Blocked Android Clients still accessing by VPN

Berihun_Addis1
Here to help

Blocked Android Clients still accessing by VPN

Blocked Android Clients still accessing My network  by VPN like Psiphon  in my Cisco Meraki devices .How can I still blocking even using this VPN in-order to prevent unauthorized clients?

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Unfortunately it is not possible to apply group policies to the VPN client until they are connected to the VPN.

 

So the only option is to try to apply it after it connects. It's not the best solution, but it should work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

Not sure if this is about client vpn or users on wifi. But if you dont want devices on your network you should use access control with something like a radius server

PhilipDAth
Kind of a big deal
Kind of a big deal

If I understand correctly you have Android clients bypassing security controls by using an anonymizing VPN?  Have I understood correctly?

 

Some of these VPNs can be really hard to block.

 

Start by trying to block the content category "Filter Avoidance".

PhilipDAth_0-1702836851713.png

If that is not enough, you'll need to Google for measures others have used to specifically block whatever VPN you are targetting.  Often there will be a DNS name (such as the system used to log into the VPN) that can be targetted.

 

I think Psiphon often uses DNS ports, so you might need to block all access to port 53 except for the specific configured name servers that the users are allowed to use.

 

 

 

Get notified when there are additional replies to this discussion.