How to Identify clients using VPN.

kazim_riaz

Hi,

i am new to PFSENSE, i have configured it and its working excellent, but some of my users using VPN through downloading open VPN or using VPN services through browsers VPN options, my question is how i can identify my users that are using VPN connections so i can set limiter for them to minimize the traffic.

Thanks.

johnpoz

Well for starters the VAST majority of their traffic will be going to just 1 IP on 1 port.. Vs multiple connections all over the place..

If they are using standard openvpn it would be connection on udp 1194.. But if using through tcp 443 for example. Again they would only be going to the 1 destination IP.

Rico

Business environment?
We have a simple solution for this:

1. Technically don't allow users to install anything on their machines
2. By their employment contract it's not allowed to download and/or install random stuff or browse the Internet for fun all day long.

There are lists around with VPN server IPs you could try to use in Firewall Rules or pfBlocker, but you will have a hard time to keep them close to complete....you'll play a cat-and-mouse game with your Users all the time.
And the really sneaky dudes will start to run their own VPN servers at home or VPS...cat-and-mouse again. ;-)

-Rico

johnpoz

^ all good info to be sure.

But again a simple IP accounting of traffic will show you who is using a vpn.. If all of their traffic is going to 1 destination. They either really like that 1 site, or they are using a vpn ;)

So unless they are smart enough to only use the vpn (over 443) to hit sites that are blocked by your normal content filtering, and send everything else normal.. It pretty easy to spot with just basic IP accounting.

Rico

Yeah I agree 100%
BUT if you start blocking port 1194 or VPN server IP 1.2.3.4 they start trying to get around this by using other ports like TCP 443, they try other VPN servers, and so on.

It's depending on your network size and the number of Users anyway...line of action would be different with a network of say 30 machines and 2 Users going with VPN or if you have 2000 machines and 100 VPN Users.

-Rico

johnpoz

True they will always try and circumvent to be sure ;) Its what users do..

Until you fire a couple for violation of company policy... I never get why users do shit on their work machine vs why not just surf shit on your phone over lte if you want to surf ;)

Rico

Because there is a little chance the boss/supervisor think they actually do some work when typing on their work machine. ;-)

-Rico

kazim_riaz

Thanks for your replies, I ask HR Team to prepare a note for the users so we can avoid VPN traffic.

Thanks again.

williamclarks

This post is deleted!

williamclarks

This post is deleted!