VPN Connection unblocks filter

Comments

35 comments

  • Avatar
    rotblitz

    There's nothing to fix but all normal. If you configured OpenDNS for your network, most likely on the router, it cannot work on your work place's network, same as it doesn't work on my network.  You may ask the network admins of your work place to use OpenDNS too. :)
    If your work place is a school, you have good reasons for "parental filter", else less.

    Depending on how this VPN is set up, you may be able to configure OpenDNS resolver addresses on the computer you establish the VPN connection with.  Your router configuration is totally out of scope here though.

    0
    Comment actions Permalink
  • Avatar
    Chris Frost

    Hi gman18,

    While using a VPN connection, or another connection that routes your DNS and other traffic through a remote host, your DNS settings will change and reflect the DNS settings of the hosting server or computer.

    As a result, It is not possible to specify a DNS resolver to be used while on these types of connections. To remedy this issue, you will need to request that the hosting server or computer be set to also use OpenDNS as its DNS resolver.

    We have instructions for configuring our DNS services available here: <https://store.opendns.com/setup/>

    -Chris

    Customer Support Representative

    0
    Comment actions Permalink
  • Avatar
    donnaafifi
    I've been using this VPN provider https://www.iwasel.com/en/ for over a year and it always helps me to unblock internet filters perfectly and anonymously everywhere.
    0
    Comment actions Permalink
  • Avatar
    tz246

    I had the same problem. The company I work for uses the Cisco AnyConnect Client with split-tunneling disabled. What this means is that when I connect to my work VPN, my local DNS servers are changed and all DNS queries are forced to go through my work DNS/AD servers. If I pull up a command/DOS prompt before I connect to VPN and do type "ipconfig /all" my DNS server is 192.168.1.1 (which is my ISP router where my OpenDNS DNS servers are configured). If I do the same thing after connecting to VPN, my DNS servers are changed to 10.x.x.x (my work DNS/AD servers).

    The fix for me was to remove the OpenDNS Updater from the PC that I use to connect to VPN on and install it on my wife's laptop (she doesn't use VPN at all). This way, the OpenDNS Updater will only change my public IP when my ISP changes it every so often.

    0
    Comment actions Permalink
  • Avatar
    brookefox

    Our kids are using VPNs to get around OpenDNS filtering and thus doing things they ought not to be doing. Is there any way to filter the VPNs they are using, or any other way to address this with or outside of OpenDNS, say through an Asus router?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    In case the VPNs are DNS based, you can block them with OpenDNS, else not.

    Provide them with regular user accounts, not with admin accounts.  And yes, you may be able to block special ports used by the VPNs on your router.

    0
    Comment actions Permalink
  • Avatar
    Kristy Patullo

    You could also try creating a Firewall rule that forces DNS requests through OpenDNS using the instructions here: https://support.opendns.com/entries/26374985-Preventing-circumvention-of-OpenDNS-with-firewall-rules.  This may not help with VPNs but it prevents users who manually change their DNS settings from bypassing OpenDNS and is another way to 'lock down' the use of our service.  Also, as rotblitz said if these VPNs are DNS based you can block their domains by adding them to your **Always Block** list, we have instructions to block domains here: https://support.opendns.com/entries/34435010-Getting-Started-Blocking-Allowing-Specific-Domains-with-Whitelist-Blacklist

    0
    Comment actions Permalink
  • Avatar
    brookefox

    Thank you, rotblitz and Kristy. I will try to muddle through with those two suggestions and post back with results.

     

    0
    Comment actions Permalink
  • Avatar
    oflynnbren

    I have the same problem - OpenDNS worked great for a me for a number of years and I felt safe to allow them use their smartphones until my children discovered the joys of VPN. they now doenload and install various VPN applications and bypass the dns filters (as well as various router filtering rules I have configured) these are downlaodable from android play. any advice?

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    If the apps are downloadable via the Android Play store the only way OpenDNS can do anything about them is if they somehow use OpenDNS in their operation *before* the VPN tunnel is created. That's pretty unlikely.

    OpenDNS can do nothing to prevent installing these apps unless you block the entire appstore since once you are already in the store any app is available.

    Aside from that, if they want to bypass OpenDNS all they need to do is use their data connection or someone else's WiFi.

