My kids are bypassing Netgear Live Parental Controls by using hotspot shield vpn
I recently enabled Netgear Parental Controls.
However, my son is able to access all the materials as before as if the router has no Netgear Live Parental Controls at all.
I found that he was using hotspot shield vpn free proxy, which unlocks all the block sites.
What can I do to prevent this from happening again?
Is there any settings in the netgear router that can block all these vpn-based bypassing utilities?
-
If your (unspecified) router model has some feature like this, then it is not LPC related. Your best bet is to visit the Netgear support site or Netgear community site to search or post there.
What a quick internet search returned about blocking Hotspot Shield and what you want to achieve is:
Block the following TCP and UDP ports outbound:
11948040-80458245
Make sure the following domains are blocked:
hotspotshield.comhotspotshield.netanchorfree.comanchorfree.netopenvpn.net
-
Note, Hotspot Shield VPN does not "unlock" anything blocked by OpenDNS. It creates a VPN tunnel, which effectively bypasses your DNS settings and many other security settings on your network.
In addition to what rotblitz said you also need to make sure your son does not have administrative access on the computer or other devices he is using. If he does it doesn't matter what you configure, he can easily bypass or change whatever you set and do whatever he wants regardless of your wishes.
-
Anchorfree Hotspot Shield is a so called Portable Application and simply runs without installing it. It doesn't require any administrator rights. But you're right, his son should not use an administrator account, just a regular user account.
Further, this tool does not really allow free access to everything. When I last tried it out, it blocked even more than my OpenDNS settings. It's not a good tool for circumvention of anything, because you cannot be confident that something isn't blocked by this tool. There are far better tools, but these almost require administrator rights for installation.
-
Thanks for all the comments.
My son doesn't have administrative access. His account is a standard one in Windows 10.
It seems that he installed Hotspot Shield VPN as a web browser (Chrome) extension.
It works really well.
Is there something useful in Windows firewall that can ultimately prohibit VPN connections?
I bought the Netgear product because the seller said it has a good parental control feature.
I am quite disappointed.
And I thought this forum was Netgear community because I was directed to here when I clicked the Parental Control feature in the router setting window. It seems Netgear just uses OpenDNS for their Parental Control.
-
"Is there something useful in Windows firewall that can ultimately prohibit VPN connections?"
Sure, you can configure the restrictions (ports and domains just for Hotspot Shield) also on the Windows firewall, but I rather thought configuring them on the router. You still didn't say what exact router model you have. Netgear supplies so many models...
But these features are not related to "Live Parental Controls" anyway. They are pure Netgear router features if they are provided at all. Your user manual should document these.And there is nothing in the world which could "ultimately prohibit VPN connections" except if you run an internal proxy server or a sophisticated firewall, because every VPN service may use different technology. So you must take measures almost specific for a certain VPN service only.
"I bought the Netgear product because the seller said it has a good parental control feature... It seems Netgear just uses OpenDNS for their Parental Control."
This is all correct, this Live Parental Controls (powered by OpenDNS) is very good, given that you understand its working principle and related limitations. OpenDNS is a recursive DNS service, and it can block everything which is DNS related. VPN connections are not necessarily DNS related and do not necessarily make use of DNS, i.e. host name resolution. Also, VPN services are not necessarily in scope for parental controls; there are even VPN services with parental controls built in, like Hotspot Shield which blocks a lot of stuff, as I already said.
"And I thought this forum was Netgear community"
Nope, the Netgear community is here: https://community.netgear.com/
"...because I was directed to here when I clicked the Parental Control feature in the router setting window."
This was correct, because the Netgear Live Parental Controls forum section here is solely about what it says: Live Parental Controls (powered by OpenDNS). For everything else like router hardware, other router features, firmware or the Genie software this here is not the right place. The topic raised by you (blocking Hotspot Shield) doesn't fall under "Live Parental Controls" as mattwilson9090 explained already: "Hotspot Shield VPN does not "unlock" anything blocked by OpenDNS. It creates a VPN tunnel, which effectively bypasses your DNS settings and many other security settings on your network".
-
Hi rotblitz,
Thank you for the thorough, nearly perfect answers.
"You still didn't say what exact router model you have."
-> Netgear Nighthawk R8300
"but I rather thought configuring them on the router."
-> I am sorry that I didn't mention that I already tried this with the information that you gave in your first comment.
But it didn't work.
"Hotspot Shield which blocks a lot of stuff, as I already said."
Does this mean that I can actually use Hotspot Shield as a stronger Parental Control?
"It creates a VPN tunnel, which effectively bypasses your DNS settings and many other security settings on your network".
-> It seems that VPN tool like Hotspot Shield is widespread among teenagers. What is the purpose of Parent Control?
If the title of the feature is Parent Control, then I think it should be a tool that all the parents can rely on.
Otherwise, the proper title should be DNS domain name filter.
-
Netgear Live Parental Controls does not have all of the features of OpenDNS and it's a total waste of time to individually block each vpn/anonymizer site as there are hundreds to choose from.
Instead, configure your router to use OpenDNS as your DNS server (208.67.222.222 and 208.67.220.220) and use OpenDNS to take control of this situation.
Router changes should be done under Network Configuration > LAN Settings
Then, find your public IP address, and configure your network on OpenDNS.com site.
At last, navigate to content_filtering and check Proxy/Anonymizer category to be blocked
This will prevent Hotspot and any other VPN services that your son will try to establish VPN tunnel.
You should also try to find out the purpose for which VPN was used in the first place. Since it will mask your identity and location, smart kids are using it as a safe way to access illegal materials. So if your son was downloading pirated music and movies by disabling VPN you will have him completely exposed and traceable back to your home.
-
"I already tried this with the information that you gave in your first comment. But it didn't work."
It should work. Maybe a problem with your router ignoring such settings?
"Does this mean that I can actually use Hotspot Shield as a stronger Parental Control?"
Unfortunately Anchorfree do not publish what exactly they block and what not.
"If the title of the feature is Parent Control"
No, they advertise with "unlimited access" which is simply not true.
"Router changes should be done under Network Configuration > LAN Settings"
I'm not so sure about that. Configuring external resolver addresses on the DHCP/LAN side impacts or even breaks local name resolution. You should do this only if you do not need local name resolution. The correct place to configure external resolvers is the WAN side of the router.
Please sign in to leave a comment.
Comments
8 comments