if the system can’t figure out a DNS name.

The configuration is basically pretty simple, and incredibly comprehensive. Continue reading “First Results of my New Ubiquiti UniFi WiFi Installation”

Installing The Ubiquiti UniFi Controller On My Centos Server

We’re almost at the fun part of my project, but first I’m going to take another detour to show how to install the Ubiquiti UniFi Controller software onto my main Centos file/utility server.

Update 10/14/18: Don’t do this. Bad idea. I do over why in a later post.

I’m going to explain this in a bit of detail. I remember when I started out with Linux (Solaris, actually) and it was so obscure that I found it frustrating. So I’ll try and explain each step. Continue reading “Installing The Ubiquiti UniFi Controller On My Centos Server”

A WiFi Site Survey of my Home With NetSpot

OK, we’re finally here. The NetSpot Site Survey is done. There is a bunch to unpack here. The pictures below show the results. First, my WiFi signal isn’t terribly good on the Signal to Noise front. For the uninitiated, there are a few weird concepts in WiFi that bear explanation, which I will try to explain so I understand them better myself. Please note that I am an enthusiastic layman, and not an expert in radio wave signal propagation, so I hope I get this right. Continue reading “A WiFi Site Survey of my Home With NetSpot”