標題: VPN 被人 Try connect [打印本頁]

---

作者: mrandrewchan    時間: 2013-10-22 21:12     標題: VPN 被人 Try connect

CHing 們，

近期經常在log file 見到我的Router OS VPN 內， 包括PPTP, OVPN 等等， 每天都有大陸IP 想login, 請問可否設定指定IP 才能進入我的VPN？謝謝

---

作者: Qnewbie    時間: 2013-10-22 22:00

Yes, you can do it.

Check my old post: http://www.telecom-cafe.com/forum/viewthread.php?tid=4330

Basically, you set up your white-list, forward your input to your extra control chain, in that control chain you can simply drop other unwanted connections.

---

作者: mrandrewchan    時間: 2013-10-23 08:36

Thanks and let me try

---

作者: mrandrewchan    時間: 2013-10-26 08:10

從網上找到更快方法 但只限於在 PPTP 上, 只給自己 network 過

Remarks : xxx.xxx.xxx.xxx / 24 自己 network

/ip firewall filter
add action=accept chain=input disabled=no protocol=gre src-address=\
     xxx.xxx.xxx.xxxx /24
add action=drop chain=input disabled=no protocol=gre

---

作者: Qnewbie    時間: 2013-10-26 16:19

Congs!

It is similar to block other intruders with this method, say, your ovpn port is 1194, you can do the same:

/ip firewall filter
add action=accept chain=input comment="OVPN" disabled=no protocol=tcp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=accept chain=input comment="OVPN" disabled=no protocol=udp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=drop chain=input disabled=no  protocol=tcp dst-port=1194
add action=drop chain=input disabled=no  protocol=udp dst-port=1194

---

作者: mrandrewchan    時間: 2013-10-27 18:29

多謝…Ching

---

歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/)

Powered by Discuz! 7.2