Community discussions

MikroTik App
 
abulat
newbie
Topic Author
Posts: 32
Joined: Mon Nov 16, 2020 4:14 pm

Limit access VPN

Mon Jan 18, 2021 8:20 am

Hi everybody,

Could you help me please, how to allow specific user to connect at VPN L2TP to my Mikrotik. For example user1 and user2 need to be allowed and other deny

How to secure L2TP in the best way for unauthorized users and other who trying to enter in my VPN ?

Thanks in advance.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Limit access VPN

Mon Jan 18, 2021 11:03 pm

If these were a "site to site" VPN, you can then make use of firewall rules to only allow from certain IPs, but as this is typically used for people to work remotely, i.e. today from home, tomorrow from coffee shop, etc. it is difficult to limit who can connect from where, etc.

So best solution is to Use strong passwords
 
abulat
newbie
Topic Author
Posts: 32
Joined: Mon Nov 16, 2020 4:14 pm

Re: Limit access VPN

Tue Jan 19, 2021 9:25 am

If these were a "site to site" VPN, you can then make use of firewall rules to only allow from certain IPs, but as this is typically used for people to work remotely, i.e. today from home, tomorrow from coffee shop, etc. it is difficult to limit who can connect from where, etc.

So best solution is to Use strong passwords
Yes I know this to limit by IP address, but your example with connection today, tomorrow from different location will be hard to limit by IP, but we can't secure by user ?
In my log on router I can see a lot connection who trying to connect at my VPN L2TP, but how I can reduce this trying ?
I create input chain input 17udp port 500 1701 4500 WAN interface with connection state established and new and what more need to do to secure L2TP ?
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Limit access VPN

Wed Jan 20, 2021 12:06 am

The steps you can take:
1. Drop L2TP that is not encrypted, explanation / sample config in wiki
2 use strong passwords
3 use RSA authentication

Who is online

Users browsing this forum: No registered users and 19 guests