• I want to implement some restrictions on my home network using pfSense (block certain websites, P2P traffic, etc). Unfortunately, as far as I understand, you can bypass those restrictions using a VPN and/or proxy. Is there a way to block network users from using a VPN (especially SSL based VPNs) and proxies?

  • Block all, and transmit surf to your own proxy.
    Proxy is abble to filtering data transferts on port 80/443 (application layer ?).

  • So I need to setup Squid on pfSense?

  • In pro environment, the proxy must be on different device.
    It's for a personnal use, yes you can install on pfSense (I never try).

    Browsers must be configured to use proxy.

    If you open SMTP, IMAP and POP port, you must add in destination the address of the email server, because, if destination is "ALL", it's possible to hosting any service on this port (proxy, etc.).

    With proxy, you can obtain log access, filter (by url, url list, words, etC.), check virus in the surf, etc.