ClearOS Feature Request
Need to block psiphon and other vpn/proxy apps.
I am having problems with people using psiphon to get around my content filter. I am not sure what I would need to put into place to stop this. Any help or ideas would be greatly appreciated.
Share this post:
Responses (4)
-
Accepted Answer
I asked DNSThingy Support (the people behind Gateway Management) and they have said:
Here is the article we share on how to block Psiphon.
https://community.adamnet.works/hc/en-us/articles/360010803974-How-to-block-Psiphon
A business subscription is required for the DTTS (Don't Talk to Strangers) feature. Psiphon can be blocked on a blacklist (block the bad) as well as a whitelist (allow only the good), however, the blacklist always requires upkeep (continual adding of domains used to host the service) where a whitelist does not. So a allow only the good scenario is the ultimate way to go
It does look like a GM Business is needed. -
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
If you are using the Proxy in Transparent mode, then you have no chance as it only intercepts traffic to TCP port 80. At a minimum you'd need to use a non-transparent mode - either Authenticated or non-Authenticated. Either mean you have to change people's browser settings or set up Web Proxy Auto-Discovery.
You could try the protocol filter in the Proxy and VPN sections, but I have a feeling the OpenVPN filter only blocks traffic on UDP:1194 and many VPN providers use other ports.
Ultimately the more powerful tool is Gateway Management but that has a cost attached. It also has the benefit of being much lighter on resources.
Could you give me more information on how to block it using Gateway Management please. -
Accepted Answer
If you are using the Proxy in Transparent mode, then you have no chance as it only intercepts traffic to TCP port 80. At a minimum you'd need to use a non-transparent mode - either Authenticated or non-Authenticated. Either mean you have to change people's browser settings or set up Web Proxy Auto-Discovery.
You could try the protocol filter in the Proxy and VPN sections, but I have a feeling the OpenVPN filter only blocks traffic on UDP:1194 and many VPN providers use other ports.
Ultimately the more powerful tool is Gateway Management but that has a cost attached. It also has the benefit of being much lighter on resources.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »