Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (4) →
Joshua Mahr
Joshua Mahr
Offline
ClearOS Feature Request

Need to block psiphon and other vpn/proxy apps.

Resolved
0 votes
I am having problems with people using psiphon to get around my content filter. I am not sure what I would need to put into place to stop this. Any help or ideas would be greatly appreciated.
In Content Filter Engine
Thursday, January 17 2019, 04:05 AM
Subscribe via email
Share this post:
Responses (4)

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Friday, January 18 2019, 09:04 AM - #Permalink
    Resolved
    0 votes
    I asked DNSThingy Support (the people behind Gateway Management) and they have said:
    Here is the article we share on how to block Psiphon.
    https://community.adamnet.works/hc/en-us/articles/360010803974-How-to-block-Psiphon

    A business subscription is required for the DTTS (Don't Talk to Strangers) feature. Psiphon can be blocked on a blacklist (block the bad) as well as a whitelist (allow only the good), however, the blacklist always requires upkeep (continual adding of domains used to host the service) where a whitelist does not. So a allow only the good scenario is the ultimate way to go

    It does look like a GM Business is needed.
    The reply is currently minimized Show

  • Accepted Answer

    Dirk Albring
    Dirk Albring
    Offline
    Thursday, January 17 2019, 09:08 PM - #Permalink
    Resolved
    0 votes
    It'd be nice if the guys at eGloo could rig something up for psiphon and other VPN tunneling apps in their Netify application and/or protocol filters. Maybe ClearOS could request that from them?
    The reply is currently minimized Show

  • Accepted Answer

    Joshua Mahr
    Joshua Mahr
    Offline
    Thursday, January 17 2019, 04:08 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    If you are using the Proxy in Transparent mode, then you have no chance as it only intercepts traffic to TCP port 80. At a minimum you'd need to use a non-transparent mode - either Authenticated or non-Authenticated. Either mean you have to change people's browser settings or set up Web Proxy Auto-Discovery.

    You could try the protocol filter in the Proxy and VPN sections, but I have a feeling the OpenVPN filter only blocks traffic on UDP:1194 and many VPN providers use other ports.

    Ultimately the more powerful tool is Gateway Management but that has a cost attached. It also has the benefit of being much lighter on resources.


    Could you give me more information on how to block it using Gateway Management please.
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Thursday, January 17 2019, 08:46 AM - #Permalink
    Resolved
    0 votes
    If you are using the Proxy in Transparent mode, then you have no chance as it only intercepts traffic to TCP port 80. At a minimum you'd need to use a non-transparent mode - either Authenticated or non-Authenticated. Either mean you have to change people's browser settings or set up Web Proxy Auto-Discovery.

    You could try the protocol filter in the Proxy and VPN sections, but I have a feeling the OpenVPN filter only blocks traffic on UDP:1194 and many VPN providers use other ports.

    Ultimately the more powerful tool is Gateway Management but that has a cost attached. It also has the benefit of being much lighter on resources.
    The reply is currently minimized Show
Your Reply