How to Block VPN and Encrypted DNS?

So,… I’ve set rules to block access to some bad domains but some users (connected to AX1800) could STILL access to bad domains (Meaning they either use VPNs and use DNS encryption in their phones etc)

  1. How to block client VPNs?
  2. How to Restrict Client DNS encryption (TLS, DNSCrypt, QUIC etc) at protocol level?

If these features are not present in current firmware versions, is there any possibility of such features in 4.xx versions? hoping that there will be some kind of SSL defaults on new OpenWRTs???

To block in protocol level, need DPI tools which are not present in the router.

Google DPI openwrt to find some reference.

1 Like

At least, you can try blocking all the VPN ports via LuCI → Firewall → Traffic Rules:

DNS over TLS uses Port 853, but DNS over DNSCrypt and QUIC use Port 443 that should not be blocked.

I do not work for and I am not directly associated with GL.iNet

1 Like