Community discussions

 
marcrisse
just joined
Topic Author
Posts: 23
Joined: Tue Feb 16, 2016 9:16 pm
Location: Germany

Firewall rule with dynamic interface

Thu Mar 10, 2016 8:54 am

hi,

how can i apply firewall rules to sstp-interfaces permanently? Every time after reconnect of sstp-client, my mikrotik says "unknown interface" and i have to reconfigure the rule.


best
marc
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Thu Mar 10, 2016 9:24 am

Why not to use static sstp interface binding linked to the user instead dynamic?
 
marcrisse
just joined
Topic Author
Posts: 23
Joined: Tue Feb 16, 2016 9:16 pm
Location: Germany

Re:

Thu Mar 10, 2016 11:52 am

Why not to use static sstp interface binding linked to the user instead dynamic?
the mikrotik with sstp-service dials in via DSL with a disconnect every 24h. the sstp-client is a linux server with permanent internet connection. the devicename <sstp-rootserver> doesn't change but it is lost every night for some seconds. this seems to be enough for the firewall to mark the rule red caused of unknown device. (sorry for my bad english ;-) )
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Firewall rule with dynamic interface

Thu Mar 10, 2016 11:57 am

If you are worried about any configuration bound to a dynamic interface you should, as part of best practice, create a service binding. What this does is create an interface which is static, but linked to a dynamic username account. When ever the account connects it will be provided with the same interface. This could be used for routes too.
/interface sstp-server
add name=sstp-in1 user=test
/interface l2tp-server
add name=l2tp-in1 user=test3
/interface sstp-server
add name=sstp-in1 user=test
/interface pptp-server
add name=pptp-in1 user=test2
/interface ovpn-server
add name=ovpn-in1 user=test4
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME

Who is online

Users browsing this forum: No registered users and 20 guests