Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Orange Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

All VPN Sites block list does not include Mullvad

Follow
Avatar
Robby
  • Edited

I was bored yesterday so decided to enable block 'All VPN Sites' in the new Bypass Prevention' feature. I could have set this any time as a stand alone rule but never needed to because we don't have bad guests or horny teenages to subdue. My VPN provider is Mullvad and to my surprise I could access it's website and tunnel out using the Mullvad app. Upon checking it turns out that Mullvad's domain is not in the All VPN Sites domain list. Is that an oversight, or is there a valid reason for the omission?

0

Comments

5 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Do you have the name of the domain? or the IP of the endpoint? I can take a look 

    0
    Comment actions Permalink
  • Avatar
    Robby

    It's 'mullvad.net'. All the servers I've checked also use that domain (see https://mullvad.net/en/servers).

    If I set a single rule blocking rule for that domain then I cannot access the mullvad website (https://mullvad.net), however I can still tunnel out using (Android) app. It appears to take a little longer than normal to connect and so maybe it's failing to reach a server lookup on mullvad.net and then falling back to using the IP directly, possibly. Is the VPN blocker designed to block VPN tunnels, or only block access to known VPN domains?

    0
    Comment actions Permalink
  • Avatar
    FirewallaSupportDesk

    We block VPN traffic based on domains/IP/common ports used by popular VPN protocols. Some VPN servers running on https (port 443) are very hard to detect. Firewalla is always improving and updating our VPN-blocking intel, but these servers can be extremely elusive. 

    While the root domain mullvad.net itself may not be considered as a VPN site, because you don't build VPN tunnel by communicating to mullvad.net. When a device is connected to VPN, check its flows, see if you see some VPN server like domains, or all flows appear to be sending over to particular IPs only. Share what you saw from the flows, so we can check. 

    0
    Comment actions Permalink
  • Avatar
    Robby

    Hi, I've used the android app to tunnel out to Zurich and then checked the flows of the device. At that moment (and over about 30 minutes) the only flows were to IPs 138.199.6.194 (UDP port 46837) and 138.199.6.207 (UDP port 13485), both flagged as Swiss and so undoubtedly associated with Mullvad. Both flows only revealed only an IP address, so the flow was IP-direct rather than via the mullvad.net domain

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Public VPN services does change IP addresses due to VPN blockers (or trying to evade other type of control). So it is not easy to get everything and block them at IP layer. Here is a quick write up and tips on this https://help.firewalla.com/hc/en-us/articles/360034318894-How-do-I-detect-and-block-VPN-use-on-my-network

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post