News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  VPN
linktree Topic: PPTP - Only Allow a Specific External IP Access
Pages: [1]
Topic: PPTP - Only Allow a Specific External IP Access  (Read 2544 times)
« on: April 30, 2011, 19:33:53 »
asdzxc *
Posts: 1
Hello all, simple enough question I hope Smiley

I wish to only allow access to the built-in m0n0wall VPN server from a specific external IP.

It seems that by default, once the PPTP server is enabled in m0n0wall, an automatic rule is created to allow VPN access from ANY external IP, as seen in the following lines under http://your_m0n0wall_box/status.php

# PPTP rules
pass in quick proto gre from any to external_ip_here keep state group 200
pass in quick proto tcp from any to external_ip_here = 1723 keep state group 200

Is it as simple as just creating a new firewall rule to only allow access to port 1723 for a specific Source of your choosing? Will that bypass/supersede the above automatic m0n0wall rules?
If the above is in fact the case, is it better when creating that specific rule to select GRE as the protocol - or just TCP traffic on 1723, perhaps both?

BTW - Sorry if this has been asked before, tried to search for this answer but really couldn't find it.

Thanks a ton for your time kind sirs.
« Last Edit: May 01, 2011, 02:39:35 by asdzxc »
« Reply #1 on: April 30, 2011, 20:54:07 »
Јаневски ***
Posts: 153
To answer Your questions:
Yes, it's enabled by default automatic rules for all external hosts to connect.
A custom firewall rule won't do override [rule order in question].
In order PPTP VPN to work both TCP1723 and GRE should be enabled.

PS: There are a few similar threads regarding this question, however maybe there should be a feature request.
« Last Edit: April 30, 2011, 20:59:12 by Јаневски »
http://janevski.net
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines