Hi all,
I am the guy who configures the mikrotik routerboard for my company. In our office we have three different companies - and we all use the mikrotik RouteBoard. I configured several subnets, which can or cannot talk to each other (via firewall rules) - there are company internal subnets and shared office subnets - the shared ones should be accessable for all internal subnets.
Now I just configured VPN access via SSTP. Everything works fine. But now I have the challenge to separate VPN users so that they will get access only to the subnet off their company (or: just get the same access as if he/she is connected locally in the office). I was not able to figure out what I have to do… I started with having a PPP-Server-profile without specifying a remote Adress. And for each company I added a “company PPP Profile” - and put it to the secret of the VPN user of the company. In every “PPP Company Profile” I configured the company DHCP-Pool, so that the VPN-User will receive a IP as if he would be connected locally. Using this way I thought everything will work fine.
But: The user is able to just change his IP manually - an IMHO he would get access to the internal network of an other company. Perhaps this is wrong - i am not sure.
So: What is the best way to separate VPN users to prohibit access to local networks and allow access to their company networks?
Thanks a lot!
Holger