This free VPN has hundreds of server IP addresses and it is not practical to identify them one at a time and block them. Another free VPN, X-VPN the same. Cannot block ports to prevent use because they use 443. Firewalla help staff unable to provide a solution that works despite having tried. Any parental control functions in Firewalla are useless because they can be bypassed via any free VPN. Same for any parental controls I have tried such as Family Zone and Netgear parental controls.
If you can have the IP address of the servers in a list, you can use https://help.firewalla.com/hc/en-us/articles/1500005941962-Firewalla-Feature-Target-List-Beta-
You can also detect these VPN’s simply by looking at the transfer size … if it is too large you can just kill it. like this https://help.firewalla.com/hc/en-us/articles/360050863873-How-to-block-an-application-using-Firewalla-Network-Flows-
And in general, VPN’s are always an issue not just for firewalla, but for big companies and government as well.
It’s painstaking to do, but you can make a whitelist and go from that.
You can also block 443. Then allow certain IPs over 443. Allow rules take priority over block.
Precedence and rule management. https://help.firewalla.com/hc/en-us/articles/360008521833-Manage-Rules
If you want to toy with them you can block 443 and leave 80 open, lol. Most websites still use 80 as a backup. But given the current climate, certain sites/browsers may break.
Not sure on your audience, but you mentioned parental controls. So if you have kid(s), I would talk to them about using a VPN and why they think they need one.If it is legit concern, get them setup with a VPN client.That way you can still monitor traffic and they may feel more secure.
You can also get device management apps like Qustodio. And setup managed user accounts for your kids on a windows box . However, I would YouTube/Google search how easy they are to bypass and find the hardest one. You can also get enterprise solutions as well. They ain’t cheap.
VPN providers are clever and they have teams of architects/ engineers/analysts working on obfuscation and bypassing censorship. It’s a cat an mouse game, but If you can control the endpoint not much an app can do.
Say you control the endpoint.Your kid(s) would then have to figure out how to accomplish privilege escalation and real hacking, this stumps even Cybersec professionals. Which pretty much stops most kids as YouTube and Google only goes so far. The easy stuff that amazes most parents is parlor tricks and tools from Google searches, that almost anyone can carryout.
If the kid(s) can learn those skills on their own, I would foster them as a parent in computer science and give them more constructive puzzles to solve.