I’m able to connect VPN client to mikrotik’s VPN server. VPN i’m using is SSTP so windows client can able to connect to SSTP server of mikrotik server. Now the windows client has access to our office network. I have made port forwarding for window client to access their system.
After windows client connected to mikrotik server over sstp VPN there is a entry in interface
# NAME SERVICE CALLER-ID ADDRESS UPTIME ENCODING
0 niren sstp 27.34.253.98 192.168.5.1 1h22m5s
Rule for port forwarding:
0 ;;; chain=dstnat action=dst-nat to-addresses=192.168.2.6 to-ports=3389 protocol=tcp dst-port=16826
Rule of firewall filter:
0 ;;; chain=forward action=accept protocol=tcp dst-address=192.168.2.6 dst-port=3389
Now windows client is able to RDP to their office system with or without VPN connection by mikrotikIP:16826. So what I want is port forwarding should be done through only VPN and deny for non-VPN client. I tried the following rule but no use.
0 ;;; chain=dstnat action=dst-nat to-addresses=192.168.2.6 to-ports=3389 protocol=tcp in-interface=niren-remote dst-port=16826
where in-interface=niren-remote is the SSTP VPN interface for the windows client.
Here SSTP VPN and port forwarding is done successfully but I can’t restrict port forwarding only for VPN client. Any idea about how to make it work?