aaronburro
DD-WRT Novice
Joined: 12 Nov 2018
Posts: 38
|
 Posted: Thu Apr 11, 2019 5:01 Post subject: |
 |
I'm not completely sure what your setup is, but it sounds like you are setting a wireless AP for people to connect to. From that, I think you are asking if it's possible to block the people who connect to your AP from using their own VPNs or web proxies.
For VPNs, the answer is frankly "no." You could block commonly used VPN ports (e.g., 1194 for OpenVPN), but nothing stops users from changing to another port. A common tactic to avoid VPN blocking is to use port 443, which happens to be the default port for https traffic. You can't reasonably block that port, because you will render basically all websites inoperable, making your AP useless. You would have to do packet inspection on 443 to detect VPN connection attempts, and that's not really feasible from DD-WRT. I suspect even those connection attempts are encrypted, so you really wouldn't even be able to do packet inspection.
I'm not familiar with web proxies, but I suspect the answer is the same.
Motivated users will find ways around your attempts to block VPNs and proxies via DD-WRT. Your best bet is just to implement QoS restrictions to prevent abusive users from using too much bandwidth. I recommend following this guide to get a basic setup going. That, or Hotspot shield (whatever that is) will stop casual users from doing whatever you don't want them doing.
I would also suggest you turn on AP Isolation, to prevent wireless clients from being able to communicate with each other. However, be warned that AP Isolation ONLY works for clients on the same wireless interface (or VAP). If you have, for instance, a 2.4GHz interface (e.g., wl0) and a 5GHz (e.g., wl1) interface, under normal setups, clients on wl0 will be able to see clients on wl1 and vice versa. There are workarounds for this, some better than others.
Also, if you have SSH and/or telnet enabled, you will also 100% want to block SSH and/or telnet access to the router from your wireless clients. |
|
