MikroTik

Community discussions
https://forum.mikrotik.com/

Block invaild VPN user did not work now!

https://forum.mikrotik.com/viewtopic.php?t=147916

Page 1 of 1

Block invaild VPN user did not work now!

Posted: Wed Apr 24, 2019 2:26 pm
by lcqxinyun
I used this filter to block invaild users since v.6.38.7, and it works prefect. CUZ the invaild cilent will continued reconnect my VPN port when I disable the user.
Code: Select all
/ip firewall filter
add action=drop chain=input comment="Drop pptp invaild 7 Day" dst-port=1723 protocol=tcp src-address-list=pptp_blacklist
add action=add-src-to-address-list address-list=pptp_blacklist address-list-timeout=1w chain=input connection-state=new dst-port=1723 protocol=tcp src-address-list=pptp_stage3
add action=add-src-to-address-list address-list=pptp_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=1723 protocol=tcp src-address-list=pptp_stage2
add action=add-src-to-address-list address-list=pptp_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=1723 protocol=tcp src-address-list=pptp_stage1
add action=add-src-to-address-list address-list=pptp_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=1723 protocol=tcp


But now it didn't work when I upgrade to 6.43.11. How to fix this problem? It make my logs display a lot of record : "tcp connection established from XX.XX.XX.XX " . Thanks.

Re: Block invaild VPN user did not work now!

Posted: Wed Apr 24, 2019 3:45 pm
by anav
post your config
/export hide-sensitive file=yourconfig
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/