It takes some fairly deep packet inspection to 'block' an openvpn server running in TCP mode (not the default UDP) on port 443. I have an openvpn instance for just this purpose, in case I get stuck somewhere like a wifi captive portal in an airport lounge behind an overly restrictive firewall.
On Mon, Jan 4, 2016 at 12:55 PM, Justin Wilson <li...@mtin.net> wrote: > > http://www.tomshardware.com/answers/id-2084381/blocking-vpn-students-blocked-websites.html > > > > Justin Wilson > j...@mtin.net > > --- > http://www.mtin.net Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com COO/Chairman > > On Jan 4, 2016, at 3:48 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: > > As an ISP why are you wasting your time 'blocking' anything other than > standard ACLs like port 139/windows file sharing? It's not your duty or > responsibility. If people want to implement their own firewall at their > self-owned router/CPE, let them, or if they want to buy some net nanny > software for their end point device, that's their responsibility. > > An ISP is a* pipe*. > > On Mon, Jan 4, 2016 at 7:42 AM, Nate Burke <n...@blastcomm.com> wrote: > >> We're dealing with a customer who is trying to block porn from their >> house. The person who has the 'problem' is tech savvy, and is using VPN >> Services. Is there any way to block someone like this? I'm guessing any >> content filtering wouldn't work because the VPN is terminating on the >> computer behind the router. Any sort of IP or DNS Block they would be able >> to bypass. Is there any way to stop a tech person from getting what they >> want? Right now our only thought is to put in like a 10k/s queue on their >> connection during the overnight hours. Other options? >> > > >