返回列表 發帖

VPN 被人 Try connect

CHing 們,

近期經常在log file 見到我的Router OS VPN 內, 包括PPTP, OVPN 等等, 每天都有大陸IP 想login, 請問可否設定指定IP 才能進入我的VPN?謝謝
AC

多謝…Ching
AC

TOP

Congs!

It is similar to block other intruders with this method, say, your ovpn port is 1194, you can do the same:

/ip firewall filter
add action=accept chain=input comment="OVPN" disabled=no protocol=tcp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=accept chain=input comment="OVPN" disabled=no protocol=udp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=drop chain=input disabled=no  protocol=tcp dst-port=1194
add action=drop chain=input disabled=no  protocol=udp dst-port=1194
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

從網上找到更快方法 但只限於在 PPTP 上, 只給自己 network 過

Remarks : xxx.xxx.xxx.xxx / 24 自己 network

/ip firewall filter
add action=accept chain=input disabled=no protocol=gre src-address=\
     xxx.xxx.xxx.xxxx /24
add action=drop chain=input disabled=no protocol=gre
AC

TOP

Thanks and let me try
AC

TOP

Yes, you can do it.

Check my old post: http://www.telecom-cafe.com/forum/viewthread.php?tid=4330

Basically, you set up your white-list, forward your input to your extra control chain, in that control chain you can simply drop other unwanted connections.
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

返回列表