MR2200ac Block vpn access

Currently reading
MR2200ac Block vpn access

1
0
NAS
DS218+ & MR2200ac
Router
  1. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Hi,
I'm using 3 MR2200 in our house. Works fine with each users.
We've got 3 kids, so the Safe Access app inside the syno is very helpful.
Unfortunately (or maybe hopefully 😊) my 15 years old son, is now able to bypass Safe Access by using a vpn with his smartphone.
Technically I'm glad to see him autonomous.
But in the same time, I'm embarrassing because he use vpn to access porn websites.
So my question, what can I do? Is it possible to detect and block vpn access? Or any other method to protect my kids from dangerous websites.
Thanks a lot
 

Shadow

Subscriber
689
246
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Try to find out what VPN service he uses. For example, NordVPN, ExpressVPN etc etc.

It may be possible to block the domains of these VPN services to prevent an initial connection setup (won't disconnect a running session). If it uses a special destionation port (other than 443), then you can block this port for outgoing traffic on your entire LAN.

Here in Network Center -> Traffic Control -> Domain
1604355606425.png


A bit of a long shot, but maybe also a possibility to spot to which domain he is connecting to for his VPN connection.
 
1
0
NAS
DS411+,DS1618+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNS
Picture1.png


AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

Picture2.png


The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.
 
1
0
NAS
DS918+, DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
I had a similar issue ( my Child using VPN to get around Game blocks) and I use a DNS service called OpenDNS to block access. Please see Home Internet Security | OpenDNS. OpenDNS has two free services (and several paid). I use OpenDNS Home, which is configurable and free (Full disclosure: OpenDNS is owned by Cisco and I am a Cisco Employee)

Once you create an account at OpenDNS, you can have the Synology router that acts as your internet gateway setup to use OpenDNS as it’s DNS server. See section below on “Manually Configure DNS server” and use those addresses which will point the DNS service to OpenDNSView attachment 2427

AT OpenDNS, you can configure your Web Content Filtering. Here is my current set-up

View attachment 2428

The key to block VPN use is “proxy/Anonymizer”

Note: you can also block websites by name (up to ~20 for free) and they also have a “never block” list where you can allow access to web sites and circumvent the above blocks. (For example,if you have a paid VPN service that you want to use for your access.)

Note: These rules are on top of any rules you set up on Safe Access

Hope this helps.
My son has been using a VPN to access the internet "after hours". While I don't care what sites he goes to, I do care about blocking his late night gaming. Will using OpenDNS in the manner you suggested be able to stop him from manually assigning a DNS on his machine to circumvent OpenDNS?

Also, my wife uses a VPN for work. Is there a way to allow her VPN while disallowing any others?
 
127
54
NAS
2x DS920+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. iOS
Is your son still using the vpn on the wifi, or going straight out on mobile broadband connection? if the latter, the best option is parental controls on the device itself (Screen Time & Family Controls on IOS)

If Wifi, look at the Internet Scheduling in Safe Access.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Nothing out of the box. There is only a single VPN system notification that you can use, and that's not...
Replies
1
Views
103
I've also configured SSTP Vpn and I got an issue in MS WIndows 10 Pro (not in Android). I configure the...
Replies
0
Views
720
I would like opinion from real users, like you :-) opened! thnx!
Replies
14
Views
903
Yes of course. That’s what I’m doing with my VDSM, and was doing with DDSM. But no kill switch. I have to...
Replies
53
Views
2,954

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top