As the title says I need to block all the connection to mikrotik router from outside except connection to VPN server. Then allow Remote desktop to LAN’s system over VPN(either L2TP/IPSec or PPTP) from outside LAN.
What would be the rule in Mikrotik router’s Firewall to block all the connection except rdp over vpn?
Addition infor:
There is LAN setup in our office and the final gateway is Mikrotik router.
I know how to create VPN server, VPN client in clients system and make rdp from clients system.
I want that external firewall should only let in connections to VPN server.
Once VPN tunnels are established clients will have access to RDP. Now if you want to filter on established VPN tunnels then you need to create a firewall rule that will drop packets with a source IP of your VPN clients assigned by your VPN server. DHCP pool for office 192.168.88.100-192.168.88.199, pool for VPN 192.168.88.200-192.168.88.209.
ip firewall filter add chain=forward action=drop protocol=tcp src-address=192.168.88.200-192.168.88.209 dst-address=192.168.88.0/24 dst-port=!3389