K12 Schools and VPN
-
We are a K12 school district. As most of you are aware, we are required to filter internet traffic for students but with the explosion of VPN apps and services being advertised on TV, this requirement is a challenge, to say the least. How many VPN commercials did you see yesterday that offer a ‘safe and secure’ connection for your device for a small monthly charge?
We provide internet to district-owned devices and student-owned devices such as notebooks, smartphone, and tablets. Our biggest challenge is student-owned devices since we have no control over what they install on them at home or wherever.
Are there any settings within pfSense that we can block all access to VPN connectivity? What are schools doing in your area to prevent this black hole access to the world? We are losing the battle over the legally required content filtering, please help.
-
There are lists of VPN CIDRs available which you can block.
There’s a list organised by ASN at https://github.com/Zalvie/nginx_block_files which might be worth a look. I’ve not used it but it’s a starting point.
-
Nice touch! LOL
-
Perhaps we can also use one that says "Meanwhile, back at the ranch".
-
Hmm, how about snort and the openappid-vpn_tunneling.rules. ruleset?
If you do go through with locking down VPN, please do your users a solid and make sure your Wireless environment is secure and users aren't at risk of packet sniffing or MiTM attacks.