That's nice, but that is not what I want. Instead I want to limit access through the VPN to only one IP:port inside the LAN (192.168.2.20:80).
Code: Select all
/ip ipsec policy add src-address=192.168.2.0/24 dst-address=10.42.1.43/32 sa-dst-address=88.116.xx.xx sa-src-address=88.117.xx.xx tunnel=yes
I have a second requirement to the solution: I also want to be able to change that IP-address (192.168.2.20) the remote client has access to, without "the client side knowing" or the need to make changes on the client side, to eg 192.168.2.21.
How can I achieve that? Being a novice I figure a solution could be to define a non-existant IP-(range) (like 192.168.33.1/32) in the ipsec policy, and then have a (NAT)-rule that would make sure that VPN traffic coming from 192.168.33.1 is forwarded to 192.168.2.20 (or any other address I might change it to in the future) - only for port 80.