News: This forum is now permanently frozen.
Pages: [1]
Topic: How to accept PPTP VPN only from a specified IP address  (Read 2923 times)
« on: February 03, 2008, 17:04:26 »
hendrikhighwave *
Posts: 2

Dear M0n0wall users,

Our PPTP VPN is working well, but I would like M0n0wall to accept the VPN connection only from a specified IP address (my home IP address). Can somebody tell me wheter this is possible?

Regards, Hendrik
The Netherlands

« Reply #1 on: February 12, 2008, 17:47:56 »
Lee Sharp *****
Posts: 517

In the VPN user manager, add only the IP you want that user to use.
« Reply #2 on: February 12, 2008, 21:18:31 »
hendrikhighwave *
Posts: 2

Lee, sorry I don't want to assign a specific IP address to a user. The case is that I would like to accept the VPN connection only from a specified external Internet IP address.

Any more suggestions? Really appreciate your help on this issue.

Kind regards, Hendrik
« Reply #3 on: February 18, 2008, 03:40:28 »
JR *
Posts: 1

In most situations this is not possible through the WebGUI. When the built-in PPTP server is enabled, a rule is created internally allowing connections from any IP. The same is true of the option that redirects to a local PPTP server.

There is one special case where you can do this by creating the rules yourself, but this only applies if you have more than one WAN IP and you will be redirecting to a local PPTP server. Then you can set the m0n0wall PPTP to OFF, create a 1:1 nat rule for the PPTP server with your spare IP and then create firewall rules allowing TCP port 1723 and GRE traffic to your PPTP server from only the source address(es) you specify.

This does not work if you have a single WAN IP because the incoming (destination) NAT interface doesn't allow you to create NAT rules for GRE.

JR
« Reply #4 on: March 11, 2008, 02:31:02 »
ejzhang *
Posts: 14

I need this function too, but mpd maybe without the function.

I put the question to mpd official forum, there's the link:
http://sourceforge.net/forum/message.php?msg_id=4811442
http://sourceforge.net/forum/message.php?msg_id=4811547
« Reply #5 on: March 11, 2008, 21:33:20 »
mick88 *
Posts: 10

In version 1.3b3 a hidden config option was introduced which should achieve what you are looking for.

By enabling the option <nofwrulegen/> the rules to let pptp/gre traffic pass automatically will not be added. This gives you the opportunity to add your own firewall rule where you can narrow traffic down to an address of your choice.

See also: http://m0n0.ch/wall/beta.php
and: http://doc.m0n0.ch/handbook/faq-hiddenopts.html
« Last Edit: March 11, 2008, 21:35:11 by mick88 »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines