Hotspot Shield VPN Blocking

steoank · 01-06-2012, 12:40 PM

I've seen multiple posts on the forums about blocking hotspot shield and there seems to be either two responses:

1. "It's impossible to block all these https proxies"

2. "Do this and this and web filter and they can't get to the site"

So 1, not helpful, basically saying users on the network can get on, deal with it.

And 2, as long as someone already has the exe or dmg there is no reason to get onto the site.

In short, I've already blocked the site even to the point of on the IT network, which we allow almost everything for testing, we can't download it because protocol control blocks the actual download via Fasttrack. The network is for a school campus, and the students can use this vpn software to access anything we block. I've found a few articles about the ports used and have been playing in a test rack with firewall installed with no luck. It's all greek to me with the firewall, so maybe someone else has some insight?

UDP Ports to block from some google searching were: 1194, 8040-8045, 8245.

dmorris · 01-06-2012, 03:40 PM

I think you're misunderstanding #1.
They're saying that you can block it, but you have to understand that without some disciplinary ability they'll just change to a different technique after you block one technique.

I think hotspot uses openvpn so it should be fairly easy to block. firewall will work if it uses consistent ports. Protocol Control will work if you write an openvpn signature.
If not 9.2 has an app with an openvpn signature that you can use to easily block it.

gotkimchi · 01-06-2012, 03:44 PM

good news, I am testing the 9.2 and just tested the hotspot shield. The new app will be your new best friend.

dmorris · 01-06-2012, 03:48 PM

Quote:

Originally Posted by gotkimchi

good news, I am testing the 9.2 and just tested the hotspot shield. The new app will be your new best friend.

with the openvpn signature?

gotkimchi · 01-06-2012, 03:53 PM

Nope, if you check mark the rules for the ultrasurf.

steoank · 01-10-2012, 07:17 AM

Wow, thanks guys. We have been putting off updating as it can be troublesome during the academic day, and at a boarding school you don't really get downtime in the same way as day schools. We have scheduled the upgrade for tomorrow and I will check out this new app and ultrasurf block.

dmorris · 01-10-2012, 08:33 AM

Quote:

Originally Posted by steoank

Wow, thanks guys. We have been putting off updating as it can be troublesome during the academic day, and at a boarding school you don't really get downtime in the same way as day schools. We have scheduled the upgrade for tomorrow and I will check out this new app and ultrasurf block.

Application Control isn't available until 9.2, which isn't available yet as an upgrade. It is still in beta. So I would just wait a few more weeks.

http://forums.untangle.com/announcem...available.html

01-06-2012, 12:40 PM	#1 (permalink)
steoank Newbie Join Date: Jul 2011 Posts: 13	Hotspot Shield VPN Blocking I've seen multiple posts on the forums about blocking hotspot shield and there seems to be either two responses: 1. "It's impossible to block all these https proxies" 2. "Do this and this and web filter and they can't get to the site" So 1, not helpful, basically saying users on the network can get on, deal with it. And 2, as long as someone already has the exe or dmg there is no reason to get onto the site. In short, I've already blocked the site even to the point of on the IT network, which we allow almost everything for testing, we can't download it because protocol control blocks the actual download via Fasttrack. The network is for a school campus, and the students can use this vpn software to access anything we block. I've found a few articles about the ports used and have been playing in a test rack with firewall installed with no luck. It's all greek to me with the firewall, so maybe someone else has some insight? UDP Ports to block from some google searching were: 1194, 8040-8045, 8245.

01-06-2012, 03:40 PM	#2 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	I think you're misunderstanding #1. They're saying that you can block it, but you have to understand that without some disciplinary ability they'll just change to a different technique after you block one technique. I think hotspot uses openvpn so it should be fairly easy to block. firewall will work if it uses consistent ports. Protocol Control will work if you write an openvpn signature. If not 9.2 has an app with an openvpn signature that you can use to easily block it. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

01-06-2012, 03:44 PM	#3 (permalink)
gotkimchi Administrator Join Date: Jan 2007 Location: Bay Area Posts: 2,075	good news, I am testing the 9.2 and just tested the hotspot shield. The new app will be your new best friend. __________________ to be understood, you must first understand. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

01-06-2012, 03:53 PM	#5 (permalink)
gotkimchi Administrator Join Date: Jan 2007 Location: Bay Area Posts: 2,075	Nope, if you check mark the rules for the ultrasurf. __________________ to be understood, you must first understand. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-10-2012, 07:17 AM	#6 (permalink)
steoank Newbie Join Date: Jul 2011 Posts: 13	Wow, thanks guys. We have been putting off updating as it can be troublesome during the academic day, and at a boarding school you don't really get downtime in the same way as day schools. We have scheduled the upgrade for tomorrow and I will check out this new app and ultrasurf block.