Reply
Highlighted
Aspirant

How to block devices using VPN from accessing my router

I have a NetGear R7000 NightHawk router and I want to control access to my router.  The problem is when I try blocking a device using a vpn from using my internet, it doesn't work.  The device shows on my blocked list but is still able to access the internet.  Is there any way of fixing this issue.  I am trying setup restrictions for people in my home's internet access but the vpn is allowing them to bypass even the simple blocking of the device.  I don't want to have to turn off the router entirely simply to prevent one person from accessing the internet.  It is frustrating that my router's security is vulnerable enough to allow access my internet simply by using a vpn app.

Model: R7000|AC1900 Smart WIFI Router
Message 1 of 18
Highlighted

Re: How to block devices using VPN from accessing my router

Are you trying to block something coming in or something going out?

 

I don't understand this bit:

 


I am trying setup restrictions for people in my home's internet access...

 

in?

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 2 of 18
Highlighted

Re: How to block devices using VPN from accessing my router

What I gathered.  <Guessing > She lives in a communal living situation and wants to give some but not others internet access. 

 

The one she doesn't want to have access is using VPN to bypass AC.  So it's outbound.

 

What we don't know:

How this person is connecting?  Wired, wireless?

 

 

 

 

~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.64 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.84

Message 3 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

There are 8 people who live with me and have wireless access to my internet. I want the ability to restrict their access without having to constantly change my routers login information or turning off the router entirely.
Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 4 of 18
Highlighted

Re: How to block devices using VPN from accessing my router


@ErikaCSanchez wrote:
I want the ability to restrict their access without having to constantly change my routers login information or turning off the router entirely.

What do you mean by "login information"?

 

The wifi password? Or how you get at the control interface?

 

How are they discovering it?

 

Do you want to lock then out permanently? Or just some of the time?

 

Apologies for the questions, but the solution depends on clear details of what you are trying to do.

 

Perhaps you can also deal with the questions from @shadowsports. Our guesses may be way off track. So more information helps. We are flailing around here.

 

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 5 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

I only want to lock them out some of the time. They use a VPN (I know this because they told me) to get on the internet even when I see that their device is listed as “blocked” in my device list (I know they still have access because I see them on the device using the internet). I can’t just change the password all the time. Especially since there are too many other people who know the WiFi password and share it.
Message 6 of 18
Highlighted

Re: How to block devices using VPN from accessing my router

Hi,
You are making this way too difficult for yourself.
Don't be the gateKeeper or play the game.

Shared living situation. Share the bill 8 ways. 9 if you want to include yourself. Everyone has access. A bill like this would be peanuts and everyone wins.

Otherwise change the wireless password and no one but you gets internet. Solved.

~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.64 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.84

Message 7 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

Not that I should have to explain myself but, all the people who live with me are my younger siblings. All of whom I’m helping raise, all of whom live with me. I pay all the bills. But that is besides the point. I bought a WiFi router that supposedly had the ability for me to control what devices are on my network and restrict access. I can take the device away but the problem is on the principle that I bought the router for the security feature that would allow me not to have to resort to having to take the device away. A device needed for school work, writing essays etc.

It’s the principle of knowing that someone that may have once had access to my WiFi using the guest account log in information (a neighbor, the kids friends etc.) could use my WiFi, could continually use it and slow down my WiFi speeds even when I’ve “blocked” their access.

But thanks for the advice.
Message 8 of 18
Highlighted

Re: How to block devices using VPN from accessing my router


@ErikaCSanchez wrote:
Not that I should have to explain myself ....


Absolutely, but we needed to know the circumstances to be able to offer advice.

 

My view is that the VPN is irrelevant. It might help to work out how to operate things like parental controls and access control.

 

There is support material, including a manual, for the R7000 somewhere at the end of this link:

 

>>>> R7000 | Product | Support | NETGEAR <<<<

 

See the sections Set Up Parental Controls and Allow or Block Access to Your Network.

 

Maybe you have investigated this, you don't say.

 

It may be that the task at hand is too complicated for this router and its settings, especially if you want to set a different schedule for each user. These are pretty basic devices that lack significant network management.

 

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 9 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

Netgear you surprisingly sucked at helping this end user , your trouble shooting skills were questionable. Her questions were very much to the point and anyone reading from the beginning would clearly see what she needs , no need for the long assessments only to conclude with a no help sorry answer like that . This is worse than talking to a boy.

To end user if you still need assistance please email me at seandamrong@yahoo.com
Message 10 of 18
Highlighted
Tutor

Re: How to block devices using VPN from accessing my router

This is the worst support answer I have ever seen. 

I'm having the same problem as the OP.

Netgear R7000 has an option to block a device from accessing the network. It works (almost). The device will connet, assuming it has the security code, but won't be able to browse or use any application that need Internet. 

 

But, just install a little vpn app (like x-vpn) on a mobile phone and voilà, the person is free to surf the internet wihout any limitation.

