This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pf & vpn

I've got users that connect from the remote locations using VPN L2TP.

How can I make setup that users(using their usernames) can connect to VPN but only from the remote locations which are in the specific IP ranges?

eg. So they cannot connect to VPN when they are abroad or on some other networks that I don't want they connect from.

Thanks!

This thread was automatically locked due to age.

0 BAlfson over 14 years ago

Interesting! I haven't tried it, but what about a "null-DNAT" approach? '{Group of allowed IPs} -> IPsec -> External (Address) : DNAT to External (Address) {'Destination service' left blank}' followed by 'Any -> IPsec -> External (Address) : DNAT to {non-existant IP}'.

Does that work? I think DNATs are considered before VPNs, but I'm not sure. At the very least, I'd think that that would prevent the establishment of the tunnel.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel