Hello
Experience difficulty to how can block " psiphon vpn"
if any one have idea please share it here .
Thank you
regards
yes i meaning that,,That you mean: https://psiphon.ca/index.html ? I do not know why but you can block with firewall all psiphon IP-address.
in my companyWhat you mean "drop from Mikrotik servers"?
If you want block some service please block all protocol and port connect to dst-address (phipson servers). I do not understand why you block only one VPN Service. I think it very difficult block because service uses multiple IP-address pool.
Thank you for your replyOnce you have succeeded in blocking psiphon vpn the people will find another vpn that you have not blocked.
The best way to avoid such situations is make them sign a contract that forbids the activities you do not like
to see in your company, so you can fire them when they breach it.
All technical measures will fail sooner or later, certainly when you allow direct (NAT-)routing to internet from your
user's systems. They only way you can sort of keep things under control is by running a proxy and forcing
the users through it, but even then it will have to be a more advanced proxy than is available in a MikroTik
router when you want to block everything. And it will be a dayjob to monitor and reconfigure it to track the
changes in available software and tricks that occurs over time.
I can not control my staff after using the program to open the social communication sites so i need to block the famous programs of vpn.The less you block, the less headache you will have. You should not BLOCK the services, but make good, reliable, reasonable policies regarding internet usage.
Do not let the disability of manager who cannot "control" the productivity of their employees to have you solved by "technical" means.
This issue (blocking of social media, VPN etc...) is higher than the technical solution. This should be discussed and taken care of at higher management layers.
If you block social media because the employees "sit the entire day on Facebook".... etc.... then it is a management problem not technical.
Remember one thing you can't fully or 100% stop the vpn program. bcoz of vpn program always searching & change the way from old destination or port.I can not control my staff after using the program to open the social communication sites so i need to block the famous programs of vpn.The less you block, the less headache you will have. You should not BLOCK the services, but make good, reliable, reasonable policies regarding internet usage.
Do not let the disability of manager who cannot "control" the productivity of their employees to have you solved by "technical" means.
This issue (blocking of social media, VPN etc...) is higher than the technical solution. This should be discussed and taken care of at higher management layers.
If you block social media because the employees "sit the entire day on Facebook".... etc.... then it is a management problem not technical.
Regards
Yes my friendRemember one thing you can't fully or 100% stop the vpn program. bcoz of vpn program always searching & change the way from old destination or port.I can not control my staff after using the program to open the social communication sites so i need to block the famous programs of vpn.The less you block, the less headache you will have. You should not BLOCK the services, but make good, reliable, reasonable policies regarding internet usage.
Do not let the disability of manager who cannot "control" the productivity of their employees to have you solved by "technical" means.
This issue (blocking of social media, VPN etc...) is higher than the technical solution. This should be discussed and taken care of at higher management layers.
If you block social media because the employees "sit the entire day on Facebook".... etc.... then it is a management problem not technical.
Regards
Thank you but should the social media block in companyDo you really think, that after you block the VPN program the employees will be brave, and honest, and will NEVER EVER use VPN anymore?
I can give you 100% guarantee: THEY WILL look for an alternative. Like OpenVPN, which even bypasses the great (fire) wall of China, Bhutan, Oman and other countries with very very strict control of VPN on COUNTRY level with very heavy (=expensive) equipment.
So do not think you can stop VPN with Mikrotik. No Way. Better to leave it open to use Facebook etc...