Hi!
Is there any list/rule subscription to explicitly block ProtonVPN?
The students are already on the Zero Trust Policy but ProtonVPN is still smiling.
Hi!
Is there any list/rule subscription to explicitly block ProtonVPN?
The students are already on the Zero Trust Policy but ProtonVPN is still smiling.
Hey @edanpedragosa looking at https://api.protonmail.ch/vpn/logicals it appears they are using protonvpn.net
as the root domain for all their servers, so adding that to a block list with sub-domains included option enabled, that should block all the servers,
Yes, I’ve done that but it can still smile with no problem.
The only thing that worked for now is the old whack a mole thing to block the following IP/CIDR:
I may be blocking too much right now but at least it has stopped some from smiling at us until new moles has popped up.
I hope you can have a list subscription like PSIPHON for ProtonVPN, NordVPN, ExpressVPN, et cetera.
@edanpedragosa you will want to review your enablers and allow rules because outside of the domain @atw mentions above, the only attempts are direct-by-IP, which DTTS® will block for you. If connections are successful, it means one or more of your Enablers or Rules are permitting the connection.
Yes David, you were right. Sorry for my nonsense noise…
Disabling the following rule, makes protonvpn frown.
Now the issue is on how to make the messaging apps work again.
Voice and Video calls does not work with that disabled.
Do you have any suggestion to allow messaging apps to work again.
For now, at least the following:
Investigating on it more on my part of the globe, it is trying to check and connect to the following ports:
So I limited the opened UDP port range to not include those ports for now to at least allow where those messaging apps usually connects.
Thanks for letting us know. In short, what I’d recommend is you build dashboard-based enablers for the services you do need. Telegram and WhatsApp are already official enablers, but we don’t recommend or use WeChat, so we’ve never created an official one, but if you want to start a support session, we’ll help you build one. Same with Facebook Messenger.
I now use dashboard-based enablers and it is working great as usual.
dashboard-based enablers are very helpful with an added benefit of being able to enable it to only selected policies.
Kudos to the team!