• April 22, 2024, 11:41:00 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL 800 VPN L2TP/IPsec deny access from Local Network  (Read 3050 times)

Kamil_wojtowicz

  • Level 1 Member
  • *
  • Posts: 1
DFL 800 VPN L2TP/IPsec deny access from Local Network
« on: October 12, 2015, 06:53:27 AM »
Hey,

First, sorry for my English.

I have got a problem in my area. I don't know how to configure Rules or Routing for Deny access for my local network I got DFL 800 with config L2TP over IPsec.

Local network 192.168.2.0/24
DFL 192.168.2.1
WAN like 1.1.1.1
L2TP Gateway 10.10.0.1
L2TP Network 10.10.0.2-100
Authentication use local DB with account.

DNS IP 192.168.2.181
WINS IP 192.168.2.181

1. I want set disable use default gateway on remote network on DFL, I don't want set on Windows VPN  interface setting.
2. How to set politics. When someone is connect to VPN i want  have available only 4 host in local network like 192.168.2.40-45.
Logged

Rara Avis

  • Imperator
  • Level 2 Member
  • **
  • Posts: 76
Re: DFL 800 VPN L2TP/IPsec deny access from Local Network
« Reply #1 on: October 12, 2015, 09:29:41 AM »
Kamil,

Your client devices ultimately get to set their own routing tables, it is on your VPN client config that it is decided if they try to use the VPN for all outbound traffic.  That is not to say that you can't set policies denying that traffic on the DFL, just that the client determines where that traffic is routed in the first place.  On a related note, you may wish to reconsider your position on accepting their default route traffic, as compromised or malicious users are much easier to detect if you receive all of their data streams.

For either of your points (almost) no traffic moves through a DFL unless there are rules specifically permitting it.  Simply make sure your IP rules only permit that traffic you want from the VPN, and you can even write a specific rule denying traffic if that helps you sleep better.  Traffic arriving over a VPN absolutely must have a specific rule allowing it, and you have the privilege of writing those rules yourself.  The FAQs and docs have some rules and policies which are more general than you are looking for, but the necessary changes should be intuitive, replace lannet with your restricted range for example.

I hope all this helps.
Logged
Nullum magnum ingenium sine mixtura dementiae fuit. - Seneca
There has never been a great genius without a element of madness.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DFL 800 VPN L2TP/IPsec deny access from Local Network
« Reply #2 on: December 08, 2015, 07:33:48 AM »
Any status on this?  ???

Quote from: Kamil_wojtowicz on October 12, 2015, 06:53:27 AM
Hey,

First, sorry for my English.

I have got a problem in my area. I don't know how to configure Rules or Routing for Deny access for my local network I got DFL 800 with config L2TP over IPsec.

Local network 192.168.2.0/24
DFL 192.168.2.1
WAN like 1.1.1.1
L2TP Gateway 10.10.0.1
L2TP Network 10.10.0.2-100
Authentication use local DB with account.

DNS IP 192.168.2.181
WINS IP 192.168.2.181

1. I want set disable use default gateway on remote network on DFL, I don't want set on Windows VPN  interface setting.
2. How to set politics. When someone is connect to VPN i want  have available only 4 host in local network like 192.168.2.40-45.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.