Hi, guys.
I deployed PPTP+GRE VPN on my Router RB3011. I created firewall rules which allow pptp&gre input traffic.
But sometimes i see such connection attempts to my PPTP.
I ask about your advice: How can i prevent and exclude such attempts?
-
-
fedor47271
just joined
- Posts: 24
- Joined:
PPTP VPN Protection
You do not have the required permissions to view the files attached to this post.
Re: PPTP VPN Protection
Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic.
-
-
fedor47271
just joined
- Posts: 24
- Joined:
Re: PPTP VPN Protection
Should I add provider's networks to the first rule in src adr list? Explain me plz how it would work.Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic.
How can i block this IP address which i sent in the logs, for example?
Re: PPTP VPN Protection
Yes, you should. Traffic will be checked from first rule to the last.Should I add provider's networks to the first rule in src adr list? Explain me plz how it would work.Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic.
How can i block this IP address which i sent in the logs, for example?
You don't need to block this one, because there will be many others. Much simplier to allow what you want and drop everything else.
Re: PPTP VPN Protection
You are opening a VPN server up to the world and are unhappy the world is trying to use it.
Are you expecting the genuine VPN connections from a set IP address(es) or range or is it more a road warrior kind of setup? If you are expecting specific IP's then you can add them to a list and amend your accept rule to allow only from that src-list. Otherwise you are going to get the occasional attempt.
Are you expecting the genuine VPN connections from a set IP address(es) or range or is it more a road warrior kind of setup? If you are expecting specific IP's then you can add them to a list and amend your accept rule to allow only from that src-list. Otherwise you are going to get the occasional attempt.
Re: PPTP VPN Protection
I would disable PPTP and only enable it when I need it. May not suit you but provide some protection. Limit what IP can access it as well if you can.
I being to think I have to do the same for winbox, login to ssh to enable winbox, when I need it.
I being to think I have to do the same for winbox, login to ssh to enable winbox, when I need it.
-
-
fedor47271
just joined
- Posts: 24
- Joined:
Re: PPTP VPN Protection
Clients which connecting to my PPTP server have dynamic IP addresses. I can adding them all time.You are opening a VPN server up to the world and are unhappy the world is trying to use it.
Are you expecting the genuine VPN connections from a set IP address(es) or range or is it more a road warrior kind of setup? If you are expecting specific IP's then you can add them to a list and amend your accept rule to allow only from that src-list. Otherwise you are going to get the occasional attempt.
Re: PPTP VPN Protection
Put a cheap MT unit behind with IP>Cloud enabled.
Create address list on your router to only allow those DDNS names access to PPTP port.
Drop all other PPTP requests
Create address list on your router to only allow those DDNS names access to PPTP port.
Drop all other PPTP requests