Block websites for my VPN users

linux squid strongswan

the way I would solve such a problem is to adjust the strongswan VPN exit node with transparent proxy:

https://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

You will however either need to allow https to bypass the proxy or setup SSL intercept (which is quite difficult and needs access to your clients PCs) ..

Another way to solve the problem is to introduce your own DNS that will point your users to your own IP address for domain names that are black listed... this of course means that you are running dhcp and nobody's smart enough to use custom DNS.. or DNS over HTTPS


This has nothing to do with VPN and everything to do with proxy software.

What you're looking for is a transparent intercepting proxy. Unless you can push a new CA certificate to your client machines you're most likely looking for Squid's peek-and-splice mode to inspect the ClientHello of TLS connections.

Note that this isn't perfect as domain fronting will bypass it and so will using another proxy that isn't blacklisted but it's the best you can do with those constraints.

Related

How to install Anaconda on Ubuntu?
Remove Spotify pop-up notification when a song starts
What is the difference between "chmod +x" and "chmod 755"?
What is a "failed to create a symbolic link: file exists" error?
"Failure to download extra data files" with ttf-mscorefonts-installer on Ubuntu 16.04
Higher screen resolution for VirtualBox?
Where are icons stored?
How to network two Ubuntu computers using ethernet (without a router)?
How to mount a hard disk as read-only from the terminal
Unable to mount NTFS external hard drive
How do I restart Cinnamon from the tty?
Some fast way to save and restore tabs of Terminal?