Hi,
We have some branches connected through Mikrotik PPTP. we have disabled their Internet usage by disabling masquerade nat. but we need to allow anydesk connection for remote support. anyone have idea?
I found this from anydesk website add exception for *.net.anydesk.com how can i do that?
PPTP seriously???
Use wg otherwise please dont bother us with non MT issues. Use team viewer LOL
We have some branches connected through Mikrotik PPTP
As others have suggested, you might read about PPTP and consider switching to wireguard:
https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security
we have disabled their Internet usage by disabling masquerade nat.
Disabling masquerade towards WAN is all-or-nothing and not really ideal to achive blocking direct internet access.
but we need to allow anydesk connection for remote support. anyone have idea?
I found this from anydesk website add exception for *.net.anydesk.com how can i do that?
Keep masquerade towards WAN enabled, but allow forwarding from LAN to WAN only for *.net.anydesk.com in the forward chain.
Add similar rules for everything else that should be possible.
If your branch site has access to the HQ only using PPTP tunneling, why using an external service like anydesk and nothing working inside your own network and not involving 3rd parties?
Finally we have found solution better it is good or not it is solved my issue.
my solution is schedule run and find dns cache that have any record with anydesk and add them to address list. already created masquerade that allow all traffic to gateway for defined address list
What happens with the rest of the traffic? you’re sending all you private IPs to the WAN side?
What a lousy “solution”.