Home

Forums

Stories

Knowledge Base

Home Network Community > Wi-Fi Routers > How to block VPN on Wifi Routers

< Wi-Fi Routers

How to block VPN on Wifi Routers

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to block VPN on Wifi Routers

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Autumn13

2019-08-21 17:57:45 - last edited 2021-11-26 07:26:39

Posts: 2

Helpful: 14

Solutions: 0

Stories: 0

Registered: 2019-08-21

How to block VPN on Wifi Routers

2019-08-21 17:57:45 - last edited 2021-11-26 07:26:39

Model: TL-WR840N

Hardware Version:

Firmware Version:

There is someone using the wifi and this person is using VPN to bypass all the restrictions and using blocked websites. How can I block all access by VPN on the router?

1 Accepted Solution

Kevin_Z

2019-08-22 06:41:23 - last edited 2021-11-26 07:26:39

Posts: 21587

Helpful: 5042

Solutions: 2543

Stories: 21

Registered: 2018-12-24

Re:How to block VPN on Wifi Routers-Solution

2019-08-22 06:41:23 - last edited 2021-11-26 07:26:39

@Autumn13

Hi, the TL-WR840N does not support VPN server while it supports VPN passthrough.

VPN Pass-Through	PPTP, L2TP, IPSec (ESP Head)

For the devices using VPN, there is no way to block them on the router unless you figure out what they are; or you can try to disable the VPN passthrough, then theoretically even though they connect to the VPN server, the data packets cannot pass through the router.

You can check it under Security-basic security-VPN page.

Best regards.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.

Recommended Solution

Autumn13

LV1

2019-08-22 23:19:16 - last edited 2019-08-22 23:20:03

Posts: 2

Helpful: 14

Solutions: 0

Stories: 0

Registered: 2019-08-21

Re:Re:How to block VPN on Wifi Routers

2019-08-22 23:19:16 - last edited 2019-08-22 23:20:03

@Kevin_Z

Hello, I have disabled PPTP Pass-through, L2TP Pass-through, and IPSec Pass-through, however, VPN can still be used on the server to use the blocked websites.

AshAsh

LV1

2019-12-06 03:03:36

Posts: 4

Helpful: 20

Solutions: 0

Stories: 0

Registered: 2019-12-06

Re:Re:How to block VPN on Wifi Routers

2019-12-06 03:03:36

@Autumn13

Have you figured this out? I am having the same issue and need to block vpn traffic.

AC5400

ArcherC8

LV5

2019-12-08 14:39:08

Posts: 2110

Helpful: 841

Solutions: 49

Stories: 0

Registered: 2018-11-05

Re:Re:How to block VPN on Wifi Routers

2019-12-08 14:39:08

If you know the MAC address, can you block the device?

AshAsh

LV1

2019-12-08 15:49:06

Posts: 4

Helpful: 20

Solutions: 0

Stories: 0

Registered: 2019-12-06

Re:Re:How to block VPN on Wifi Routers

2019-12-08 15:49:06

@ArcherC8

ArcherC8 wrote

If you know the MAC address, can you block the device?

Yes, I can block the device, but that is not the solution in my case. I want to allow access but block VPN traffic as VPN allows them to completyely bypass the Parental rules on the router.

Zaphod66

LV1

2019-12-08 22:00:16

Posts: 12

Helpful: 9

Solutions: 0

Stories: 0

Registered: 2019-11-29

Re:How to block VPN on Wifi Routers

2019-12-08 22:00:16

Try blocking outbound traffic directed to UDP port 500. This should prevent an IPSEC VPN from authenticating.

You may also try blocking UDP port 4500.

AshAsh

LV1

2019-12-08 22:59:52

Posts: 4

Helpful: 20

Solutions: 0

Stories: 0

Registered: 2019-12-06

Re:How to block VPN on Wifi Routers

2019-12-08 22:59:52

Zaphod66 wrote

Try blocking outbound traffic directed to UDP port 500. This should prevent an IPSEC VPN from authenticating.

You may also try blocking UDP port 4500.

@Zaphod66

Unfortunately, the firewall settings are extremely primitive on my ArcherC5400 v2.0. I do not see how to put in any FW rules. See the attached screenshot.

Zaphod66

LV1

2019-12-09 08:00:48 - last edited 2019-12-09 08:02:56

Posts: 12

Helpful: 9

Solutions: 0

Stories: 0

Registered: 2019-11-29

Re:How to block VPN on Wifi Routers

2019-12-09 08:00:48 - last edited 2019-12-09 08:02:56

@AshAsh this looks very similar to my AC2300.

Have a look at my answer about this on the AC2300 VPN thread:

https://community.tp-link.com/en/home/forum/topic/171132?replyId=380000

#10

AshAsh

LV1

2019-12-09 15:31:05

Posts: 4

Helpful: 20

Solutions: 0

Stories: 0

Registered: 2019-12-06

Re:How to block VPN on Wifi Routers

2019-12-09 15:31:05

@Zaphod66 Thanks, This is great info. I will give it a try and report back.

A couple of points:

# 1. I did disable IPsec Passthrough along with PPTP Passthrough and L2TP Passthrough under NAT Forwarding > Application Layer Gateway (ALG), but they were still able to establish VPN connection. The tool they are using (ProtonVPN) seemed to find a way around these. I mention this since I read blocking UDP 500 is intended to block IPSec. Will try anyway and see if it gives better results

# 2. Any other ports to block besides 500? I saw somebody mention others like 2500. Any insights?

#3. I do use VPN for work. I will need to ensure this does not block my work VPN.

#11

Shivam_Chauhan

LV1

2020-01-08 07:17:42

Posts: 1

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2020-01-08

Re:How to block VPN on Wifi Routers

2020-01-08 07:17:42

@Autumn13

I have the same model and I am having the same problem

#12

How to block VPN on Wifi Routers

How to block VPN on Wifi Routers

Information

Voters 1

Tags