# Routlin Pro - Feature Specifications Routlin Pro is a paid license tier. The core Routlin software remains free for individual use. Pro features are advanced capabilities that require ongoing maintenance, threat database subscriptions, and significant development investment to build and sustain. Early Kickstarter backers receive a Routlin Pro license as an investment incentive. --- ## Feature 1: Deep Packet Inspection (DPI) and Device Identification Routlin Pro will analyze traffic at the packet level to identify: - **Device categories** - automatically classify connected devices (phones, laptops, smart TVs, IoT sensors, gaming consoles) based on traffic fingerprints - **Traffic categories** - identify streaming, gaming, P2P, VoIP, cloud backup, and other traffic types in real time - **Per-device usage breakdowns** - see what each device on the network is actually doing This data surfaces in a Security Insights dashboard and feeds into traffic rules, allowing administrators to block or rate-limit specific applications for specific devices or device categories. --- ## Feature 2: Intrusion Detection and Prevention (IDS/IPS) Routlin Pro will monitor all network traffic for known threat signatures using DPI across multiple network layers: - **IDS mode** - monitors and alerts on suspicious activity without blocking - **IPS mode** - automatically blocks detected threats in real time - Generates a log of alerts with details on the source, destination, and matched signature - Signature database updated regularly; an optional extended subscription provides access to a broader commercial threat database --- ## Feature 3: SSL/TLS Traffic Inspection Routlin Pro will support intercepting and inspecting encrypted HTTPS traffic for security monitoring and content filtering: - Performs SSL/TLS decryption, analyzes packet contents, then re-encrypts using the gateway's own certificate - Configurable by traffic category or specific domains - inspect everything or only targeted categories - Supports a high number of concurrent sessions suitable for home and small office environments - Requires the gateway certificate to be installed on client devices for transparent operation This enables security features (IDS/IPS, anomaly detection) to operate on traffic that would otherwise be opaque. --- ## Feature 4: Traffic Flows (Session Logging) Routlin Pro will provide detailed logs of every network session passing through the router: - Full connection records including source IP, destination IP, protocol, port, bytes transferred, and session timing - Not limited to DNS queries - captures all TCP/UDP flows - Filterable and sortable views; save custom filter presets for repeated analysis - Useful for diagnosing bandwidth issues, identifying unexpected connections, and post-incident investigation --- ## Feature 5: Anomaly and Pattern Detection Building on DPI and session logging, Routlin Pro will surface unusual network patterns automatically: - Large or unexpected outbound data transfers - TCP SYN flood indicators - Unexpected VPN or tunneling activity - P2P and torrent detection - High usage outside configured hours (e.g. overnight activity on a device that should be idle) - New device types appearing on the network Anomalies generate alerts in the dashboard and can optionally trigger automated responses such as device isolation or rate limiting. --- ## Feature 6: Restricted VLANs Routlin Pro allows any VLAN to be designated as "restricted" - blocking all internet access for devices on that VLAN while still allowing local communication. Use cases include: - **IoT and smart home devices** - devices that need to talk to each other locally but should never reach the internet - **Security cameras** - local NVR access only, no cloud uploads - **Guest networks** - complete WAN isolation - **Kids' devices** - internet access blocked, local resources still reachable - **Security and privacy** - isolate local LLMs or prevent untrusted software from dialing out Restricted VLANs work in combination with Routlin's existing inter-VLAN exception rules, so a restricted device can still be granted access to a specific device or subnet on another VLAN (e.g. a NAS or a print server) without opening internet access. --- ## Feature 7: Supplicant-Based 802.1X Authentication Routlin currently supports MAC Authentication Bypass (MAB), where the switch or AP sends a device's MAC address to RADIUS passively - the device itself does nothing. This is easy to deploy but MAC addresses can be spoofed. Routlin Pro adds full supplicant-based 802.1X, where the client device actively participates in authentication using: - **EAP-PEAP / EAP-TTLS** - username and password credentials, common for corporate WiFi where employees authenticate with domain credentials - **EAP-TLS** - client certificates installed on each device, the most secure option - Certificate management for issuing and revoking client credentials This allows individual device certificates to be revoked without changing network passwords, and prevents unauthorized devices from gaining access even if they spoof a known MAC address. --- ## Feature 8: Captive Portal Routlin Pro will support designating any VLAN as a captive portal network, intercepting unauthenticated clients and requiring them to pass through a configurable gateway page before gaining internet access. Three portal modes: - **Splash / Terms of Service** - guests click to accept terms before internet access is granted. No credentials required. Suitable for compliance-minded guest networks. - **Voucher-based access** - the administrator generates single-use or time-limited voucher codes. Guests enter the code on the portal page. Supports configurable session duration, bandwidth limits, and concurrent device limits per voucher. Dashboard UI for generating, viewing, and revoking voucher batches. - **RADIUS-authenticated login** - the portal collects a username and password and validates against Routlin's built-in FreeRADIUS server, using the same user table as 802.1X. No separate credential store needed. In all modes, captive portal behavior is a per-VLAN flag, consistent with Routlin's existing restricted VLAN and RADIUS default VLAN model. Unauthenticated clients on the VLAN are redirected to the portal via nftables; authenticated sessions are tracked and expire based on configurable timeouts. --- ## Feature 10: Usage Rate Monitoring and Automatic Suspension Routlin Pro will track inbound and outbound traffic rates per external IP address and automatically suspend connections that exceed configurable thresholds. - **Per-IP rate monitoring** - real-time tracking of bandwidth consumption by external source/destination IP - **Configurable rate limits** - set thresholds by bytes per second, requests per second, or connection count within a rolling time window - **Automatic suspension** - IPs exceeding limits are temporarily blocked via nftables; the block duration is configurable (e.g. 5 minutes, 1 hour, permanent until manually cleared) - **Dashboard visibility** - live view of top external IPs by usage, with current rate, total bytes transferred, and suspension status - **Allowlist** - trusted IPs (CDNs, VPN endpoints, remote offices) can be exempted from rate enforcement - **Alerting** - optional notifications when an IP is suspended, including the triggering rule and measured rate Designed to protect against bandwidth abuse, accidental runaway processes, and low-level denial-of-service from external sources without requiring a full IPS deployment. --- ## Feature 9: Mobile-Aware Dashboard Layout Routlin Pro will include a responsive, mobile-optimized layout for the entire dashboard, allowing administrators to monitor and manage their network from a phone or tablet. - Responsive grid that adapts from desktop to tablet to phone screen sizes - Touch-friendly controls with appropriately sized tap targets - Collapsible navigation and condensed card layouts on small screens - Full feature parity with the desktop experience - no functionality is hidden on mobile