Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can a school block students from using Firefox Private Network VPN?

  • 3 replies
  • 1 has this problem
  • 1 view
  • Last reply by cor-el

more options

I'm looking to block it via a corporate firewall, but I cannot find any list of IP networks or DNS names to block as the school uses BYOD for students (K-8). I do see that it uses cloudflare for their DNS servers but blocking cloudflare is not an option (NOTE: I found this out by using dnsleaktest.com while using firefox in Private Network mode). Thanks in advance for your help.

I'm looking to block it via a corporate firewall, but I cannot find any list of IP networks or DNS names to block as the school uses BYOD for students (K-8). I do see that it uses cloudflare for their DNS servers but blocking cloudflare is not an option (NOTE: I found this out by using dnsleaktest.com while using firefox in Private Network mode). Thanks in advance for your help.

All Replies (3)

more options
more options

Hi, SkyBlue. Thanks for replying. According to this ( https://support.mozilla.org/en-US/questions/1268686 ), FPN does not use DoH. In our school environment, we use SSL inspection for the internal networks, but do not on the Guest network. I'm looking specifically for what FPN does or connects to for the VPN feature, and how that can be blocked. When I connect to FPN, it gets a Cloudflare IP, and uses Cloudflare DNS servers for name resolution (according to tests run at dnsleaktest[dot]com (see attached image)). I'm thinking what I need is a list of Cloudflare's VPN servers, so I can block those, without blocking websites that are hosted behind Cloudflare's infrastructure.

EDIT: This is not a problem on our internal networks where SSL inspection is used, just on our Guest network which is available to all, including students.

Modified by GotSQL

more options

Maybe block access to 1.1.1.1 as that is used to initialize the DSN server and prevent to get a link to a server in the vicinity.