Blocking vpn on network
- Thread starter kx250_man
- Start date
No simple way. You can of course block IPSEC and PPTP VPN because they use other "protocols" . Many times you can block these by just disabling the VPN passthough ability.
Most newer VPN is done via SSL which appears to be https using port 443. This tends to be a issue because many times normal secure web browsing is done on the same port.
To block stuff like this you will need some form of firewall. The brute force approach is to block all the public vpn/proxy sites. There are public list available but in many cases you need to subscribe to a service to get the newest data. Of course if the vpn site is private or not on the list you have a issue.
Another feature many firewalls have is the ability to detect OPENVPN that almost all the vpn services are using. Although openvpn is called a SSL vpn it really technically isn't. Because of this firewalls can identify a unique pattern to the openvpn setup and block it. Not all firewall have this ability. Blocking openvpn will stop the vast majority of people. The other VPN clients that use valid SSL protocols are not as common so you really have to search for the clients and not all VPN providers support it.
Now if the VPN provider were using one of the commercial VPN appliance sold by cisco or juniper these are almost impossible to block...other than blocking the VPN server IP. These are what we use to provide VPN service to employees running remote. It dynamically loads activeX based client software and uses actual SSL protocols. This will load into even a public machine that is locked down to prevent software installs such as at a library. You just have to hope your kids do not have a lot of money and knowledge to set this up in server hosting site themselves.
Most newer VPN is done via SSL which appears to be https using port 443. This tends to be a issue because many times normal secure web browsing is done on the same port.
To block stuff like this you will need some form of firewall. The brute force approach is to block all the public vpn/proxy sites. There are public list available but in many cases you need to subscribe to a service to get the newest data. Of course if the vpn site is private or not on the list you have a issue.
Another feature many firewalls have is the ability to detect OPENVPN that almost all the vpn services are using. Although openvpn is called a SSL vpn it really technically isn't. Because of this firewalls can identify a unique pattern to the openvpn setup and block it. Not all firewall have this ability. Blocking openvpn will stop the vast majority of people. The other VPN clients that use valid SSL protocols are not as common so you really have to search for the clients and not all VPN providers support it.
Now if the VPN provider were using one of the commercial VPN appliance sold by cisco or juniper these are almost impossible to block...other than blocking the VPN server IP. These are what we use to provide VPN service to employees running remote. It dynamically loads activeX based client software and uses actual SSL protocols. This will load into even a public machine that is locked down to prevent software installs such as at a library. You just have to hope your kids do not have a lot of money and knowledge to set this up in server hosting site themselves.
TRENDING THREADS
-
News US sanctions transform China into legacy chip production juggernaut — production jumped 40% in Q1 2024- Started by Admin
- Replies: 35
-
-
-
Question Downloads NOT working over WiFi but DO work with mobile hotspot?
- Started by louisfawk
- Replies: 8
-
Question New pc build r9 7900x3d rtx 4080 super no post only ram rgb turns on- Started by Harvey Durward
- Replies: 4
-
Question Crashing PC during demanding games and tests (Kernel-Power 41 error)
- Started by Kubaja123
- Replies: 3
Facebook
Twitter
Instagram