[support]

You can find instructions from here: https://openwrt.org/toh/tp-link/archer-c7-1750

[support]

@casino By your comment on Feb 10, I thought this was no longer a problem?

[support]

@casino When you block Proxy/VPN, the router automatically blocks literal IP addresses for encrypted traffic. Because the router cannot look inside the encrypted traffic to see if the connection is actually being used as a proxy, it assumes that the connection might be a proxy and blocks it.

[support]

Just FYI. Some of the IP addresses in the IP address range 23.192.0.0/11 are those of CDNs. Blocking this range will break some websites. For example, msn.com.

[support]

@jake This does not sound like normal browser behavior. Does this happen to all your browsers across all platforms?

On the router you can enter the CIDR IP address range as 23.192.0.0/11! in the black list. This is the “force block” syntax. I.e., both direct IP address requests as well as domains resolving to these IP addresses are blocked. More info on the black/white list syntax is available here: https://www.pcwrt.com/2020/01/how-to-allow-or-block-web-sites-on-the-router/.

[support]

@jake Blocking is mostly outbound. Inbound connections are automatically blocked by the firewall, unless the port is specifically opened with port forwarding. Inbound packets are DROPped unless the port is open.

Are you saying that you have open ports on your network and those open ports are constantly scanned by hosts from 23.192.0.0/11?

[support]

This is unfortunate. TOR traffic tunneled through ajax.aspnetcdn.com is indistinguishable from normal HTTPS. If you block it, both will be blocked, if you unblock it, both will be unblocked.

[support]

@casino Thank you! Both 16Mb and 32 Mb are enough for current purposes. There’s no impact on performance.

[support]

@casino Which Microsoft site? Can you find which domains are blocked when you visit that site?

[support]

Update: remote management now has the ability to manage multiple routers with the same pcwrt.com account.

[support]

@casino The router takes a guess at whether TOR is being used. When TOR routes through Amazon or Azure, it is indistinguishable from normal HTTPS. Therefore, you need to black list the domains being used specifically.

[support]

@casino This doesn’t work for white lists. It’s not possible for the router to identify all IP addresses associated with a domain name. It only knows the IP address being used at the moment.

[support]

If you are on Windows, open a command prompt.

Enter “netstat -on” to display current network connections. The last column will be the owning process id.

Then, enter “tasklist” to find the process name.

[support]

“Failed” means the client failed to connect to the destination IP on the specified port. Either the IP address is not active or the port is not open.

Most likely these are not from web browsing. Maybe BT or eMule?

[support]

It’s not in the plan. Many VoIP products work fine without ALG.

[Author]

Posts