Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    K12 Schools and VPN

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 1.1k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      comforttech
      last edited by

      We are a K12 school district. As most of you are aware, we are required to filter internet traffic for students but with the explosion of VPN apps and services being advertised on TV, this requirement is a challenge, to say the least. How many VPN commercials did you see yesterday that offer a ‘safe and secure’ connection for your device for a small monthly charge?

      We provide internet to district-owned devices and student-owned devices such as notebooks, smartphone, and tablets. Our biggest challenge is student-owned devices since we have no control over what they install on them at home or wherever.

      Are there any settings within pfSense that we can block all access to VPN connectivity? What are schools doing in your area to prevent this black hole access to the world? We are losing the battle over the legally required content filtering, please help.

      1 Reply Last reply Reply Quote 0
      • M Offline
        motific
        last edited by

        There are lists of VPN CIDRs available which you can block.

        There’s a list organised by ASN at https://github.com/Zalvie/nginx_block_files which might be worth a look.  I’ve not used it but it’s a starting point.

        1 Reply Last reply Reply Quote 0
        • provelsP Offline
          provels
          last edited by

          Nice touch! LOL
          7c364b1c-1e01-4a04-89aa-739fe4787800-image.png

          Peder

          MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ Offline
            JKnott @provels
            last edited by

            @provels

            Perhaps we can also use one that says "Meanwhile, back at the ranch". 😉

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            G 1 Reply Last reply Reply Quote 0
            • G Offline
              gawainxx @JKnott
              last edited by gawainxx

              Hmm, how about snort and the openappid-vpn_tunneling.rules. ruleset?

              If you do go through with locking down VPN, please do your users a solid and make sure your Wireless environment is secure and users aren't at risk of packet sniffing or MiTM attacks.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.