What's new

Help please ? Parental issues with blocking VPN and IP spoofing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

takitezsdc

Occasional Visitor
HELP please? The problem is this....ok so you all know that merlin / asus router has DNS settings and for example I have OPENDNS as my dns provider. You set the DNS in router in the WAN section to point the router by putting in Opendns DNS numbers in WAN>Internet connection>Wan DNS Setting>DNS 1 and DNS 2.
So then in AIProtection >Parental Controls>DNS filtering you turn it on and i put the Global filtering to ROUTER.

So if the above is correct and in Merlins info on Global Filtering it says it forces DNS settings to all devices. SO if that is true...WHY and HOW can my kids use a VPN to circumvent this ? I mean it still coming from my network......so why does it bypass the DNS settings and allow them to use another dns? So why is it letting them bybass my dns settings ?

Also why cant we set the router up to NOT keep handing out different ip address ? I mean.....if i set up my DHCP range from 50- to 75.......then i would have 25 DHCP addresses to auto hand out .......and if i am using 24 of them for devices on my network that would leave 1. SO why cant there be a way to hand out X number of ip address on our network and BLOCK all the rest of the IP addresses? Or BIND the device to the IP that was given out......so they can not change the IP?

I must be missing something, because my idea above would solve all the parental issues it seems that people are having with kids and unwanted users . Then if u handed " Billy" a ip of 192.168.1.67 for his iphone......he could not change the IP because all the IPs would be blocked or used by other devices.......and then we are left with the DNS issues which stump me, because i dont understand if i have my router set to force all devices to use my DNS settings.....WHY its allowing VPN connections to use whatever dns they want is beyond my tech knowledge..........sigh any help?
 
I cannot speak to Asus Merlin software but what you want to do is very doable with many types of routers. Blocking VPN can be a bit tricky if it uses port 80 but a Layer7 firewall can do it. Also many firewalls can use the MAC address in filtering so it does not matter what IP the client uses. My firewall does all this. So it can definitely be done. The question is can your firewall do it. And unfortunately that is a question I cannot answer but there are some on this forum that can.
 
I cannot speak to Asus Merlin software but what you want to do is very doable with many types of routers. Blocking VPN can be a bit tricky if it uses port 80 but a Layer7 firewall can do it. Also many firewalls can use the MAC address in filtering so it does not matter what IP the client uses. My firewall does all this. So it can definitely be done. The question is can your firewall do it. And unfortunately that is a question I cannot answer but there are some on this forum that can.

You are playing a game a wack a mole with VPN. With Astrill VPN's app I can quickly switch between ports 53,443 and 8292.
 
You are playing a game a wack a mole with VPN. With Astrill VPN's app I can quickly switch between ports 53,443 and 8292.

With a decent Layer7 firewall, the port does not matter but getting the application signature can take a while. My firewall has the signatures for several of the most popular VPN's but not Astrill. I would have to get the signature before I could stop it. But yes it is still a wack a mole type deal in that users could continually use different VPN apps. In other words if someone is motivated enough they can always find a way around security. Personally if my kids were trying that hard to get around security I would cut them off from internet completely. To each his own.
 
Similar threads
Thread starter Title Forum Replies Date
Z Please help, getting hacked to pieces General Network Security 4

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top