my user in may lan connect to mikrotik by vpn to give internet and all this good.
but i need when my user connect to mikrotik vpn server all lan access is block.
my lan is one subnet for examle(192.168.1.0/24) . i need when my client connect to vpn all access for example ping 192.168.1.2 block.
please help me?
A couple of simple firewall rules would work.
src-address would be VPN client IP or Subnet, dst-address would be the subnet you dont want them to talk to once connected through the VPN.
/ip firewall filter add chain=input src-address=X.X.X.X action=drop ------This Stops Access To The MikroTik
/ip firewall filter add chain=forward src-address=X.X.X.X dst-address=X.X.X.X action=drop ----- This Stops Any Traffic To The Specified Subnet.