Block IPSEC(IKEV2 IKE) / L2TP / openvpn all traffic



  • Greetings,

    I would like to block IPsec , L2TP and Openvpn all traffic in my lan. Most of users are using vpn tunnel to bypass content filtering restriction on network.

    Regards



  • You'd have to create rules that block those protocols. However, bear in mind that it's possible to change the port or even protocol to get around that. For example, you can configure openVPN to run TCP on port 80, instead of the usual UDP on 1194.



  • @scorpoin said in Block IPSEC(IKEV2 IKE) / L2TP / openvpn all traffic:

    Greetings,

    I would like to block IPsec , L2TP and Openvpn all traffic in my lan. Most of users are using vpn tunnel to bypass content filtering restriction on network.

    Regards

    @scorpoin: if you are managing the network for a business, then the best way in my view to handle this is to talk with management and see how serious they are about policing the traffic. If they really don't want the users doing that, then the best solution is a stern notice from Human Resources that the behavior is unacceptable and that violators will face consequences.

    Trying to handle something like this via technology only will not be successful in stamping it out. There are many ways users can circumvent the filtering technology. But if the users fear their employment may be at risk for circumvention of the filtering, then the incentive for them to search for hacks and workarounds to the ban is greatly reduced. Your job then as admin would be to continue to search for violations and then report the user to HR and them to handle the punishment.


Log in to reply