Veyon Community Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups

    Students bypassing filtering

    Help & Troubleshooting
    2
    3
    342
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mathompson last edited by

      We are seeing a problem in multiple labs where students are able to bypass filtering. Basically, the firewall shows that the teacher (who is logged into the master) is also logged in to multiple clients, even though they are not. When students login, they are seen as the teacher by the firewall and able to access sites they should not have access to. This seems to be platform independent as one lab is all Windows 10 (latest build). The other is mostly Win10, but the teacher uses Ubuntu 21.04.

      Running Veyon 4.5.4
      Firewall is a FortiGate 501E v6.2.4 build1112
      Domain controllers are Win servers 2012r2 and connect to Fortinet Sign-On Agent.

      1 Reply Last reply Reply Quote 0
      • tobydox
        tobydox last edited by

        When Veyon Master connects to client computers, the Veyon Server/Service on the client computers check the teacher's credentials by performing a temporary internal user logon with the teacher's username and password. However it does not initiate a real user sessions so I wonder why your firewall recognizes the teacher as being logged on (obviously it only tracks login events?). All you can do here Veyon-side is to switch to key file authentication globally. Then client computers simply verify messages from Veyon Master (signed with the private key master-side) instead of the user credentials.

        M 1 Reply Last reply Reply Quote 0
        • M
          mathompson @tobydox last edited by mathompson

          @tobydox After further investigation, the student's are able to bypass the firewall. For example, students accounts are prohibited from visiting Reddit.com. However, if the teacher computer is running Veyon, the client can go to Reddit and the firewall records it as traffic under the teachers account. This is a serious issue for us.

          If the teacher computer is not turned on, filtering works correctly.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Powered by NodeBB | Contributors