Can Synology routers block vpn, proxies, tor?

3
0
Router
  1. RT6600ax
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
  2. iOS
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
 
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
any address can be blocked be it a public one or a public proxy. Vpn block would be best locked down with a firewall. Guessing we are talking about outgoing vpn?
 
no I dont know in advance :cry:
Well if you know what provider is in question then you can review their white paper and documentation to see what ports and protocols need to be allowed.

Here is an example of NordVPN official info:

For NordVPN to work, the 443 TCP and 1194 UDP ports need to be open. Your firewall or router must also allow passthrough for VPN

So you can't obviously block TCP/443 as you will not have access to anything else on the web, but you can block the popular UDP/1194 VPN port that Nord uses. Without it, there will no successful connection.

CyberGhost VPN on the other hand uses 5443/TCP, so blocking that traffic, will cut off access to any of its servers.

Check with the VPN provider and close the gate that way.

Also, you could use Network Center > Traffic Control > Monitor option to monitor accessed domains in real time for a particular machine (or review it from the past logs), and add the domain to a blocked web filter. That way you might also catch what VPN provider is being used in order to authenticate to it, and just block its root domain access. Without that, the person will not be able to pass authentication even if the traffic is being run on some alternative VPN port other than 1194.
 

Attachments

  • Screenshot 2022-12-04 at 10.46.33.png
    Screenshot 2022-12-04 at 10.46.33.png
    50.2 KB · Views: 58
Threat Prevention has ET Open signatures that cover TOR relayed and nodes, see the latest rules:

Reading the rule it looked to be checking for source IP, so it might be only applied to inbound requests from TOR but maybe it will be applied to returned packets from outbound requests… I don’t know.

SRM 1.3 includes the ability to block internal requests to DNS over HTTPS services, while retaining the ability for itself. This enables Safe Access to continue to be used for DNS over UDP/TCP and so apply web filtering Using the default 18 categories plus allowed/denied sites.

You can have firewall rules that block outbound access to TCP/UDP ports, or limited to an only the standard ports. That won’t stop access to proxies or VPN services using standard ports but would at least limit the access a bit.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I just ordered 1 synology compatible drive, to test. lets see if this works.
Replies
8
Views
456
It may be worth checking your LAN as well. Busy times may saturate 1GB ethernet capacity. If your NAS has...
Replies
3
Views
479
  • Question
How is the HDD formatted? If NTFS, you could put it into a drive enclosure or dock/caddy, connect it via...
Replies
5
Views
547
Then you will see the install Connect option......for example:
Replies
4
Views
466
Welcome. ESXi is a VM on the NAS or a dedicated machine on the network?
Replies
1
Views
381
  • Question
I have Plex installed on my backup NAS, but for some strange reason have issues with indexing and it not...
Replies
8
Views
626
  • Question
The only way to get "DAS" speeds with a NAS is with a faster interface. 1821 has the option to go 10G and...
Replies
3
Views
480

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top