MR2200ac Block vpn access

Currently reading
MR2200ac Block vpn access

1
0
NAS
DS218+ & MR2200ac
Router
  1. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi,
I'm using 3 MR2200 in our house. Works fine with each users.
We've got 3 kids, so the Safe Access app inside the syno is very helpful.
Unfortunately (or maybe hopefully 😊) my 15 years old son, is now able to bypass Safe Access by using a vpn with his smartphone.
Technically I'm glad to see him autonomous.
But in the same time, I'm embarrassing because he use vpn to access porn websites.
So my question, what can I do? Is it possible to detect and block vpn access? Or any other method to protect my kids from dangerous websites.
Thanks a lot
 
Try to find out what VPN service he uses. For example, NordVPN, ExpressVPN etc etc.

It may be possible to block the domains of these VPN services to prevent an initial connection setup (won't disconnect a running session). If it uses a special destionation port (other than 443), then you can block this port for outgoing traffic on your entire LAN.

Here in Network Center -> Traffic Control -> Domain
1604355606425.png


A bit of a long shot, but maybe also a possibility to spot to which domain he is connecting to for his VPN connection.
 
I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNS
Picture1.png


AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

Picture2.png


The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.
 
I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNSView attachment 2427

AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

View attachment 2428

The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.
My son has been using a VPN to access the internet "after hours". While I don't care what sites he goes to, I do care about blocking his late night gaming. Will using OpenDNS in the manner you suggested be able to stop him from manually assigning a DNS on his machine to circumvent OpenDNS?

Also, my wife uses a VPN for work. Is there a way to allow her VPN while disallowing any others?
 
Is your son still using the vpn on the wifi, or going straight out on mobile broadband connection? if the latter, the best option is parental controls on the device itself (Screen Time & Family Controls on IOS)

If Wifi, look at the Internet Scheduling in Safe Access.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

OHHH, I totally missed this too - I assumed he had it set up on his DS920+. So, same goes for my answer...
Replies
5
Views
527
  • Question
Others that are far more familiar/intelligent will answer too, but my understanding is this is down to the...
Replies
1
Views
898
Only if that combination is not using split DNS. If that device is in full tunnel, then yes, it's fine. TP...
Replies
3
Views
1,448

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top