Jump to content


Photo

VPN Blocking

VPN Blocking Bypass

  • Please log in to reply
7 replies to this topic

#1 Alec

Alec
  • Members
  • 6 posts

Posted 22 February 2016 - 09:44 PM

I have already contacted support but they didn't really have an answer for this. :( I have a 410 Web Filter but people are able to bypass any restriction I put by using a VPN. There is no need for any use of a VPN so is there a way to block any VPN traffic in or out? It would be best if it could be filtered but from what I understand, since it is encrypted, that cannot be done. I read somewhere that you can block everything but port 80 and port 443 and that would block everything but I use other ports. Is that the best option?

Thanks in advanced  ;)



#2 Michael Greig

Michael Greig
  • Members
  • 167 posts

Posted 22 February 2016 - 09:50 PM

I have problems with VPN over 80 & 443 too...the ones marketed to bypass filtering often have the option to operate over http/s ports.

 

Blocking uncategorized sites helps a lot, but the 'collateral damage' has become too much in my situation.



#3 Alec

Alec
  • Members
  • 6 posts

Posted 22 February 2016 - 10:10 PM

Support said that the only way was to go through and find all of the IP's from all of the VPN services. This is nearly impossible. I know there are ways for websites to block VPN's. I just don't know how you would do the same but for a network.



#4 Alec

Alec
  • Members
  • 6 posts

Posted 22 February 2016 - 10:13 PM

There are some posts about schools and offices blocking VPNs. I have not found any posts on how they did this though.

This is one example: https://linustechtips.com/main/topic/61364-so-my-school-blocked-vpns/



#5 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 23 February 2016 - 12:07 PM

Hi Alec,

 

Identifying and defeating policy circumvention applications such as VPN software or browser tunnels programs is an ever changing cat and mouse game that is best tackled by a multiple layer or point strategy. What we would recommend is using a Firewall to block VPN connections in/out and then the web filter to apply further granular application blocking. We do have active tasks to improve accuracy on blocking things like Ultrasurf etc, but are still  in progress  



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#6 Alec

Alec
  • Members
  • 6 posts

Posted 23 February 2016 - 06:57 PM

Do you have any idea of how to block VPN connections? Would I just block ports?



#7 mheller

mheller

    Nobody

  • Moderators
  • 1,299 posts
  • LocationSan Jose, CA

Posted 24 February 2016 - 11:54 AM

There are several different types to block..

 

If it is just blocking VPN clients, then you can block items like Port 1194, or PPTP/IPSEC/GRE tunnels on the firewall

 

If it is browser based plugins, this becomes more of a burden as they generally design the plugins to alternate ports and use SSL traffic . This is where application identification comes in to play via web filter and firewalls etc. 



Matthew Willson-Heller
Support Escalation Manager, US

Barracuda Networks Inc.
Phone: +1 408.342.5300 x5346
Fax: +1 408.342.1061
Web: www.barracudanetworks.com



#8 Alec

Alec
  • Members
  • 6 posts

Posted 25 February 2016 - 03:23 PM

Ok thank you