0

vpn-api.proton.me

I have bypass methods blocked, but I can see that vpn-api.proton.me is allowed.
Am I right in thinking that Proton Mail has got a VPN server and that this is the URL to it?

should it therefore be blocked when I have bypass methods blocked?

5 replies

null
    • Martheen
    • 2 yrs ago
    • Reported - view

    It's part of ProtonVPN https://github.com/ProtonVPN/android-app/blob/master/app/build.gradle, and yes I'd assume it has to be blocked, open an issue in the https://github.com/nextdns/dns-bypass-methods/issues

      • trin_trax
      • 2 yrs ago
      • Reported - view

      Martheen  done. 
      I have blocked it manually for now. Let’s see if one of the kids complains about rubbish internet!😈

      • Martheen
      • 2 yrs ago
      • Reported - view

      trin trax By the way, if it's primarily about web browsing, it's trivial to just change the DoH setting in the browser to generic NextDNS and bypass your filter. Parental control using DNS only is really weak.

      • trin_trax
      • 2 yrs ago
      • Reported - view

      Martheen that could be prevented by blocking port 53, isn’t that right?

      • Martheen
      • 2 yrs ago
      • Reported - view

      trin trax No, DoH goes through TCP 443 just like regular HTTPS. You can manually block DoH domains depending on how you configure NextDNS, ie, if you're using the app or NextDNS DoH profile, obviously you can't block NextDNS, and thus anyone can just use their own NextDNS profile in your network. You also can't block personally generated DoH address like those using https://github.com/tina-hello/doh-cf-workers or https://github.com/serverless-dns/serverless-dns

Content aside

  • 2 yrs agoLast active
  • 5Replies
  • 667Views
  • 2 Following