-3

Is it possible to know is someone connected to my Wi-Fi network is using a VPN and block their connection?

CrossBones
  • 111
  • 1
  • 3
  • 1
    Are you talking about a specific implementation particular to your situation, or just "someone is using my wifi without permission?" Because VPN or not, if it's just someone using your wifi for a connection point, it's like any other connection, you just can't sniff the network traffic. If it's a function built into your access point or something else particular to your setup, you'd have to check the access point's status. – Bart Silverstrim Sep 14 '16 at 18:32
  • We have blacklisted some webpages but some people use services like vpn to bypass the restrictions. So I'm looking for a way to prevent VPN connections on the LAN @Bart Silverstrim – CrossBones Sep 14 '16 at 18:35
  • Ah, so you're saying you have authorize users on your network who are bypassing a filter using VPN's. That can be a cat and mouse game, if you don't control the client computers... – Bart Silverstrim Sep 14 '16 at 18:41
  • Exactly, I'm in charge of that in my college. Some websites like p2p websites are blocked but students use VPN on their cellphones to bypass the restrictions. A friend of mine told me that they block VPN connections in his office so I know its possible but don't know how. – CrossBones Sep 14 '16 at 18:43
  • Is the use of VPN actually causing a real problem? Remember this is an educational environment, not a work environment. You should avoid blocking things whenever you have a possible alternative. – Michael Hampton Sep 14 '16 at 21:19

1 Answers1

1

From the description, you may have quite a task if you want to try stopping authorized users from using VPN or encrypted proxy services from bypassing a blacklist and your router doesn't support Deep Packet Inspection.

If you control and monitor everything, you could try locking down the network with only certain ports (80 and 443 and whatever particular necessities are requested) are usable by clients. You can redirect all traffic through a proxy that supports a particular certificate that users' computers must accept, so you can essentially MITM the SSL traffic for websites. You can monitor bandwidth use and flag anomalous or excessive use. You can also throttle certain ports and connections.

I'd recommend not doing that, though, as it's going to be a huge amount of false alerts and headaches for you and your users that will probably foster resentment and incentivize them to abuse your network.

In a comment you said that users are bypassing by using the cellphone...in that case they're bypassing your network altogether.

At the end of the day I'd try to alleviate the issue by checking if your routers support deep packet inspection and block websites that offer proxy connections (not the same as VPN, but still helps people cheat block lists.) If you have a lot of time on your hands you could work on a system that monitors connected IP's on the egress points and tries to reverse-lookup to see if they are known VPN sites. I doubt you'll fully stop the problem without getting snapshots on the clients of what websites people are actually visiting...and that still depends on what amount of control you have on the client.

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • This is just speaking from my experiences in education and playing the typical cat and mouse game, trying to get along with duct tape and found hardware. Someone with more enterprise budget experience may know of better alternatives. – Bart Silverstrim Sep 14 '16 at 19:04