Block VPN access with IPChains
I'm currently using an IPChains based firewall on my LAN. Its basically used as an internet access server, where you only get past the firewall once your authenticated. I am currently forwarding all local IP's to a login page, once they are authenticated their IP is then added to the firewall giving them full access to the internet. The only problem I am experiencing is that some users are able to use VPN without being authenticated. However the rest of the VPN users are blocked, as with other services, from getting through the firewall, which is the preferred scenario.
Do different VPN clients use different ports or methods to get thru a firewall? If so how do I completely restrict all VPN access?
Thanks in advance for your help