Management over VPN blocked by def. Firewall rule

luckhermsen · December 27, 2019, 2:53pm

Hey guys,

I’ve been setting up a Mikrotik at home. Recently I enabled the VPN via a tutorial I found. So far so good and it works perfectly. I can reach all my home devices, but one.
The Mikrotik itself.

This is being blocked by the default Firewall rule that drops all input traffic which is not coming from LAN.
Is there a fancy way of working around that issue? Or is the only option to disable that specific rule?

Basically I’m not to paranoid about not dropping all that traffic, but I wouldn’t want to be at risk because of it.
Any advice greatly appreciated!

Zacharias · December 27, 2019, 3:51pm

Yes there is a way and it is not fancy…
Chain=input in-interface=“vpn” action=accept and must be placed before the drop rule…

pe1chl · December 27, 2019, 7:13pm

What type of VPN did you make?
When it has an interface on the mikrotik side you can put that in the LAN interface list.
But not all VPN types do have that.

luckhermsen · January 8, 2020, 7:17pm

Sorry for the late reply.
I have a pptp VPN, so only a connected user will show up as an interface.
I used Zacharias’ solution to tackle the issue.

However I’m considering using a better, more secure VPN so maybe I’ll have to change to another solution later on.

pe1chl · January 8, 2020, 7:53pm

Actually you could set the interface list to LAN on the PPP profile you use with the PPTP server and have the incoming connected users automatically added to the LAN interface list.
I would copy the default profile to some different name, e.g. pptp-profile, and make the change on that one, and set it as profile in the PPTP server.