Can Synology routers block vpn, proxies, tor?

Currently reading
Can Synology routers block vpn, proxies, tor?

  1. RT6600ax
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
  2. iOS
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
any address can be blocked be it a public one or a public proxy. Vpn block would be best locked down with a firewall. Guessing we are talking about outgoing vpn?
no I dont know in advance :cry:
Well if you know what provider is in question then you can review their white paper and documentation to see what ports and protocols need to be allowed.

Here is an example of NordVPN official info:

For NordVPN to work, the 443 TCP and 1194 UDP ports need to be open. Your firewall or router must also allow passthrough for VPN

So you can't obviously block TCP/443 as you will not have access to anything else on the web, but you can block the popular UDP/1194 VPN port that Nord uses. Without it, there will no successful connection.

CyberGhost VPN on the other hand uses 5443/TCP, so blocking that traffic, will cut off access to any of its servers.

Check with the VPN provider and close the gate that way.

Also, you could use Network Center > Traffic Control > Monitor option to monitor accessed domains in real time for a particular machine (or review it from the past logs), and add the domain to a blocked web filter. That way you might also catch what VPN provider is being used in order to authenticate to it, and just block its root domain access. Without that, the person will not be able to pass authentication even if the traffic is being run on some alternative VPN port other than 1194.


  • Screenshot 2022-12-04 at 10.46.33.png
    Screenshot 2022-12-04 at 10.46.33.png
    50.2 KB · Views: 35
Threat Prevention has ET Open signatures that cover TOR relayed and nodes, see the latest rules:

Reading the rule it looked to be checking for source IP, so it might be only applied to inbound requests from TOR but maybe it will be applied to returned packets from outbound requests… I don’t know.

SRM 1.3 includes the ability to block internal requests to DNS over HTTPS services, while retaining the ability for itself. This enables Safe Access to continue to be used for DNS over UDP/TCP and so apply web filtering Using the default 18 categories plus allowed/denied sites.

You can have firewall rules that block outbound access to TCP/UDP ports, or limited to an only the standard ports. That won’t stop access to proxies or VPN services using standard ports but would at least limit the access a bit.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Now that I know NAS logs give a positive answer to logging in and off, From the ONVIF camera.... I have...
Correct, but DSM offers something called SHR (Synology Hybrid Raid). That is the default raid array that...
Thank you, I was not aware of this table. From my database you can see which manufacturers' memories are...
  • Question
In Control Panel there's Task Scheduler where you can initiate running scripts.
I tried the data recovery method described in this article, and everything worked out for me. The proposed...
  • Question
I think it's going to be one of those, 'you'll know when you need to upgrade' type of things. Until then...
Thanks for the feedback. Glad you go it sorted. This thread might help others in similar situations.

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads