mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Development

Browse source
This commit is contained in:
Matthew Grotke 2026-06-06 17:14:01 -04:00
parent e37029a066
commit 574a45111d
8 changed files with 164 additions and 110 deletions
Download patch file Download diff file Expand all files Collapse all files

89
FUNDRAISING.md
View file

@ -75,94 +75,21 @@ The core Routlin software will always remain free for individual use. Pro featur
---
### Pro Feature 1: Deep Packet Inspection (DPI) and Device Identification
**Deep Packet Inspection and Device Identification** — See exactly what every device on your network is doing. Routlin Pro automatically classifies devices and identifies traffic types in real time — streaming, gaming, P2P, VoIP, and more — feeding into a Security Insights dashboard and per-device traffic rules.
Routlin Pro will analyze traffic at the packet level to identify:
**Intrusion Detection and Prevention (IDS/IPS)** — Monitor your network for known threat signatures across all traffic, not just DNS. Choose alert-only mode or automatic blocking. Signature database updated regularly, with an optional extended commercial threat feed.
- **Device categories** - automatically classify connected devices (phones, laptops, smart TVs, IoT sensors, gaming consoles) based on traffic fingerprints
- **Traffic categories** - identify streaming, gaming, P2P, VoIP, cloud backup, and other traffic types in real time
- **Per-device usage breakdowns** - see what each device on the network is actually doing
**SSL/TLS Traffic Inspection** — See inside encrypted HTTPS traffic for security monitoring and content filtering. Routlin Pro decrypts, inspects, and re-encrypts on the fly, enabling IDS/IPS and anomaly detection to work on traffic that would otherwise be completely opaque.
This data surfaces in a Security Insights dashboard and feeds into traffic rules, allowing administrators to block or rate-limit specific applications for specific devices or device categories.
**Traffic Flows (Session Logging)** — A full log of every TCP and UDP connection through the router: source, destination, port, bytes, and timing. Filter, sort, and save presets. Invaluable for diagnosing bandwidth problems or investigating unexpected activity after the fact.
---
**Anomaly and Pattern Detection** — Routlin Pro watches for unusual behavior automatically: unexpected large transfers, SYN flood indicators, overnight activity on idle devices, new device types appearing, and more. Anomalies surface as dashboard alerts and can trigger automated responses like device isolation or rate limiting.
### Pro Feature 2: Intrusion Detection and Prevention (IDS/IPS)
**Restricted VLANs** — Prevent devices assigned to a particular VLAN from ever contacting the internet. Perfect for IoT devices, security cameras, NAS, printers, or machines running untrusted software — basically anything that should never phone home. Works alongside Routlin's inter-VLAN exception rules so you can still grant selective access to the quarantined device(s) from within the LAN only.
Routlin Pro will monitor all network traffic for known threat signatures using DPI across multiple network layers:
**Supplicant-Based 802.1X Authentication** — Go beyond authorizing devices onto your network based on their MAC addresses. Routlin Pro adds full EAP-PEAP, EAP-TTLS, and EAP-TLS support, letting devices authenticate with credentials or certificates. Revoke individual device access without changing network passwords — and keep out anyone spoofing a known MAC.
- **IDS mode** - monitors and alerts on suspicious activity without blocking
- **IPS mode** - automatically blocks detected threats in real time
- Generates a log of alerts with details on the source, destination, and matched signature
- Signature database updated regularly; an optional extended subscription provides access to a broader commercial threat database
---
### Pro Feature 3: SSL/TLS Traffic Inspection
Routlin Pro will support intercepting and inspecting encrypted HTTPS traffic for security monitoring and content filtering:
- Performs SSL/TLS decryption, analyzes packet contents, then re-encrypts using the gateway's own certificate
- Configurable by traffic category or specific domains - inspect everything or only targeted categories
- Supports a high number of concurrent sessions suitable for home and small office environments
- Requires the gateway certificate to be installed on client devices for transparent operation
This enables security features (IDS/IPS, anomaly detection) to operate on traffic that would otherwise be opaque.
---
### Pro Feature 4: Traffic Flows (Session Logging)
Routlin Pro will provide detailed logs of every network session passing through the router:
- Full connection records including source IP, destination IP, protocol, port, bytes transferred, and session timing
- Not limited to DNS queries - captures all TCP/UDP flows
- Filterable and sortable views; save custom filter presets for repeated analysis
- Useful for diagnosing bandwidth issues, identifying unexpected connections, and post-incident investigation
---
### Pro Feature 5: Anomaly and Pattern Detection
Building on DPI and session logging, Routlin Pro will surface unusual network patterns automatically:
- Large or unexpected outbound data transfers
- TCP SYN flood indicators
- Unexpected VPN or tunneling activity
- P2P and torrent detection
- High usage outside configured hours (e.g. overnight activity on a device that should be idle)
- New device types appearing on the network
Anomalies generate alerts in the dashboard and can optionally trigger automated responses such as device isolation or rate limiting.
---
### Pro Feature 6: Restricted VLANs
Routlin Pro will allow any VLAN to be designated as "restricted" - blocking all internet access for devices on that VLAN while still allowing local communication.
Use cases include:
- **IoT and smart home devices** - devices that need to talk to each other locally but should never reach the internet
- **Security cameras** - local NVR access only, no cloud uploads
- **Guest networks** - complete WAN isolation
- **Kids' devices** - internet access blocked, local resources still reachable
- **Security and privacy** - isolate local LLMs or prevent untrusted software from dialing out
Restricted VLANs work in combination with Routlin's existing inter-VLAN exception rules, so a restricted device can still be granted access to a specific device or subnet on another VLAN (e.g. a NAS or a print server) without opening internet access.
---
### Pro Feature 7: Supplicant-Based 802.1X Authentication
Routlin currently supports MAC Authentication Bypass (MAB), where the switch or AP sends a device's MAC address to RADIUS passively - the device itself does nothing. This is easy to deploy but MAC addresses can be spoofed.
Routlin Pro will add full supplicant-based 802.1X, where the client device actively participates in authentication using:
- **EAP-PEAP / EAP-TTLS** - username and password credentials, common for corporate WiFi where employees authenticate with domain credentials
- **EAP-TLS** - client certificates installed on each device, the most secure option
- Certificate management for issuing and revoking client credentials
This allows individual device certificates to be revoked without changing network passwords, and prevents unauthorized devices from gaining access even if they spoof a known MAC address.
**Captive Portal** — Turn any VLAN into a captive portal. Choose from a simple splash/terms-of-service page, time-limited voucher codes, or a full RADIUS login using your existing user accounts. Ideal for guest networks, venues, or any situation where you need to control and track who gets internet access.
---