How to block VPN on Wifi Routers
How to block VPN on Wifi Routers

There is someone using the wifi and this person is using VPN to bypass all the restrictions and using blocked websites. How can I block all access by VPN on the router?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content

Hi, the TL-WR840N does not support VPN server while it supports VPN passthrough.
| VPN Pass-Through | PPTP, L2TP, IPSec (ESP Head) | 
|---|
For the devices using VPN, there is no way to block them on the router unless you figure out what they are; or you can try to disable the VPN passthrough, then theoretically even though they connect to the VPN server, the data packets cannot pass through the router.
You can check it under Security-basic security-VPN page.
Best regards.
- Copy Link
- Report Inappropriate Content

Hi, the TL-WR840N does not support VPN server while it supports VPN passthrough.
| VPN Pass-Through | PPTP, L2TP, IPSec (ESP Head) | 
|---|
For the devices using VPN, there is no way to block them on the router unless you figure out what they are; or you can try to disable the VPN passthrough, then theoretically even though they connect to the VPN server, the data packets cannot pass through the router.
You can check it under Security-basic security-VPN page.
Best regards.
- Copy Link
- Report Inappropriate Content
Hello, I have disabled PPTP Pass-through, L2TP Pass-through, and IPSec Pass-through, however, VPN can still be used on the server to use the blocked websites.
- Copy Link
- Report Inappropriate Content
Have you figured this out? I am having the same issue and need to block vpn traffic.
AC5400
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Try blocking outbound traffic directed to UDP port 500. This should prevent an IPSEC VPN from authenticating.
You may also try blocking UDP port 4500.
- Copy Link
- Report Inappropriate Content
Zaphod66 wrote
Try blocking outbound traffic directed to UDP port 500. This should prevent an IPSEC VPN from authenticating.
You may also try blocking UDP port 4500.
Unfortunately, the firewall settings are extremely primitive on my ArcherC5400 v2.0. I do not see how to put in any FW rules. See the attached screenshot.

- Copy Link
- Report Inappropriate Content
@AshAsh this looks very similar to my AC2300.
Have a look at my answer about this on the AC2300 VPN thread:
https://community.tp-link.com/en/home/forum/topic/171132?replyId=380000
- Copy Link
- Report Inappropriate Content
@Zaphod66 Thanks, This is great info. I will give it a try and report back.
A couple of points:
# 1. I did disable IPsec Passthrough along with PPTP Passthrough and L2TP Passthrough under NAT Forwarding > Application Layer Gateway (ALG), but they were still able to establish VPN connection. The tool they are using (ProtonVPN) seemed to find a way around these. I mention this since I read blocking UDP 500 is intended to block IPSec. Will try anyway and see if it gives better results
# 2. Any other ports to block besides 500? I saw somebody mention others like 2500. Any insights?
#3. I do use VPN for work. I will need to ensure this does not block my work VPN.
- Copy Link
- Report Inappropriate Content
I have the same model and I am having the same problem
- Copy Link
- Report Inappropriate Content

Information
Helpful: 20
Views: 67224
Replies: 17
Voters 1



