Pptp interface and firewall

leon84 · June 4, 2010, 9:45am

Hi to all,
I configured a pptp server and I would that a remote client can only connect to the local network and not go to INTERNET through the VPN connection.

I have router os with 2 interfaces: public and private.
Public is directly connected to internet while private have an address in network 10.0.0.0/8.
I assign manually ip address to pptp client in this way:
10.8.0.1 local address
10.9.0.1 remote address.

10.8.0.2 local address
10.9.0.2 remote address.

Now I would block internet access to these addressess through vpn connection.
I configured fireall in forwarding table but i always access to internet.

Can you help me?

sergejs · June 4, 2010, 9:48am

add-default-route=no on pptp client is necessary.

leon84 · June 4, 2010, 10:40am

but through the firewall is it possible to do this limitations?

sergejs · June 7, 2010, 7:15am

By /ip firewall filter you can filter the packets, as well you can filter packets going in-out from the tunnel.