I created filter rule such as blocking youtube, facebook. But when running a hotspot shield and psiphon application in a computer or mobile these sites can be accessed. So now I want to block pptp and vpn. If anyone knows please share the solution.
Block dst-ports udp 1194, 1701,500,4500 (OpenVPN, L2TP, IPsec-IKE, IPsec-IKE-NAT) and tcp 1723, 1194 (PPtP control channel, OpenVPN) in forward chain - this covers most common VPN access.
You could additionally block GRE, IPsec-esp and IPsec-ah protocols in the same chain.
As Psiphon is using common ports used for “normal” internet use, I’m afraid you can’t do much about this.
You could redirect dst-ports 80 and 8080 to your local proxy as well as redirecting all DNS traffic on udp/53 and tcp/53 directly to your own DNS.
I’m afraid you can’t do much about SSTP (tcp/443) vpn.
-Chris