    Your first step would be finding a way to prevent installing these apps in the first place, but OpenDNS certainly can't do that for you.

    1
    Comment actions Permalink
  • Avatar
    alphacrucisradionetwork

    With the Play store, they are likely turning off Wifi and, instead, are using the 3G/4G connections on their phones to download and install apps, there is no way you can stop that.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @alphacrucisradionetwork
    What has your message to do with "VPN Connection unblocks filter"?  Can you please explain?

    "there is no way you can stop that."

    Oh, there is!  Simply use a mobile service provider package for your kids' smartphones offering mobile voice calls only, no internet connection like 3G/4G or GPRS.  Then they must connect to WiFi to get an internet connection.  So easy!

    -3
    Comment actions Permalink
  • Avatar
    alphacrucisradionetwork

    Just one problem with that, Your kids could still  go down to the local Starbucks and use the Google Play store at the local Starbucks, since it would not be blocked there.

     

     

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes,sure, they can do this.  So what solution would you expect?  Especially, what has OpenDNS to do with this? The free version with content filtering is for home use only, for networks you own.  Not for VPNs and other WiFi networks.  The only solution OpenDNS can offer is OpenDNS Prosumer with running an Agent app on the iOS smart device, but this can easily be uninstalled by the kids.

    As I can see, your only solution is to take the smartphones away from your kids, or remove the WLAN adapter from the smart device.  What else?  One thing is for sure: you're posting in the wrong forum here.  What you're looking for has nothing to do with OpenDNS.

    -3
    Comment actions Permalink
  • Avatar
    magdiel1975 (Edited )

    @gman18 - I am in the same boat as many other parents and schools who have web filters running on their network. Kids are simply using Firefox or Chrome VPN plugins which do not require admin accounts to download and install, bypasses any and all filtering even at the router level. 

    I know it can be done because I have tried to use those vpn plugins at work and it does not connect, but If I use it at home, it connects fine.  So, I guess some type of proxy server would have to be setup along with some firewall settings..but that is pretty complicated for us parents.

    I've been reading some of the responses here and some seem to be border line rude.. and I've noticed most of the time it's from the same person.."the know it all".. no need to mention any names, but you know who you are.- -

    For the "non Opendns know-it-all" --- if you like to hang around these forums trying to "help" with questions, have a little more patience and try to remember most people that come here for help are not as knowledgeable as you are. Try to point them in the right direction or answer their questions without making them look like idiots for asking a "stupid" question.

    I've read your responses in other topics and most of the time you come across like a jerk and I've seen people call you out on that.. just chill dude.. you're not getting paid by OpenDns, but honestly, you have ZERO customer service or technical support quality... you may know your stuff, but you suck at helping others.

    3
    Comment actions Permalink
  • Avatar
    Nickemens (Edited )
    0
    Comment actions Permalink
  • Avatar
    highsprings

    @magdiel1975 - I couldn't agree more...I guess someone had to say it!

    0
    Comment actions Permalink
  • Avatar
    l1t

    The standard home OpenDNS service only affects DNS lookups. So you can go into your content filtering settings and block proxy/anonymizer/vpn access, and that will prevent access to the VPN sites and will block the VPN clients from connecting unless the VPN client isn't using DNS. If it is using hard-coded IP addresses, OpenDNS isn't going to stop it. The OpenDNS Umbrella service might address the issue, and it works regardless of what network the device is connected to, but that isn't free, and unless you're using parental control software on your kids' devices, they have control over what apps are on their devices anyway. But can we please get people to stop submitting VPN sites as porn sites? They aren't. If you don't want to allow VPN access on your network, then block VPN sites in your content filter settigns (proxy's, anonymizers, vpn's), but please people, stop mislabeling URL's as something they aren't. It makes the service unusable in many instances, which is really unfortunate.

    0
    Comment actions Permalink
  • Avatar
    2ninerromeo

    Here's a litte problem I've ben running into.  My son is a clever kid and has apparently installed some proxy plugins.  I'm looking for a way to stop him from using those as we've discovered his porn habit recently.  I've looked in my history and found a bunch of these domains clearing even though I have proxy's and anonymizers blocked. 

    hoxxproxytesthelper96259.com

    Hoxx appears to be a proxy service made to defeat domain filtering, but it seems to rely on a formulaic domain name.  I thought I might be able to block this in OpenDNS by explicitly blocking hoxxproxy*.com, but this is rejected as an invalid domain.  I suppose there could be a solution along the lines of blocking the ip address and or port of the service.

