No, something that uses an encrypted tunnelling protocol like IPsec would hide its communications. You wouldn’t be able to spoof the server either due to IPsec’s authentication capabilities.
You could stop the device from initiating a tunnel by blocking the appropriate ports and protocols.
Although if I found out a device was going to these lengths and wasn’t open source, I don’t think I’d want it on my network.
