K12 Schools and VPN



  • We are a K12 school district. As most of you are aware, we are required to filter internet traffic for students but with the explosion of VPN apps and services being advertised on TV, this requirement is a challenge, to say the least. How many VPN commercials did you see yesterday that offer a ‘safe and secure’ connection for your device for a small monthly charge?

    We provide internet to district-owned devices and student-owned devices such as notebooks, smartphone, and tablets. Our biggest challenge is student-owned devices since we have no control over what they install on them at home or wherever.

    Are there any settings within pfSense that we can block all access to VPN connectivity? What are schools doing in your area to prevent this black hole access to the world? We are losing the battle over the legally required content filtering, please help.



  • There are lists of VPN CIDRs available which you can block.

    There’s a list organised by ASN at https://github.com/Zalvie/nginx_block_files which might be worth a look.  I’ve not used it but it’s a starting point.