Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
I can't block FreeVPN app for Mac using Zenarmor Blacklist
« previous
next »
Print
Pages: [
1
]
Author
Topic: I can't block FreeVPN app for Mac using Zenarmor Blacklist (Read 1981 times)
Big
Newbie
Posts: 1
Karma: 0
I can't block FreeVPN app for Mac using Zenarmor Blacklist
«
on:
May 29, 2022, 04:51:51 pm »
Hi. I have tried blocking FreeVPNapp which is an app my daughter has found to bypass Zenarmor controls which isnt included as one of their proxy/VPN filters.
Their URL is freevpnapp [dot] org
I tried identifying their IP ranges and added them to the blacklist but I am still able to connect and will still get one of the IPs within the blacklisted range.
146.0.32.0/20
185.184.192.0/22
190.2.128.0/20
37.59.0.0/16
5.199.128.0/20
Despite adding these to the blacklist, I still got the IP 5.199.133.138 when using the APP. unfortunately this makes most of the Zenarmor redundent if she can bypass it this easily.
Does anyone have any suggestions for blocking this app?
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: I can't block FreeVPN app for Mac using Zenarmor Blacklist
«
Reply #1 on:
May 31, 2022, 09:30:20 am »
Well first if you have admin account on your daughters Mac, uninstall the VPN app, then go to System prefrences, user accounts and make sure your daughters account has no admin privledges. That way your daughter won't be able to install anything, without knowing admin account password. You can also call apple customer service, and ask how to do that and activate parental controls on app store.
If you don't want to do that or can't, then you'll need either proxy or simple firewall rules.
Go to Firewall ---> Aliases and create new alias. Give it a name, under type, select network(s) and network ranges to content field. then tap statistics and save, after that select save changes.
Then fun part starts
Next go to Firewall ---> Rules and select LAN.
Create new rule,
Action is block and interface is LAN, direction is "in" and TCP/IP version is IPv4.
Source is LAN net
, Destination is name of the alias you created earlier, destination port range is any.
Tap log, give category name (for example "Deny") and give a description (for example "daughters VPN").
Source OS is any, Schedule is none and gateway is default.
After that, select save and move that new rule above "Allow all" rule (or just on top of the rule list) and choose apply changes.
Next clone the rule, and change source from
"LAN network"
to the Alias you created and destination from Alias you created to
"LAN network"
, save and apply changes.
Repeat same for all networks, but just bolded part need to be changed to network you are creating the rule for (so if you create the rule for WAN, then bolded parts are WAN and so on).
After that you can test if it works.
Also make sure that block rules are above any allow rules (by default, firewall blocks rules are ignored if there are any allow rules above them, which ignore or include same aliases and/or aliases with same IPs, for example Allow all will ignore any block rules below it).
If that doesn't work, then first backup your OpnSense and check the guide on how to create a proxy on Opnsense. Read it VERY carefully, it will block ANY connection, which isn't whitelisted (including windows and Mac OS updates), so one wrong setting, and you will have to reset the firewall to factory defaults and activate backup.
Proxy should be last resort, because then you need to add EVERYTHING (games, youtube, netflix etc.) to whitelist and it can be quite a handfull to do. Also your daughter might give you a new title of Nazi dad
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: I can't block FreeVPN app for Mac using Zenarmor Blacklist
«
Reply #2 on:
May 31, 2022, 10:45:33 am »
Now there might be simpler way to block that if you have paid license to Zenarmor.
From Zenarmor settings, go to policies, and add advertisements on apps and web section to be blocked (app in question is free only if you allow adds).
Also you can try my favourite method of preventing Netflix being accessed when it shouldn't be
https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
I can't block FreeVPN app for Mac using Zenarmor Blacklist