This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block VPN apps?

Hi all,

I have a XG 550. I would like to block VPN apps like X-VPN, UltraVPN or something like that.
I created an application filter policy following this guide https://community.sophos.com/kb/en-us/123108

I also block all proxy and VPN app listed in Application Filter Criteria.

But user still can use X-VPN to bypass the XG.
My XG running 16.05.8.

Please give me some advice.
Thank you.



This thread was automatically locked due to age.
  • Hi ,

    I shall try to re-create this issue and update this thread.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Create an Application Filter policy with below details :

     

    1. Block 'Proxy and Tunnel' category.

    2. Block Category - Category = ALL except Proxy and Tunnel, Characteristics = Can bypass firewall policy.

    3. Block 'DNS Multiple QNAME'.

     

    Web Filter - Block Anonymizers, Peere-to-Peer on HTTP, HTTPS.

     

    Create a Test rule on top for one machine and apply this. Keep on top of even DNS rule. 

     

    If it doesn't work, go to console and increase max packets to 100.

    set ips maxpkts 100

     

    Let us know if it works.

     

  • Thanks for your advice.
    I did it but it won't help. It can block other VPN apps like FastVPN, UltraVPN but can't block X-VPN.
    I see that X-VPN use 7 protocols. After adjusting the policy following your instruction, XG just block 2 of those 7. And then X-VPN connected with the 3rd protocol. 

  • I am also facing this challenge to block X-VPN.

    There hasn't been any further updates on how to completely block X-VPN, any further suggestions on how to permanently block this VPN?

     

    Thanks kindly,

  • Protocol C and E will still be blocked because they use TLS  TCP 443. I reversed the app and saw it creating a local host. You can find this by opening x-Vpn on Mac and visiting 127.0.0.1:4001. Also, I have detected that blocking IP addresses does not work due to its multi hop technology. I know the dns is 114.114.114.114 if that helps. Contact me or reply if you need more info.

  • Has anyone thought of telling your employees that using this application is against company policy and they will be sacked.

    Please apply some commonsense here, firewall can fo many things but not overcome human stupidity, like putting the business at risk by using unsecured applications.

    Ian

    Xeon 1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP

    XG115W - v18.5.2

  • Hey,

    I’m actually a student 16, I have partnered up with school (sort of employed) in order to block this VPN at school.

  • Hi,

    the school really should employ a specialist consultant. I am not doubting your ability or experience or even your future business skills.

    Does the school have https scanning enabled? Does the school use or allow google apps and other search engines. Do you have enforce safe search enabled?

    Reading about X-VPN shows it uses a lot of search engine functions, so by blocking advertisements etc might help?

    Ian

    Xeon 1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP

    XG115W - v18.5.2

  • Hey, our school has employed a number of security and IT specialists. They work with a company called Linewise which claims to filter SSL and HTTPS. They are unable to block X-VPN. Also let me know if SkyVPN and Psiphon VPN work on your network.

    School needs to allow google apps because most of our learning is based around school. X-VPN uses api URLs such as 8v9m.com and tubnet.com I can provide a list if needed as giving this to my IT hasn’t really resulted in any success. Safe search is enabled.

    Even deompliling their iOS app, android app and their Mac and chrome extension, I was able to find a premium server list. Blocking IPs don’t even work and since using their method called pretendauthtls they work similar to openvpn ssl meaning it is difficult to detect.

  • Hi,

    I have been experimenting with my firewall rules.

    You  need a two pronged approach:-

    1/. web filter rule - xvpn.io and x-vpn.io deny

    2/. you need an application rule blocking proxy and tunnel as well as p2p sites.

     

    If you need specifics I will copy my rules for you. Mind you I think I have broken neighbours work tunnel. I will build a new set application rues for my specific access.

    Ian

    Xeon 1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP

    XG115W - v18.5.2