Mikrotik RB2011UiAS-RM
Interfaces:
ETH1=Gateway=Static IP (Notice: WAN IP in drawing it’s not true)
ETH2=DHCP
ETH6=No DHCP
ETH7=No DHCP
ETH10=No DHCP
Bridges:
No bridge at all (no interfaces, no ports)
Others:
Firewall ON, NAT ON (default)
All ETH ports have internet access, everything is OK.
Mikrotik VPN1 server:
Type PPTP on ETH6
Mikrotik VPN2 server:
Type L2TP/IPsec on ETH7
As you know, PPTP is vulnerable and not recomended.
In a few days I already see atempts of connecting to PPTP from IPs located in China.
QUESTION1:
Is there any possibility to have only one L2TP/IPsec VPN Mikrotik server and maybe for different port+user+pass+secret to give IP for ETH6 and ETH7 in their respective classes? And if yes, howto?
Any other sugestions?
And btw, on Mikrotik wiki docs on VPN there is no word on firewall (of course I needed to open ports in order to VPN to work).
I initialy thought Mikrotik take care of itself on activating VPN server.
QUESTION2:
I want WebFig, Winbox to work only from LAN side. How do I do that?
