Hello, i have problem with configuration. I am running pptp server on my routerboard and i want to start using it for connecting about 20 clients. I don’t want to use static pptp server rules, becouse of ugly and complicated config and i prefer using radius for authenticating. But it’s hard to use firewall to catch client traffic to lan, because client always create dynamic interface with syntax “pptp-” (as written in manual). Please do someone has some solution to capture client traffic? One way is firewalling based on pptp client ip address, but i don’t think that is safe and it’s not “nice”. Thank you
Use the Mikrotik-Address-List parameter (id 19 within the vendor, type string). The NAS will add the client IP to the specified address list on login, and remove it on logout. Either use the same address list for all clients, or use different ones based on service class. Then write all your firewall rules using src-address-list and dst-address-list to filter, mangle or NAT customer traffic.