Can Synology routers block vpn, proxies, tor?

Currently reading
Can Synology routers block vpn, proxies, tor?

3
0
Router
  1. RT6600ax
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
  2. iOS
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
 
Hello I am looking for a router with advanced parental controls Can Synology routers block the vpn or proxy site?
any address can be blocked be it a public one or a public proxy. Vpn block would be best locked down with a firewall. Guessing we are talking about outgoing vpn?
 
no I dont know in advance :cry:
Well if you know what provider is in question then you can review their white paper and documentation to see what ports and protocols need to be allowed.

Here is an example of NordVPN official info:

For NordVPN to work, the 443 TCP and 1194 UDP ports need to be open. Your firewall or router must also allow passthrough for VPN

So you can't obviously block TCP/443 as you will not have access to anything else on the web, but you can block the popular UDP/1194 VPN port that Nord uses. Without it, there will no successful connection.

CyberGhost VPN on the other hand uses 5443/TCP, so blocking that traffic, will cut off access to any of its servers.

Check with the VPN provider and close the gate that way.

Also, you could use Network Center > Traffic Control > Monitor option to monitor accessed domains in real time for a particular machine (or review it from the past logs), and add the domain to a blocked web filter. That way you might also catch what VPN provider is being used in order to authenticate to it, and just block its root domain access. Without that, the person will not be able to pass authentication even if the traffic is being run on some alternative VPN port other than 1194.
 

Attachments

  • Screenshot 2022-12-04 at 10.46.33.png
    Screenshot 2022-12-04 at 10.46.33.png
    50.2 KB · Views: 43
Threat Prevention has ET Open signatures that cover TOR relayed and nodes, see the latest rules:

Reading the rule it looked to be checking for source IP, so it might be only applied to inbound requests from TOR but maybe it will be applied to returned packets from outbound requests… I don’t know.

SRM 1.3 includes the ability to block internal requests to DNS over HTTPS services, while retaining the ability for itself. This enables Safe Access to continue to be used for DNS over UDP/TCP and so apply web filtering Using the default 18 categories plus allowed/denied sites.

You can have firewall rules that block outbound access to TCP/UDP ports, or limited to an only the standard ports. That won’t stop access to proxies or VPN services using standard ports but would at least limit the access a bit.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Reuse in matter or minutes. New container on the new device with docker using the existing volume. BW will...
Replies
12
Views
923
I think I'm trying to ask how is the Drive desktop agent 'safe'. I know how VPN works and why to use it. I...
Replies
8
Views
894
Hi, I have DS 1817+ and added in Dual 10Gbit SFP+ Synology NIC so i can have 10Gbit link to my...
Replies
0
Views
582
Welcome to the forum! No. That FS is no supported on external drives Ofc Using Hyper Backup your can do...
Replies
1
Views
682
So I've set up Tailscale for everything, and I'm not sure what I will stick with. It's fine for me, but...
Replies
10
Views
1,988
FileZilla ftp’s to the NAS just fine. Kinda points at AliExpress cams. Asked Support if they’ve tried FTP...
Replies
6
Views
1,105
Correct, but DSM offers something called SHR (Synology Hybrid Raid). That is the default raid array that...
Replies
3
Views
1,877

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top