Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21
  1. #11
    Untangler
    Join Date
    Apr 2019
    Posts
    32

    Default

    I think i solved it, I added a rule on the Application Control for the Students policy, using Block all TCP port 443 traffic that is not HTTPS, and this has blocked BetterNet from connecting

    We dont have any other apps, that students need to use outside of normal https conditions, so this should work.

    Fingers crossed!

    Thanks for the input to those that offered up advice

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,125

    Default

    Oh my good sir... you're going to be removing that rule as soon as school starts in the morning...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Untangler
    Join Date
    Aug 2016
    Posts
    95

    Default

    Is it being used on the same devices every time? How many? If you're getting the alerts maybe you could add a tag to the offending mac addresses to put them in their own child category of your existing rack to enforce this rule on a smaller group of devices.

  4. #14
    Newbie deleted_account+263757@untangle.com's Avatar
    Join Date
    Jul 2019
    Location
    Malta
    Posts
    10

    Default

    Here is the problem that I can see, Application control only sees these apps as ssl, so you cant block or put in penalty box as the apps are not recognized at all.

  5. #15
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,856

    Default

    Sigh. It's like he didn't really read anything we wrote at all.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,125

    Default

    Quote Originally Posted by jcoehoorn View Post
    Sigh. It's like he didn't really read anything we wrote at all.
    And then changed gears to use a nuclear weapon to drive a nail...

    Incoming unintended consequences in 3...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Untangler
    Join Date
    Apr 2019
    Posts
    32

    Default

    I set the rule exactly as you recommended, but for some reason I am not seeing the traffic, I can see Betternet connecting on the test device from looking at the open ports using netstat on a MAC, and see the IP (Betternet) connects to is different everytime. But, I am not sweeing any traffic from the device after connecting (but that is correct right, since as soon as it connects to Betternet, the traffic is bypassing UT, so how can I see that traffic)

    I will change the Penalty box rule to 5 mins as you suggested and see what happens

    If I check the device IP in the Session view, I dont see traffic after the BN VPN has connected. So how can I check the rule is working?

  8. #18
    Untangler
    Join Date
    Apr 2019
    Posts
    32

    Default

    Quote Originally Posted by sky-knight View Post
    Oh my good sir... you're going to be removing that rule as soon as school starts in the morning...
    lol, yep, Doh!, it wasnt a morning fix, more like 1 minute later and undid that one straightaway!

  9. #19
    Untangler
    Join Date
    Apr 2019
    Posts
    32

    Default

    Quote Originally Posted by sky-knight View Post
    Oh my good sir... you're going to be removing that rule as soon as school starts in the morning...
    lol, yep, Doh!, it wasnt a morning fix, more like 1 minute later and undid that one straightaway!

  10. #20
    Untangler
    Join Date
    Apr 2019
    Posts
    32

    Default

    I have set this rule up again, this time with a shorter time on for the penalty, of 600 seconds/10 mins

    Under Application Control - BETTRNET is Set as Tarpit and Flag only

    Under Bandwidth Control the following is set:

    Action type = tag host
    Tag Name= penalty-box
    Tag Time (seconds) =600

    See screen shots.

    The Penalty Box is set to Limited Severely

    All Settings fall under the correct rack

    Students and the Test machine are set using IP address and IF NOT Domain Member and Traffic for both devices appear in the correct policy

    But, I still cannot see the BN Traffic and on the test clients I am still getting the same internet speeds, downloading an Apple 8 GB update for example, or DL a large test file, I get the same speed as if I were connected directly on the Network without Betternet. I also left it running for 1 hour and it downloaded 3 GB of 8 from the OS Update from Apple, yet BetterNet state the FREE version (my Test version) is Limited to 500 MB!

    What AM i doing wrong?

    I wonder if it is the rules placement on the Bandwidth Control, should it be in any particular order?

    Capture.PNG

    Capture2.PNG

    BC Rules.PNG
    Last edited by timfisher2000; 10-25-2019 at 08:52 PM.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2