How to block VPN traffic in IPFIRE

Lately, I have seen a lot of negative articles and reports about VPN services and their vulnerabilities,

Last ET Open ruleset update addressing VPN vulnerabilities that I could find was in September 2023

IPFire doesn’t have deep packet inspection and I can’t find any IPS rules but is there another way to block VPN services in case I would decide to block them?

Here are some of the articles if anyone is interested.

Hello,
if you administer IPFire, can i ask you what do you want to achieve with blocking VPN traffic if no VPN on your side is enabled ?

From a OpenVPN perspective spoken, it might be hard to identify VPN traffic even with nDPI if the traffic will be obfuscated or the metadata are encrypted with simple OpenVPN on board tools liek e.g. tls-crypt-v2 → https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt .

Also, a question of interest, which VPN attacks concerns you the most ? Since i could read from your posted papers only from one specific described actual attack (TunnelVision ↔ TunnelCrack) ?

Best,

Erik

Erik, thank you for taking the time and replying to my question.,

Originally, I tried to give BennayB some suggestions about preventing another incident that involved a sophisticated attack by stealing credentials, and I thought an attacker like that might be disguised as a VPN provider. I read somewhere about a VPN service that was basically stealing credentials from unsuspected users .

I was surprised that I couldn’t find any of the ET rules that addressed a VPN service…

But I think I could agree with you that obfuscated traffic is difficult to block with simple rules.

And meanwhile another article was published regarding VPN :slight_smile: )