How to block VPN Apps?

Comments

6 comments

  • Avatar
    rotblitz

    As always in any such cases:

    The app makes (fully) use of DNS:
    Add the related domain names to your "always block" list at the dashboard.
    Your OpenDNS stats may help you to find the related domains.

    The app does not (only) make use of DNS:
    You block the related ports, protocols and/or IP address ranges on your router.
    Search the internet for "block <appname>" to usually find hints and instructions about how to do this.

    Because of the everchanging internet world I cannot imagine to add something like this as a feature in OpenDNS, especially because OpenDNS cannot help if the apps do not work based on DNS.

    0
    Comment actions Permalink
  • Avatar
    newsogn

    can you go into more details about ports blocking. I want to set up my router so that I have to go through the OpenDNS server and unable to get through with a VPN. is this possible?

    0
    Comment actions Permalink
  • Avatar
    jlefebre

    Is this a home setup or business scenario?

     

    I would advise blocking any DNS requests that do not go to the OpenDNS servers - this will block the majority of attempts to bypass OpenDNS. I would also suggest creating a scheduled report for Proxy/Anonymizers daily so you can see if someone is looking into bypassing.

     

    Blocking DNS requests that aren't destined to OpenDNS servers would look similar to this:

     

    allow port 53 > 208.67.222.222

    allow port 53 > 208.67.220.220

    deny port 53 > any

     

    Also, having the roaming client on machines helps block this type of issue as it intercepts DNS requests 

    1
    Comment actions Permalink
  • Avatar
    hrekmos

    for android users, try blocking play.google.com on the router or OpenDNS. prevents downloading apps from the playstore. For Apple users, guess can block the app store

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Not a good idea.  The devices may miss important security updates then. :(

    0
    Comment actions Permalink
  • Avatar
    magdiel1975 (Edited )

    Well, 

    I believe OpenDns is doing something about this because a lot of the vpns I use stop connecting to the internet a few months ago... as soon as I stop using OpenDns servers, they connect...so I guess OpenDns is blocking the connection to some of the vpn apps, which in a way is good for us parents.

    Kids are using vpn apps to bypass any parental controls at the router level and I am so glad a lot of them now will not even connect.

    I know VPNs are not a bad thing, but most kids are using them to bypass any parental controls at home and at school.

    installing vpn app in the browser does not require the Admin password, so any standard user can install it and use it.

    I always thought it would be great for OpenDns to add vpn connections to their "Proxy Anonymizer" list...maybe that's what they are doing?.. I really hope so.

    0
    Comment actions Permalink

Please sign in to leave a comment.