This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

How can a school block students from using Firefox Private Network VPN?

  • 3 uphendule
  • 1 inale nkinga
  • 1 view
  • Igcine ukuphendulwa ngu cor-el

more options

I'm looking to block it via a corporate firewall, but I cannot find any list of IP networks or DNS names to block as the school uses BYOD for students (K-8). I do see that it uses cloudflare for their DNS servers but blocking cloudflare is not an option (NOTE: I found this out by using dnsleaktest.com while using firefox in Private Network mode). Thanks in advance for your help.

I'm looking to block it via a corporate firewall, but I cannot find any list of IP networks or DNS names to block as the school uses BYOD for students (K-8). I do see that it uses cloudflare for their DNS servers but blocking cloudflare is not an option (NOTE: I found this out by using dnsleaktest.com while using firefox in Private Network mode). Thanks in advance for your help.

All Replies (3)

more options
more options

Hi, SkyBlue. Thanks for replying. According to this ( https://support.mozilla.org/en-US/questions/1268686 ), FPN does not use DoH. In our school environment, we use SSL inspection for the internal networks, but do not on the Guest network. I'm looking specifically for what FPN does or connects to for the VPN feature, and how that can be blocked. When I connect to FPN, it gets a Cloudflare IP, and uses Cloudflare DNS servers for name resolution (according to tests run at dnsleaktest[dot]com (see attached image)). I'm thinking what I need is a list of Cloudflare's VPN servers, so I can block those, without blocking websites that are hosted behind Cloudflare's infrastructure.

EDIT: This is not a problem on our internal networks where SSL inspection is used, just on our Guest network which is available to all, including students.

Okulungisiwe ngu GotSQL

more options

Maybe block access to 1.1.1.1 as that is used to initialize the DSN server and prevent to get a link to a server in the vicinity.