Page 1 of 1

Firewall policy blocking VPNs

Posted: Tue Dec 11, 2018 10:36 am
by aaronrsmith
The firewall policy that blocks some VPNs unfortunately also blocks VPNs now used for web filtering on cellular phones. For example, both Verizon Smart Family and CircleGo by Disney use a VPN to monitor and limit data from a mobile device, whether on cellular or Wi-Fi.

The result is that I have to remove all filtering from my children's devices for gospel library to be able to download content at church. My son just had an issue playing the kahoot online learning game in seminary for the same reason.

While a VPN could be used to bypass filtering, so can DNS-over-https. Perhaps the VPN restriction could be relaxed?

Does anyone else have this issue?

Aaron

Re: Firewall policy blocking VPNs

Posted: Thu Dec 13, 2018 10:12 am
by JamesAnderson
I had not heard of those parental control and filtering options, it looks like they may be running through a particular IP so it looks like the problem reported early on with Chromecast devices as they needed a particular IP setting to work.

Another filtering option is the free K( Web Protection, uses a modified Firefox browser that can be set as the default browser, takes a little work but is doable. I have found also that it is the very best defense against web and internet nasties around right now, but that is not to dismiss the capabilities of the others you mentioned, but they are newer so they may not be picking everything up at present.

Re: Firewall policy blocking VPNs

Posted: Thu Dec 13, 2018 10:13 am
by JamesAnderson
Ooops, K( should have been 'K9'

Re: Firewall policy blocking VPNs

Posted: Fri Dec 14, 2018 1:21 pm
by sbradshaw
Are you sure it's the meetinghouse firewall, as opposed to the Verizon or Disney filtering services, that blocks Gospel Library content? For example, T-Mobile's Web Guard blocks the Church's content servers. Others may too.

Re: Firewall policy blocking VPNs

Posted: Fri Dec 14, 2018 1:35 pm
by JamesAnderson
The CDN angle is reasonable now given you can set up Amazon S3 accounts as a sort of personal CDN, they are often used to dispense all kinds of video content, and some CDNs, including Amazon, are widely abused to emit all manner of nefarious and otherwise undesireable content.

Something could be done on the Church level to work with providers to unblock things from the Church CDNs as that is definitely single-purpose versus commercial ones such as Amazon S3, etc.

Re: Firewall policy blocking VPNs

Posted: Sun Jan 06, 2019 10:12 pm
by rmcphie
I'm having the same issue. I put Verizon Smart Family on my son's phone and now Gospel Library won't update. I've isolated the problem to the VPN. I would think that should be unblocked as members using Smart Family or Circle would want the positive influence of a fully functional Gospel Library app on the filtered devices.

Thanks.

Re: Firewall policy blocking VPNs

Posted: Mon Jan 07, 2019 6:07 am
by drepouille
Throwing in my personal opinion here. Internet service at the meetinghouse primarily exists so church-owned computers (admin and FHC) can connect to church servers. Members should download and sync all their mobile apps at home. Teachers should download all the videos they need for their lessons at home. There have been many times during the meeting block when I have had to unplug the wireless access points from the firewall so that I could use the admin computer to perform official business on LCR.

Re: Firewall policy blocking VPNs

Posted: Mon Jan 07, 2019 8:01 am
by sbradshaw
rmcphie wrote:I'm having the same issue. I put Verizon Smart Family on my son's phone and now Gospel Library won't update. I've isolated the problem to the VPN. I would think that should be unblocked as members using Smart Family or Circle would want the positive influence of a fully functional Gospel Library app on the filtered devices.

The best way to get this changed is to send feedback or an unblock request to Verizon Smart Family. There's nothing the Church can do about third-party services blocking content, other than send feedback through the same channel that a user would send feedback.