How to block VPN on Wifi Routers

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

How to block VPN on Wifi Routers

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to block VPN on Wifi Routers
How to block VPN on Wifi Routers
2019-08-21 17:57:45 - last edited 2021-11-26 07:26:39
Model: TL-WR840N  
Hardware Version:
Firmware Version:

There is someone using the wifi and this person is using VPN to bypass all the restrictions and using blocked websites. How can I block all access by VPN on the router?

  13      
  13      
#1
Options
1 Accepted Solution
Re:How to block VPN on Wifi Routers-Solution
2019-08-22 06:41:23 - last edited 2021-11-26 07:26:39

@Autumn13 

 

Hi, the TL-WR840N does not support VPN server while it supports VPN passthrough.

VPN Pass-Through PPTP, L2TP, IPSec (ESP Head)

 

For the devices using VPN, there is no way to block them on the router unless you figure out what they are; or you can try to disable the VPN passthrough, then theoretically even though they connect to the VPN server, the data packets cannot pass through the router. 

 

You can check it under Security-basic security-VPN page.

 

Best regards. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  2  
  2  
#2
Options
17 Reply
Re:How to block VPN on Wifi Routers-Solution
2019-08-22 06:41:23 - last edited 2021-11-26 07:26:39

@Autumn13 

 

Hi, the TL-WR840N does not support VPN server while it supports VPN passthrough.

VPN Pass-Through PPTP, L2TP, IPSec (ESP Head)

 

For the devices using VPN, there is no way to block them on the router unless you figure out what they are; or you can try to disable the VPN passthrough, then theoretically even though they connect to the VPN server, the data packets cannot pass through the router. 

 

You can check it under Security-basic security-VPN page.

 

Best regards. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
Recommended Solution
  2  
  2  
#2
Options
Re:Re:How to block VPN on Wifi Routers
2019-08-22 23:19:16 - last edited 2019-08-22 23:20:03

@Kevin_Z 

 

Hello, I have disabled PPTP Pass-through, L2TP Pass-through, and IPSec Pass-through, however, VPN can still be used on the server to use the blocked websites.

  1  
  1  
#3
Options
Re:Re:How to block VPN on Wifi Routers
2019-12-06 03:03:36

@Autumn13 

Have you figured this out? I am having the same issue and need to block vpn traffic.

 

AC5400

 

  5  
  5  
#4
Options
Re:Re:How to block VPN on Wifi Routers
2019-12-08 14:39:08
If you know the MAC address, can you block the device?
  0  
  0  
#5
Options
Re:Re:How to block VPN on Wifi Routers
2019-12-08 15:49:06

@ArcherC8 

 

ArcherC8 wrote

If you know the MAC address, can you block the device?

 

Yes, I can block the device, but that is not the solution in my case. I want to allow access but block VPN traffic as VPN allows them to completyely bypass the Parental rules on the router. 

  11  
  11  
#6
Options
Re:How to block VPN on Wifi Routers
2019-12-08 22:00:16

Try blocking outbound traffic directed to UDP port 500.  This should prevent an IPSEC VPN from authenticating.

You may also try blocking UDP port 4500.

 

 

  0  
  0  
#7
Options
Re:How to block VPN on Wifi Routers
2019-12-08 22:59:52

 

Zaphod66 wrote

Try blocking outbound traffic directed to UDP port 500.  This should prevent an IPSEC VPN from authenticating.

You may also try blocking UDP port 4500.

 

 

@Zaphod66 

 

Unfortunately, the firewall settings are extremely primitive on my ArcherC5400 v2.0. I do not see how to put in any FW rules. See the attached screenshot. 

 

  1  
  1  
#8
Options
Re:How to block VPN on Wifi Routers
2019-12-09 08:00:48 - last edited 2019-12-09 08:02:56

@AshAsh this looks very similar to my AC2300.

Have a look at my answer about this on the AC2300 VPN thread:

https://community.tp-link.com/en/home/forum/topic/171132?replyId=380000

  2  
  2  
#10
Options
Re:How to block VPN on Wifi Routers
2019-12-09 15:31:05

@Zaphod66 Thanks, This is great info. I will give it a try and report back.

 

A couple of points:

 

# 1. I did disable IPsec Passthrough along with PPTP Passthrough and L2TP Passthrough under NAT Forwarding > Application Layer Gateway (ALG), but they were still able to establish VPN connection. The tool they are using (ProtonVPN) seemed to find a way around these. I mention this since I read blocking UDP 500 is intended to block IPSec. Will try anyway and see if it gives better results

 

# 2. Any other ports to block besides 500? I saw somebody mention others like 2500. Any insights?  

 

#3. I do use VPN for work. I will need to ensure this does not block my work VPN.

  3  
  3  
#11
Options
Re:How to block VPN on Wifi Routers
2020-01-08 07:17:42

@Autumn13 

I have the same model and I am having the same problem

  0  
  0  
#12
Options