MikroTik

Community discussions
https://forum.mikrotik.com/

Limit WAN Winbox access to OpenVPN connected user

https://forum.mikrotik.com/viewtopic.php?t=149344

Page 1 of 1

Limit WAN Winbox access to OpenVPN connected user

Posted: Fri Jun 14, 2019 3:51 pm
by matzero
Hi

I'd like to limit access to Winbox port of my MikroTik only to:

1. LAN - no limits in Winbox port access
2. WAN - allow only to user connected using OpenVPN

I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN

How can I add rule to match traffic generated by OpenVPN clients and allow only them to access Winbox?

Re: Limit WAN Winbox access to OpenVPN connected user

Posted: Fri Jun 14, 2019 6:13 pm
by sebastia
I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN
that's the way to go. clients need to use the openvpn ip to connect with Winbox. And then their source ip will be automatically the vpn ip.
Default route at clients is probably not over the vpn, which selects non-vpn ip as source...
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/