Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 5369 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN passes through HTTP Proxy

varet
Good evening,

I have a problem with my users and i cannot find any way to stop it.

So the problem is this:

I have blocked everything (anonymizers, remote access and other similar services)
I have only the port 80 accessible from users and only TCP

The problem is that they pass my firewall using VPN Solution like OpenVPN by enabling the HTTP Proxy on VPN app.
Using an HTTP "Tunneling" to another system they open any url.

Is there any way to Cut these services? (without using the bad way)


This thread was automatically locked due to age.
  • 0
    Try blocking "uncategorized sites" as well in the Content filter...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Also, you might want to create a new category with just Anonymizers and block that.

    Please let us know how you solve your problem.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Nice suggestions.
    But my problem is that They can pass anything through tunneling and the second question is if i can block specific kind of Traffic.

    Also is there any guide that will help me to recognize these Sites?
  • 0
    Uncuttegorized  sites cutted many things that made me running arround.
    Anonymizers are blocked but
    Users are smart

    Using home dsl connection are running OpenVPN and passing through my FW.
    I Want to cut the HTTP CONNECT from proxy. Any suggestion?

    The second way is:
    Login to google translate and then use them as transparent proxy!
    For Example: 
    http://translate.google.com/translate?hl=en&sl=fr&tl=en&u=facebook.com

    Target language is the language you use! and voila! you passed it!
  • 0
    My configuration blocks "Drugs" and I cannot reach http://www.marijuana.com/ directly - it also is blocked when I attempt to access it via translate.google.com.

    To block OpenSSL VPN, you need to force browser traffic through the proxy in one of the non-transparent modes and eliminate the packet filter rule allowing other HTTPS traffic.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    actually you eliminate the packet filter rule for http traffic AND put the proxy in transparent mode.  The transparent proxy can't pass http and if you don't have an https allowance int he firewall it's dead.  You can then build rules for whichever https sites you really need.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Hmmm, I'm sure that you idea works, William, but I was thinking that the proxy would allow browsers to use HTTPS while preventing internal devices from establishing SSL VPNs.

    How could OpenSSL be configured to use port 8080 to establish an SSL tunnel - is that possible?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    it sure is..it's very easy in astaro and not too hard in other openvpn implementations.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    Interesting thought though; in old version of ASG, you could block the CONNECT http method separately from other settings... maybe they need to bring that back?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    BrucekConvergent That is what i need.
    The HTTP CONNECT is what i need to cut.
    Also Using The Google analytics and translate they can pass it
    other way to pass it is through images.google.com

    I am still on research.
Cookie Information Banner