[kagazi]

I'm using the latest build by Kong dated June 24 but the problem was also present with the June 20 build by BS as well.

I'm trying to use Access Restriction to block a couple of devices from using the internet during certain hours of the night - it's a simple case and it's a home router setup.

I've used the wiki to help set up the policy. I'm using both MAC and IP addresses to identify the clients/devices but neither seems to work.

I'm also using OpenVPN with ExpressVPN, which may have something to do with it. I've done some searching but other than one individual reporting that AR is broken with OpenVPN I can't find a solution.

Anyone else experience this? If yes, is there a work around?

[05dyna]

Like you suggested maybe it is some glitch with OpenVPN. I’m not using OpenVPN but I’m blocking access for three devices All Day/Every Day with Kong build r30015M. I'm blocking access for a NAS, Printer and Blue Ray player with no issues.

I don’t know if it related but I do recall (a while ago) someone over in the TP-Link forum posted that they were unable to filter websites but that would be the "Filter" option. I’m blocking via the "Deny" option.

[kagazi]

Thanks for confirming that it works without using OpenVPN. I'm hoping someone has come across this and is aware of a workaround.

[armkreuz]

Well I've reported this problem here and on svn.dd-wrt.com a while ago. I have the problem with all build from January only when I use OpenVPN.

Hope it can be solve soon... I my best way to punish my teens at home

[zakaron]

If the access restriction is not working, it may be possible to use a cron entry to update the iptables rules based on the time you want to allow/disallow access. I have yet to use the cron facility here in DD-WRT, so you'd probably want to consult the wiki or doc page for that. But I'd imagine setting the following lines for the deny time in your cron:
IPTABLES -A INPUT -s <ipToBlock> -j DROP
IPTABLES -A FORWARD -s <ipToBlock> -j DROP

Then when you want to give access back, set your 2nd cron job to be something like:
IPTABLES -A INPUT -s <ipToAllow> -m state --state NEW -j ACCEPT
IPTABLES -A FORWARD -s <ipToAllow> -m state --state NEW -j ACCEPT

You'd probably also want to set DHCP to use a static MAC address assignment found under Services tab so that the same IP will always be given to that device. That way you won't inadvertently block someone else if the leases get shuffled around. Still won't stop the user from assigning a static address directly on the device, unless you have access restrictions on that device itself.

Hope this might help to give a workaround at least.

[armkreuz]

All the IP TABLE thing is a great idea, only if i'm doing it. If my girlfriend want to do it this way... oh boy... so it's a a viable option here unfortunately