[Kennard Consulting]

Hi guys,

Thanks for all the great work you do on DD-WRT!

I was hoping for an update on the state of SSL proxy decryption in DD-WRT. The web is awash with conversations on this subject, much of it quite old.

Essentially: I am happily using Privoxy to filter content for my children. However Privoxy does not work with SSL encrypted sites (which more and more sites are nowadays).

I understand it's possible to chain another proxy in-front of Privoxy. This new proxy can accept and issue SSL certs and therefore decrypt SSL communications between the client and the WAN (essentially a 'man in the middle' attack).

There is some discussion of running Squid on DD-WRT, but apparently most routers (mine is an Asus n66u) don't have sufficient RAM for that.

Are there any other, more lightweight software options? If not, are there cheaper hardware options, such as buying an Atom PC and using it as my router?

Thanks in advance,

Richard.

[killmasta93]

dont get me wrong i love ddwrt but when it comes to blocking https its not there yet. So you got 2 options.

1) instal pfSense(will handle he DHCP and gateway) on an old computer and make the asus as an accesspoint.
*funny thing squid3 and squdguard have bugs its better to wait for e2guardian*

2) also install pfSense and use pfblockerng and block facebook by ip and any other sites. I think that could be also possible on ddwrt though firewall rules with ip tables but I have not tried it yet. But the best part of pfSense is the logging when you see the ip try to connect to a blocked rule. (facebook being blocked)

currently im doing blocking https with ip its hassle because the ip of facebook or https updates maybe every 6 months but its better then nothing. one thing I could not get is blocking youtube though ip. I have no clue why .