I have a couple of "at risk" teens (I won't say what) who need an extra level of Internet filtering and restriction for their own protection against their use of really bad judgment. I've already enabled the OpenDNS parental control URL/content filters on my Netgear R8000 router but one of the teens has figured out how to install a VPN on mobile. I want to enable the router's OpenVPN feature for better overall security for all of us. But is there a way to block the use of an "unauthorized" VPN, like on a mobile device, without also effectively blocking my router's OpenVPN as well? I was looking at this post (https://community.netgear.com/t5/...) but wondered if anyone here has experience with this.

  • 3
    Can't you only whitelist the ip address of your own VPN and block everything else at router level?
  • 0
    Hmm. Hadn't even thought of that. Makes sense. I'll give that a try when I'm ready to unleash all these changes. It's particularly tricky when the schools seem to assume one's router is wide open for pretty much any traffic the school wants to put across the network. Thanks!!
  • 1
    @stackodev You could even setup a separate WiFi router for this and don't give them the password to other networks 😄
  • 2
    Pfsense; set up a box as a gateway/edge router in front of your APs, then do what linuxxx suggests. Also block any and all traffic to DNS other than pfsense, and route to your preferred provider.

    Only you will have access to the pfsense, so they can still manage the AP if needed but won't be able to break the happy path.
  • 1
    @SortOfTested "Also block any and all traffic to DNS other than pfsense, and route to your preferred provider" - and that's why admins don't like DoH :/
  • 1
    Packet filtering is packet filtering.
Add Comment