How to block VPN Apps?

Follow

fshoukat

January 19, 2016 15:25

There are so many apps (free and paid) that allow iPhone/iPad/Android users to install a VPN profile on their phones and browse the internet bypassing the OpenDNS settings I have put in place, rendering OpenDNS totally useless.

 

Please add this feature to OpenDNS so we are able to block VPN apps or services or websites

Apps like betternet, tunnelbear, hotspotshield etc how to block them?

-1

• 

  rotblitz January 19, 2016 16:55

  As always in any such cases:

  The app makes (fully) use of DNS:
  Add the related domain names to your "always block" list at the dashboard.
  Your OpenDNS stats may help you to find the related domains.

  The app does not (only) make use of DNS:
  You block the related ports, protocols and/or IP address ranges on your router.
  Search the internet for "block <appname>" to usually find hints and instructions about how to do this.

  Because of the everchanging internet world I cannot imagine to add something like this as a feature in OpenDNS, especially because OpenDNS cannot help if the apps do not work based on DNS.

  0

  Comment actions Permalink
• 

  newsogn November 30, 2017 13:17

  can you go into more details about ports blocking. I want to set up my router so that I have to go through the OpenDNS server and unable to get through with a VPN. is this possible?

  0

  Comment actions Permalink
• 

  jlefebre November 30, 2017 13:47

  Is this a home setup or business scenario?

   

  I would advise blocking any DNS requests that do not go to the OpenDNS servers - this will block the majority of attempts to bypass OpenDNS. I would also suggest creating a scheduled report for Proxy/Anonymizers daily so you can see if someone is looking into bypassing.

   

  Blocking DNS requests that aren't destined to OpenDNS servers would look similar to this:

   

  allow port 53 > 208.67.222.222

  allow port 53 > 208.67.220.220

  deny port 53 > any

   

  Also, having the roaming client on machines helps block this type of issue as it intercepts DNS requests 

  1

  Comment actions Permalink
• 

  hrekmos January 29, 2018 15:41

  for android users, try blocking play.google.com on the router or OpenDNS. prevents downloading apps from the playstore. For Apple users, guess can block the app store

  0

  Comment actions Permalink
• 

  rotblitz January 30, 2018 12:51

  Not a good idea.  The devices may miss important security updates then. :(

  0

  Comment actions Permalink
• 

  magdiel1975 December 14, 2018 17:53 (Edited December 14, 2018 18:00)

  Well, 

  I believe OpenDns is doing something about this because a lot of the vpns I use stop connecting to the internet a few months ago... as soon as I stop using OpenDns servers, they connect...so I guess OpenDns is blocking the connection to some of the vpn apps, which in a way is good for us parents.

  Kids are using vpn apps to bypass any parental controls at the router level and I am so glad a lot of them now will not even connect.

  I know VPNs are not a bad thing, but most kids are using them to bypass any parental controls at home and at school.

  installing vpn app in the browser does not require the Admin password, so any standard user can install it and use it.

  I always thought it would be great for OpenDns to add vpn connections to their "Proxy Anonymizer" list...maybe that's what they are doing?.. I really hope so.

  0

  Comment actions Permalink

Please sign in to leave a comment.