How can a school block students from using Firefox Private Network VPN?
I'm looking to block it via a corporate firewall, but I cannot find any list of IP networks or DNS names to block as the school uses BYOD for students (K-8). I do see that it uses cloudflare for their DNS servers but blocking cloudflare is not an option (NOTE: I found this out by using dnsleaktest.com while using firefox in Private Network mode). Thanks in advance for your help.
All Replies (3)
Hello, Take a look at this Firefox article.
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
Hi, SkyBlue. Thanks for replying. According to this ( https://support.mozilla.org/en-US/questions/1268686 ), FPN does not use DoH. In our school environment, we use SSL inspection for the internal networks, but do not on the Guest network. I'm looking specifically for what FPN does or connects to for the VPN feature, and how that can be blocked. When I connect to FPN, it gets a Cloudflare IP, and uses Cloudflare DNS servers for name resolution (according to tests run at dnsleaktest[dot]com (see attached image)). I'm thinking what I need is a list of Cloudflare's VPN servers, so I can block those, without blocking websites that are hosted behind Cloudflare's infrastructure.
EDIT: This is not a problem on our internal networks where SSL inspection is used, just on our Guest network which is available to all, including students.
Okulungisiwe
Maybe block access to 1.1.1.1 as that is used to initialize the DSN server and prevent to get a link to a server in the vicinity.