VPN blocking

2 posts / 0 new
Last post
RogerB
RogerB's picture
VPN blocking

I just installed DD-WRT on my r7000. Horay! I didn't brick it!

 

Anyway, one of the reasons I wanted more robust firmware is more security options.
One thing I was trying to resolve was that with the netgear firmware, I could not block my son from connecting his Iphone to the internet because he was using a VPN mode/program. How do I see if he is doing this with the DD-WRT firmware, and I do I prevent it if I so desire?

I am trying to view logs, but I see nothing in /tmp/var/log except for a 0 bye messages file.Under security I have Log enable and it set to "high."

 

Thanks for any info.

da_Beast
da_Beast's picture
I might be missing something.

I might be missing something.  His phone connects to the router and you block internet access from his device so he establishes a vpn to bypass your internet block?

 

How are you currently blocking his non-vpn internet access now?

Is it a vpn that rides on port 443?

 

You could use iptables to block all outbound traffic but port 80 and 443 (http://serverfault.com/questions/504208/ddwrt-iptables-block-outgoing-co...) -keep in mind you will need DNS so allow port 53 outbound to either your specific DNS provider or all ip addresses. If you time sync, you will need ntp open as well (port 123).

 

Do you know your son's phones mac address?  You could static reservation his phone and leave off the gateway - this will only work if he doesn't know how to add it back in manually.

 

You could also change the wifi password and not give it to him - or create a second ssid just for him - change it to isolated when you want him disconnected.

 

Did you disable the cellular data too?  He may just be using the cell data and not the wifi.