Two-way ping(ban or spoof)

how to ban two-way ping on my VPN server or router or etc.
example: there is a website (which uses two-way ping) which determines (based on ping result) that i'm very far. .
I need to reduce ping , example : from ~190ms to ~30ms .
In other words , I would like to ban incoming ping up to my router or my devices. that pinged only my vpn server.

Then block inbound ICMP Echo request on WAN.

Additionally, you can block outbound ICMP Echo Reply.

this can be done in the router or on vpn server?

You never mentioned the OS of a separate server - this is an OpenWrt thread.

Yes, I am referring to the OpenWrt router.

Screenshot%20from%202018-11-05%2014-05-12

Just disable the Allow-Ping rule. Simple!

If your VPN server bypasses your firewall/router, then you must obviously block it there.

disable
did not work for me

As I noted:

I'm guessing your laptop/desktop runs the VPN client. In that case, you will need to block it "inside" of that laptop/desktop as the traffic is encrypted as soon as it's "on the wire" outside of your laptop/desktop.

You will have to work with support for your VPN client and/or your laptop/desktop OS as OpenWrt (or any other device), by definition, can't successfully modify encrypted traffic that passes through it.

Edit: Note @mk24 comments on pings potentially being handled by the VPN provider's server, which is likely out of your control.

1 Like

Since commercial VPN services almost always NAT several users to one public IP, it would be their VPN server that responds to pings.

You could block ping replies from your client end of the VPN tunnel, but that is usually a private IP and no one other than the VPN server would be able to ping it anyway.

1 Like

server VPN on ubuntu is under my control

You should be able to block the pings on your Ubuntu server then. I'd provide an "exemption" for your own IP, so that you still have ping as a diagnostic tool for the devices under your control.

It will be "interesting" to see what the service you're trying to reach does if it gets no ping response, but that's another question

1 Like