MR2200ac Block vpn access

[erka]

Hi,
I'm using 3 MR2200 in our house. Works fine with each users.
We've got 3 kids, so the Safe Access app inside the syno is very helpful.
Unfortunately (or maybe hopefully ) my 15 years old son, is now able to bypass Safe Access by using a vpn with his smartphone.
Technically I'm glad to see him autonomous.
But in the same time, I'm embarrassing because he use vpn to access porn websites.
So my question, what can I do? Is it possible to detect and block vpn access? Or any other method to protect my kids from dangerous websites.
Thanks a lot

 

[Shadow]

Try to find out what VPN service he uses. For example, NordVPN, ExpressVPN etc etc.

It may be possible to block the domains of these VPN services to prevent an initial connection setup (won't disconnect a running session). If it uses a special destionation port (other than 443), then you can block this port for outgoing traffic on your entire LAN.

Here in Network Center -> Traffic Control -> Domain

A bit of a long shot, but maybe also a possibility to spot to which domain he is connecting to for his VPN connection.

 

[HockeyDad33]

I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNS

AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.

 

[ethancaine]

I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNSView attachment 2427

AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

View attachment 2428

The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.

My son has been using a VPN to access the internet "after hours". While I don't care what sites he goes to, I do care about blocking his late night gaming. Will using OpenDNS in the manner you suggested be able to stop him from manually assigning a DNS on his machine to circumvent OpenDNS?

Also, my wife uses a VPN for work. Is there a way to allow her VPN while disallowing any others?

 

[itsjasper]

Is your son still using the vpn on the wifi, or going straight out on mobile broadband connection? if the latter, the best option is parental controls on the device itself (Screen Time & Family Controls on IOS)

If Wifi, look at the Internet Scheduling in Safe Access.