Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Newbie
    Join Date
    Feb 2010
    Posts
    9

    Default

    Both rules are using tarpit.

  2. #12
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,928

    Default

    I meant the application tab not rules. /admin/index.do#apps/1/application-control/applications

    Just a wild guess.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #13
    Newbie
    Join Date
    Feb 2010
    Posts
    9

    Default

    No, I don't even have any of the "VPN and Tunneling" selections checked at all since I have a rule covering that in the Rules tab.

    Has anyone been able to validate that UT can in fact block connections from ProtonVPN? I know in the end it's using OpenVPN behind the scenes but the client seems like when it encounters a block or slow down it looks for another port to go out on. I'm just curious if it's something with my particular set up or if in the end it's just not possible with UT right now.

  4. #14
    Master Untangler
    Join Date
    May 2008
    Posts
    943

    Default

    Could it be switching to tcp if udp fails?

  5. #15
    Newbie
    Join Date
    Feb 2010
    Posts
    9

    Default

    That's what it seems like.

  6. #16
    Newbie
    Join Date
    Feb 2010
    Posts
    9

    Default

    So is it just futile to use Untangle to block ProtonVPN connections?

  7. #17
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    672

    Default

    Since VPN products like ProtonVPN are meant to subvert network security, I would think that if it can be done, blocking them would involve using Untangle creatively and aggressively. It would probably mean orchestrating the functionality of two or more apps. It would probably require being aggressive with violators through policies.

    I can't say it can be done without breaking things you don't want to break, but I also think it's a little premature, on the basis of a couple Application Control attempts, to call it futile. I don't mean that to be critical but rather encouraging. Think outside the box.

  8. #18
    Newbie
    Join Date
    Feb 2010
    Posts
    9

    Default

    it's a little premature, on the basis of a couple Application Control attempts, to call it futile.
    I've done more than attempt a couple of App Control rules.

    As I mentioned at the beginning of this thread I've tried everything suggested in the post Unable to block OpenVPN IOS app which utilize the Firewall app, Event Triggers and Policies. None of that works.

    I've also stated I tried blocking VPN connections within App Control's Application tab and writing custom rules against different attributes (Category and ProtoChain), which again doesn't work.

    As it appears right now it does seem futile to try and block ProtonVPN with Untangle. I'm a huge fan of the product and not trying to offend, but if this seems like a silver bullet to get past UT, both vendor and customer should be aware so it can be addressed in a timely manner and Untangle can continue to be an awesome platform.

  9. #19
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    672

    Default

    My apologies. i didn't look at the other thread.

    My point was simply to consider changing tactics. Is the problem ProtonVPN or the users? If it's hard or impossible to block the VPN product (which, as I noted, is by design), is it possible to penalize the user and solve the problem?

    Just trying, without success, to be helpful.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2