Community discussions

MikroTik App
 
User avatar
edurosso
just joined
Topic Author
Posts: 6
Joined: Tue Sep 24, 2019 3:25 am
Location: Santa Maria - RS - Brasil

Restrict VPN based on MAC Address or other criteria

Tue Mar 28, 2023 1:58 pm

Hi all,

Currently, our L2TP/PPTP servers authentication is purely based on username and password for each user (Secrets).
Our problem is that these users have a basic understanding, and they frequently configure their VPN connection on their personal computers as well. The objective is to restrict this behavior, allowing only the company devices to connect to VPN.
On first tought, I came up with MAC address validation, but the L2TP/PPTP server does not send this attribute to RADIUS servers.

Do you know some other approach we can use to achieve this goal? It must be a way to deny personal computers to ingress the company network.

Another problem is that the "IT guy" of the company knows the password of each user, because it is him that configures the VPN connection on each company computer. Is there a way to use MFA?

Who is online

Users browsing this forum: ItchyAnkle, kazza, RobertsN, Soleous75 and 70 guests