Community discussions

 
matzero
just joined
Topic Author
Posts: 1
Joined: Mon Apr 23, 2018 10:15 pm

Limit WAN Winbox access to OpenVPN connected user

Fri Jun 14, 2019 3:51 pm

Hi

I'd like to limit access to Winbox port of my MikroTik only to:

1. LAN - no limits in Winbox port access
2. WAN - allow only to user connected using OpenVPN

I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN

How can I add rule to match traffic generated by OpenVPN clients and allow only them to access Winbox?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1506
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Limit WAN Winbox access to OpenVPN connected user

Fri Jun 14, 2019 6:13 pm

I tried by using src ip range to limit access only to IP range assigned by OpenVPN but apparently firewall checks "real" user's IP (it's dynamic) not IP assigned by OpenVPN
that's the way to go. clients need to use the openvpn ip to connect with Winbox. And then their source ip will be automatically the vpn ip.
Default route at clients is probably not over the vpn, which selects non-vpn ip as source...

Who is online

Users browsing this forum: No registered users and 11 guests