VPN

Comments

9 comments

  • Avatar
    Firewalla

    On our priority list for sure.  

    0
    Comment actions Permalink
  • Avatar
    Ben Griffith

    +1 on this. I was going to start a thread but I'll just vote on this one. A default blocking category (similar to video or 18+, etc) would be great, then we can just add to them as the kids find out ways around it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The implementation will likely be a warning first, then you can pick the action.  The reason is, detecting VPN is extremely tricky, false positives gonna be difficult to debug

    0
    Comment actions Permalink
  • Avatar
    Ben Griffith

    ...agreed. It is a cat and mouse game. However, I feel that 'custom categories' that would allow us as device owners to collect lists of domains into one main rule (similar to the video, 18+ etc) would be welcome. The list could default ship with many of the known VPN sites and then we could add/remove them as necessary.

    0
    Comment actions Permalink
  • Avatar
    Dirk Zwart

    My kids school devices essentially VPN to school so they can be monitored. The school allows YouTube, which is good for distance learning, but at some points is distracting. Not trying to replace parenting with technology, trying to use tech to help me know where and when to offer guidance. Also knowing when they fire up a VPN connection on thier phone or other devices would be nice.

    1
    Comment actions Permalink
  • Avatar
    Matt Smith

    It seems like the "Port Block" feature only blocks incoming connections on those ports not outgoing, so I'm guessing blocking the typical ports used with VPN wouldn't help, correct?

    0
    Comment actions Permalink
  • Avatar
    Tommy M Webb

    Matt,

     

    What ports would you block?  Some VPN services use HTTPS.  You can't block that one but the other VPN specific ports you can.

    0
    Comment actions Permalink
  • Avatar
    Matt Smith

    Yeah, can't block 443 (HTTPS), but could block 500, 1701,1723, & 4500.

    0
    Comment actions Permalink
  • Avatar
    Joel Zimmerle

    Unfortunately, wifi calling uses some of those vpn ports above so if you use that that complicates things a bit. I think what would work best is a notification of possible vpn activity, by activity on those ports, large download from one anonymous IP etc then let us decide what to do with it. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk