Block VPN connections


On our home router we are using NextDNS over TLS to filter out inappropriate content. The “Override DNS Settings for All Clients” option is enabled to make sure it won’t be bypassed by simply changing their local DNS.

In addition, we also run a VPN (WireGuard protocol) for privacy.

Using NextDNS the VPN websites are already blocked, but if installed, their VPN connection overrides all settings.

Thus my question :slight_smile:
Is it possible to completely block all VPN traffic, except for the one I’m running on the router itself?

Many people want this but it is not possible without IDS. Gl-iNet do not provide IDS.

1 Like

Hey, thanks for the reply!

That’s too bad. Would IPS also work?

Looks like that’s planned to be added in firmware V4

Ha! Look at Pfsense.

You can try this:

I was able to add a LAN-to-any-zone Traffic Rule to block the NordVPN app on a client device from connecting over TCP, UDP and NordLynx (WireGuard), with WireGuard still running on my GL-MV1000W Brume-W router. However, it seems that the NordVPN app may use alternate ports that have to be blocked also, not only the standard VPN ports.

I do not work for and I am not directly associated with GL.iNet