[macrodesk1]

How to prevent anyone to use any VPN software in their PC or device on top of my network using DD-WRT? How to identify the traffic whether it's a if using port 443 since I don't want to disallow port 443, but only the VPN.

[Alozaros]

The only way known to me to prevent VPN traffic..is to block the range of IP's related to the VPN..so,
the clients will not be able to establish communication...and this is almost impossible with consumer grade routers...as you need to find all the servers and ect...speaking of kids its a Cats and Dogs game...
If you block one, they will go to another and so on....you wont believe..but..kids are crafty this days... you can only cut their internet time based and impose a serious restriction rules via iptables/ipset rules, but this need a high grade consumer class router..that supports IPset and iptables -m time module... (for example Netgear R7800 or R9000)...
For more on IPset https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261 have a good read on the egc guide

[ho1Aetoo]

Doesn't China do that somehow with deep packet inspection?

[egc]

Another approach might be the use of ndpi (deep packet inspection), not sure if this works.
Under Acces restriction/ Blocked services.

But I have no experience with it.

Even if this works the VPN scramble option is able to circumvent this.

[Alozaros]

I didn't mention ndpi as back in the days it was very CPU consuming....especially on heavy traffic it overwhelms the router...there was an update recently...may be its improved...try it...
it may work..in fact DDWRT needs some users to try this and that...