Vypr VPN

Reply
L2 Linker

Vypr VPN

Hi, 

 

Has anyone used VYPR VPN. We are seeing users use this quiet a lot and they are bypassing the firewall to get onto whatever they want. 

 

We have submitted to PAN to create an application for this as one does not currently exist, but we need to block this in the mean time. I know we can create a custom application for this, but I am not experienced enough to put in the details for this so it only affects that application. 

 

Is creating a custom application the best way to block this or would anyone recommend another way ?

 

 


Accepted Solutions
Highlighted
L7 Applicator

Re: Vypr VPN

While some of their VPN protocols are standards-based with corresponding AppIDs, I bet you're having problem with the "chameleon" variant.  

 

If you can't block it by AppID, you should be able to tackle this via FQDN address objects.  They've provided a complete list of their servers here:

 - https://support.goldenfrog.com/hc/en-us/articles/203733723-What-are-the-VyprVPN-server-addresses-

 

The CLI will probably be the quickest way to get these entries in your firewall.  Here's what the commands would look:

 

set address us1.vpn.goldenfrog.com tag vyprvpn
set address us1.vpn.goldenfrog.com fqdn us1.vpn.goldenfrog.com

set address us2.vpn.goldenfrog.com tag vyprvpn
set address us2.vpn.goldenfrog.com fqdn us2.vpn.goldenfrog.com

 

Lather, rinse, repeat for each of the server locations.  When you're done it will start to look something like this:

 

vypr1.PNG

 

 

You're tagging each of these objects with a "vyprvpn" tag for a good reason.  The above process will create one address object per server location.  You then create an Address Group that includes all of the individual address objects tagged with 'vyprvpn' like this:

 

vypr2.PNG

 

And finally, create a security policy that blocks traffic to 'vyprvpn-group' on any app and any port.

 

vypr3.PNG

 

EDIT:  I assumed that the VyprVPN server was hosted by goldenfrog.com in my above instructions.  You may need to do something similar for VyprVPN through giganews, ie: us1.vpn.giganews.com, but the concept is the same.  

 

Also, I did a couple of quick tests..  VyprVPN on iOS is detected as "ciscovpn" and "ipsec-esp-udp" from an AppID perspective.  Block those Apps to shut this down on that platform.  On Windows, the VyprVPN "Chameleon" protocol is detected as "unknown-udp" and can also be blocked.  In my lab, blocking unknown-udp prevented VyprVPN from establishing a Chameleon VPN tunnel without worrying about destination IP addresses.

 

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: Vypr VPN

While some of their VPN protocols are standards-based with corresponding AppIDs, I bet you're having problem with the "chameleon" variant.  

 

If you can't block it by AppID, you should be able to tackle this via FQDN address objects.  They've provided a complete list of their servers here:

 - https://support.goldenfrog.com/hc/en-us/articles/203733723-What-are-the-VyprVPN-server-addresses-

 

The CLI will probably be the quickest way to get these entries in your firewall.  Here's what the commands would look:

 

set address us1.vpn.goldenfrog.com tag vyprvpn
set address us1.vpn.goldenfrog.com fqdn us1.vpn.goldenfrog.com

set address us2.vpn.goldenfrog.com tag vyprvpn
set address us2.vpn.goldenfrog.com fqdn us2.vpn.goldenfrog.com

 

Lather, rinse, repeat for each of the server locations.  When you're done it will start to look something like this:

 

vypr1.PNG

 

 

You're tagging each of these objects with a "vyprvpn" tag for a good reason.  The above process will create one address object per server location.  You then create an Address Group that includes all of the individual address objects tagged with 'vyprvpn' like this:

 

vypr2.PNG

 

And finally, create a security policy that blocks traffic to 'vyprvpn-group' on any app and any port.

 

vypr3.PNG

 

EDIT:  I assumed that the VyprVPN server was hosted by goldenfrog.com in my above instructions.  You may need to do something similar for VyprVPN through giganews, ie: us1.vpn.giganews.com, but the concept is the same.  

 

Also, I did a couple of quick tests..  VyprVPN on iOS is detected as "ciscovpn" and "ipsec-esp-udp" from an AppID perspective.  Block those Apps to shut this down on that platform.  On Windows, the VyprVPN "Chameleon" protocol is detected as "unknown-udp" and can also be blocked.  In my lab, blocking unknown-udp prevented VyprVPN from establishing a Chameleon VPN tunnel without worrying about destination IP addresses.

 

View solution in original post

Highlighted
Cyber Elite

Re: Vypr VPN

@inzamam.shahid Ask and you shall receive.  It appears "vyprvpn" is now a recognized application per content update 564.

Highlighted
L2 Linker

Re: Vypr VPN

I saw that today glad it got created it makes things much simpler!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!