Force vpn clients through url filter

Like the title says, my clients behind my ipfire goes through the url filter but not the vpn clients, I have blocked url’s that are not blocked for vpn clients…

Hi,

in order to be able to help you, please post the following information:

  • What kind of VPN are the clients using? IPsec or OpenVPN?
  • What do your firewall rules look like?
  • What does your proxy configuration look like?
  • What does your OpenVPN/IPsec configuration look like?
  • Do the VPN clients have the proxy configured in their browsers or operating systems?

Thanks, and best regards,
Peter Müller

1 Like

Android OpenVPN I have the DNS IP being pushed to clients, and if I check their OpenVPN logs it does show the IPFire DNS IP.

I have one rule set up to force everyone that is on the network to use IPFIRE’s DNS port 53

I have transparent and hard coded proxy turned on, with url filter blocking ads, clients with hard coded DNS IP and transparent can connect to the internet, ( even though the transparent clients, still get ads)
my vpn clients have the proxy ip in their devices (Android phones), but are still getting ads, BUT if they are behind the firewall not using the VPN (using wifi), they will not get ads in their browsers.

Thanks for any suggestions.

Hi,

sigh, I was hoping for screenshots. :expressionless: Well, let’s try anyway…

This is a limitation of the web proxy: HTTPS destinations will not be filtered if the proxy is set into transparent mode. This is because TLS cannot be intercepted and modified transparently - that’s what transport encryption is for, isn’t it? :wink:

I think it makes sense to disable the transparent proxy completely in your scenario.

Are the clients allowed to access the internet directly? If so, you must drop such traffic, to enforce any web pages can only be accessed through IPFire’s proxy.

Thanks, and best regards,
Peter Müller