Forward VPN Client to a particular interface

dcpoole2016 · Mon Feb 20, 2017 10:00 pm

I have a RB951G-2HND. Internal network is 192.168.22.0/24. (Interface 2-4). I have a Netgear Router plugged in to port 2. Network behind the Netgear is 192.168.1.0/24. I want to plug Interface 5 in the 192.168.1.0/24 network. When a VPN client connects to the Mikrotik, I want it to be forwarded to the Netgear network only. I am using the Mikrotik as a firewall, so I don't want to compromise my security. Is this possible? Thanks, for any help on this.

StubArea51 · Tue Feb 21, 2017 4:50 pm

The simplest way would be to create forwarding rules in the firewall that don't permit the VPN subnets to talk to anything but the 192.168.1.0/24 network. Alternatively, you could create a separate routing mark for the VPN traffic and it would be isolated to that routing table.

Something kind of like this..you can adjust and bypass as needed

/ip firewall filter
add action=drop chain=forward dst-address=192.168.22.0/24 src-address=192.168.1.0/24
add action=drop chain=forward dst-address=192.168.1.0/24 src-address=192.168.22.0/24
add action=accept chain=forward

Forward VPN Client to a particular interface

Forward VPN Client to a particular interface

Re: Forward VPN Client to a particular interface

Who is online