 

Like you said "surprisingly sucked at helping"

Message 11 of 18
Highlighted
Tutor

Re: How to block devices using VPN from accessing my router

I would like to stay polite so I'll say: Just restrain yourself from commenting on any technical question. Thanks in advance.

Message 12 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

isp/router does not know is entry is from vpn or not from vpn, to many vpn servers to block all.  How to turn vpn passthrough on if r7900p used as router #1 and wrt3200acm/dd-wrt used as vpn router #2

Model: R7900P|Nighthawk X6S AC3000 Tri Band WiFi Router
Message 13 of 18
Highlighted
Master

Re: How to block devices using VPN from accessing my router

@Syphr53, @Adjani, no one here responding is from Netgear or its Support Organization, just END-USERS like you.

 

What makes this difficult to understand is because DEVICE blocking is done by MAC IP Address. VPN's I've see do NOT use a different MAC IP Address. The go to a servers somewhere who then is either a gateway to some private network or goes on the Web using an IP Address of the VPN's server farm.

 

So, if the VPN does change the MAC Address, well, there isn't much the router can do about that. If however it doesn't, then the problem is 'why does it not block the device, but then you'd expect it to do the same thing for all devices.

 

What is missing is PROOF this is happening? LOG files would help here, showing the blocked device getting an IP Address. Also a scren shot of the device? Showing the IP Address it had and/or that it is not on Cell service if a phone?

 

Not sure how the device had been blocked either. I've seen reports of Genie and Nighthawk mobile app NOT blocking access to the Internet and when it does, LAN access is still there. Then again, others in that same thread stating it DOES work.

 

For all I know, and without specific of HOW it was blocked, maybe this is the real problem and has nothing to do with VPN even?

 

No, I do NOT work for NETGEAR nor am I associated with them.

 

Want Netgear Support, use the SUPPORT link at top, then log in, MY SUPPORT and OPEN A CASE with NETGEAR. Out of free Support, well, if you want it, you'll have to pay for it.

Message 14 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

This is pretty simple to fix. Instead of allowing everyone and blocking some, you simply block all by default and add the allowed devices (using the MAC address) to the allowable list in the router table. This prevents users from connecting unless their device(es) are in the list (unless they are spoofing an allowable MAC address. If this is the case then you are dealing with knowledgeable users who will find another way around). Typically, the rule of thumb is to make it too difficult for someone to try and figure out, which will cause them to look at other available connections (maybe your neighbors) to use.

Message 15 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

I have just gone through the same type incident with my 16 y/o son. I was lucky enough to get malicious attack alert's on my phone from Bit Defender which I had downloaded onto the router. It kept giving me the same url everytime and I confronted him today about it. He said he didnt know but of course, being the nosy dad I was, I went down the road...

 

I asked him to turn on the VPN while I was there so I could see if that was triggering the Bitdefender. It was, we executed the on and off precoess three times to ensure we would get the same results and every time he turned on the VPN I received the malicous alert.

Phase II....

 

I then used the Disney Circle which I paid $50 for the year for (not a bad price for it's functionality) to restrict his data useage by ensuring he was on theb "Teen" level and also ensured the "VPN's and Proxies" was set to "Not Allowed", which it was. I then had him uninstall the program X-VPN (the app he was using) and reinstall because I wanted to check for myself what it would look like on my end when he did it again. I also wanted to see if maybe the program was installed prior to me purchasing and restricting his phone and that had something to do with Disney Circle not catching the VPN. He downloaded, reinstalled and fired it right up no problem. I began a text chat with Disney Circle representative. After I had told them everything I have stated here, they said their was nothing more they could do. So, here am I....looking for answers. I am not the tech guy, but some one here is. There has to be a way to defeat VPN's. As far as my son is concerned I have restricted his phone via facetime...but seriously, a program that seems specifically designed to hide what you are doing and to subvert the parents responsibility in this internet age...and to not have an answer is very troubling.

Model: R7000P|Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router
Message 16 of 18
Aspirant

Re: How to block devices using VPN from accessing my router

Blocking VPN's can be tricky, but not impossible. By design they are programs that are designed to encrupy what you are doing. But since you are running your traffic thru a different IP, you can use them (as your son does) to bypass fltering software. In order to block a VPN you need ti understand more about the VPN your son is using. A good article to read is https://www.pcmag.com/news/how-to-block-unauthorized-vpns

But basocally you need to block the ports that the VPN is trying to use. Most VPN's use standard ports to communicat and blocking thos ports effectivenly will disable the VPN. Below is a list of common ports for VPN types:

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
    • IP Protocol=GRE (value 47)   <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
Message 17 of 18
Highlighted
Aspirant

Re: How to block devices using VPN from accessing my router

Thank you so very much!! My post was focussed around my son but only as an example of what I was concerned about as a whole. Reading the previous posts I was not sure there would be much help, however, you have proved me wrong and I thank you.

Message 18 of 18
Top Contributors
Discussion stats
  • 17 replies
  • 9422 views
  • 1 kudo
  • 9 in conversation
Announcements