How to bypass parental controls completely...
Hardware Version :
Firmware Version :
ISP :
One of the main reasons for me to buy the DECO, apart from the mesh functionalities, was the parental control. I needed a tool to limit the internet access to get my kids spending more time on homework.
Within days my son was able to bypass completely the parental controls by using one of the many VPN apps available in the Apple App Store...
... I block YouTube, he is using the VPN app to get on YouTube
... I use the WiFi pause for his profile, he is still watching YouTube or can go to any other website
With other words, the full parental control can be bypassed using a VPN app. The only thing that seems to work is to put his device on the blacklist, then directly the WiFi is disabled.
I already reported this some time ago on another thread, have reported it to TP-Link directly, but it's still possible to bypass.
So, if you want to try yourself...
- Get yourself a iPhone
- Assign it to a test profile
- Validate that the WiFi is working and go to YouTube
- Disable for the test profile YouTube
- YouTube stops working
- Install from the App Store the "VPN Master" and start it.
- After you have the VPN working go to YouTube...
- Put the WiFi on pause for the test profile
- And continue to enjoy surfing on the internet
- Put the iPhone on the blacklist
- Notice that the WiFi is disabled
With this post I do not want to encourage children to bypass the parental control, but I want to make the parents aware that putting the devices temporary on the blacklist is the only option to block the WiFi.
And... I hope that TP-LINK will start implementing a solution soon. They can start checking to see the difference between the logic in the "blacklist" and the "WiFi pause"....
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
When steps into bedtime, internet for those in the profile is paused automatically, you don't have to manually click the button to pause the internet.
- Copy Link
- Report Inappropriate Content
It seemed that the OP was manually pausing the profile, but the devices could still access the network. My question was, does the same happen if the profile is pause automatically instead using the Bed Time setting. I realize that the end result should be the same, but if a bug exists with manually pausing, perhaps that bug does not exist with a scheduled automatic pause.
- Copy Link
- Report Inappropriate Content
Not sure what he has done with his iPhone but at this moment he is not able anymore to connect to the WiFi, even with the VPN on his iPhone removed and all restrictions removed from the DECO.
Looks like a factory reset is the only option...
- Copy Link
- Report Inappropriate Content
hansremmerswaal wrote
Not sure what he has done with his iPhone but at this moment he is not able anymore to connect to the WiFi, even with the VPN on his iPhone removed and all restrictions removed from the DECO.
Looks like a factory reset is the only option...
Interesting... I have restarted the main DECO and after that his iPhone could connect again. It's a pity that I already removed that VPN app, now I can't test the "Bed Time setting" in combination with VPN.
- Copy Link
- Report Inappropriate Content
It appears that if my son starts some games before the hourly limit has been reached, then game play can extend way beyond this limit.
My suspicion is that the game sets up secure peer-to-peer links between players that the Deco cannot interrogate within.
However, what puzzles me is that the time limit has definitely expired yet the device status clearly shows data flow both to and from the device. The Deco shouldn't need to look outside these connections to shut them down based on traffic alone.
My only explanation for this is that the time limit prevents new connections being established but does not affect existing ones.
TP-Link, there's definitely something fishy going on here, care to comment?
- Copy Link
- Report Inappropriate Content
xbkeeper wrote
I am also not fully convinced that the parental control time functions work as I would expect.
It appears that if my son starts some games before the hourly limit has been reached, then game play can extend way beyond this limit.
My suspicion is that the game sets up secure peer-to-peer links between players that the Deco cannot interrogate within.
However, what puzzles me is that the time limit has definitely expired yet the device status clearly shows data flow both to and from the device. The Deco shouldn't need to look outside these connections to shut them down based on traffic alone.
My only explanation for this is that the time limit prevents new connections being established but does not affect existing ones.
TP-Link, there's definitely something fishy going on here, care to comment?
- Copy Link
- Report Inappropriate Content
It is quite clear that the 2130h bed time is NOT being enforced on either device by the Deco, and on the Pc, the 5h time limit is also being circumvented.
Game usually CSGO. Video is usually Twitch on the phone.
After 2130 both the game and twitch will still be live.
Internet pause on the profile does nothing.
Blacklist does nothing... Unless I blacklist then power cycle the router.
I suspect doing this breaks whatever VPN type links are set up, then he can't reattach to the Deco to establish new connections.
It baffles me why the Deco is simply not stopping all traffic to the offending devices after the time limit is exceeded, whether they are somehow encrypted or not... You can clearly see the traffic to and from the device in the status page when they should be blocked.
What is going on, TP Link?
- Copy Link
- Report Inappropriate Content
xbkeeper wrote
It baffles me why the Deco is simply not stopping all traffic to the offending devices after the time limit is exceeded, whether they are somehow encrypted or not... You can clearly see the traffic to and from the device in the status page when they should be blocked.
I fully agree...
I check the DECO app on my iPhone and see traffic during bedtimes and/or after the maximum number of hours has passed.
When I see this I then put these devices on the blacklist and the traffic stops (and my son starts yelling...).
So why is it possible to block the internet via the blacklist and not via time controls? What is (technically) the difference?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I am having the exact same problem with weak parental controls as described here, except mine is an AC2300 not a Deco.
I suspect the software is similar and contains similar bugs.
My son has an Android phone and its activity isn't even showing up in Parental Controls>Insights.
I can block my own phone (an iPhone) and windows PC just fine using an exact duplicate configuration.
Elsewhere I discovered that the way to block Betternet is to block UDP port 500 - ref. https://forums.untangle.com/web-filter/37765-blocking-betternet-potential-solution.html
The AC2300 software is apparently based on an old version (12.x) of OpenWRT.
I'm going to try to enable shell access to the AC2300 by following the methods described here: https://github.com/acc-/tplink-archer-c2300/wiki
Having done that may provide access to the missing capabilities for true port filtering that the 'modern' interface now lacks.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 11
Views: 53033
Replies: 27