Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 6153 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble blocking SkyVPN app

maph_

I'm running XG 17.5 and have a policy configured below, but despite my best efforts my users are still able to use SkyVPN.  This is also despite SKyVPN clearly being listed in the Proxy & Tunnel category.  So first, why is it still getting by?  Are my app signatures out of date?

I've reviewed the logs and can't pinpoint the traffic to see what else I might need to block.  It looks like it's masquerading as some Google service?  Has anybody seen this?

 

Web Content

  • Block anonymizers
  • Block P2P

App Control:

  • Block P2P
  • Block Remote Access
  • Block Proxy & Tunnel
  • Deny characteristics = can bypass firewall policy


This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to rfcat_vk

    Hi,

    feeling adventurous I installed SkyVPN on my mac. Downloaded form the Apple Store, but could not connect to he various websites to review it.

    Next, started the app, created a userid and tried to connect. Interesting entries in log viewer. This app connected to sites with classification  of

    1/. educational institution 

    2/. media delivery

    3/. any other site it can find in your favourites or at least it tries to connect to things like forum logins.

     

    On my network SkyVPN failed to connect and repeatedly advised to try different servers, which also failed to connect.

    My XG has reasonably tight DNS settings eg everything must go via the XG DNS with a firewall drop rue for any other DN access attempts.

    Now skyvpn, current iteration uses its own DNS to bypass any blocks you might put in your firewall, so as a result skyvpn on my network failed to connect.

    The above is my results from my limited testing before deleting skyvpn.

    In summary, this week, block all DNS queries from LAN devices to the external network.

    Ian

  • 0 in reply to rfcat_vk

    Thank you Ian, I did just that shortly before you put this together.  This particular network was a BYOD network, compromised mostly of mobile phones.  The DHCP scope uses CloudFare's 1.1.1.1 for DNS.   I noticed the rule had DNS service open to any WAN source.  I limited it to 1.1.1.1 and 8.8.8.8.  SkyVPN is now squashed.