    Any Ideas?  I'll keep digging and report back on my findings.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Well, a domain hoxxproxytesthelper96259.com does not exist in DNS, therefore it cannot be accessed.  No reason to be concerned.

    nslookup hoxxproxytesthelper96259.com.
    Server:         192.168.178.1
    Address:        192.168.178.1#53

    ** server can't find hoxxproxytesthelper96259.com: NXDOMAIN

    Another measure would be to provide your son with a regular user account as should be, not with an admin account.  This prevents him from installing many things and from changing network settings (e.g. DNS server addresses).

    "I thought I might be able to block this in OpenDNS by explicitly blocking hoxxproxy*.com, but this is rejected as an invalid domain."

    You cannot block wildcards or keywords this way.  You only can block domains, where example.com covers this and all its subdomains like www.example.com, images.example.com, etc.

    "I suppose there could be a solution along the lines of blocking the ip address and or port of the service.."

    Definitely.  But this has nothing to do with DNS and therefore cannot be done with OpenDNS.  You block IP addresses and ports directly on your router if this has the capability.

    0
    Comment actions Permalink
  • Avatar
    earl007a

    @magdiel1975 Agree!  There is an assumption here by at least one responder that parents give their kids access to do whatever they want.  Not true.  My kids are NOT admins are their computers.  Each of their computers has Norton Parental Control as well.  Their phones' data plan locks down to no data after 10 pm via my service provider.  However, wifi is still available.  Guess what, they are using VPN to get to places they shouldn't be.  And my son told me they use it at school as well to get past what the school blocks.  Taking away phones is not an option, I need to be able to contact them if I need to.  And there is an assumption by teachers that every kid has a phone or laptop during class to do research.

    I just bought a new router with OpenDNS control.  I bought it for the parental controls alone.  OpenDNS is advertised as a great way to impose parental controls.  Well, after two days of trying all kinds of restrictions and looking through the support I now find I can't stop VPN.

    My teens are tech savvy and they talk with other kids at school about how to get around controls.  They go to homes where there is no controls to get what they need to circumvent controls.  I can't stop what goes on outside my home, but I at least want the ability to control at my own home.  If there is a way for OpenDNS to impose VPN blocking in future builds I suggest they do.  It would close a gapping hole in their product.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "If there is a way for OpenDNS to impose VPN blocking in future builds I suggest they do."

    You'll have to block the Proxy/Anonymizer category.  Also, you have to block the protocols and ports being used by VPN on the router.  This cannot covered by OpenDNS, because it is connectivity related, not necessarily DNS related.

    If you configure the OpenDNS FamilyShield addresses 208.67.222.123 and 208.67.220.123 directly on the end user devices (i.e. your kids' devices), you are able to block the Proxy/Anonymizer category also outside your home network.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "If there is a way for OpenDNS to impose VPN blocking in future builds I suggest they do."

    This is now there - in Cisco Umbrella.  They wont give Umbrella features away for free.
    https://support.umbrella.com/hc/en-us/articles/115001077988

    0
    Comment actions Permalink
  • Avatar
    earl007a

    @rotblitz  Thank you for the quick response!  Yes, I tried blocking the protocols/ports on the router.  Unfortunately, it caused problems getting to other sites.  Amazon Prime music stopped, even though I couldn't find where they had overlapping protocols/ports.  I will take a look at the Umbrella features.

    0
    Comment actions Permalink
  • Avatar
    enegron68

    How about a checkbox on the OpenDNS settings that states block known vpns / anonymizers?

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Yes, you are right, use this checkbox.  This is what it is good for!

    0
    Comment actions Permalink
  • Avatar
    enegron68

    It doesn't stop known vpns,,,

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    How does one "stop known vpns"?  Any suggestions or examples?

    0
    Comment actions Permalink
  • Avatar
    enegron68

    VPN blacklist. There's a few sites that have them.

    0
    Comment actions Permalink

Please sign in to leave a comment.