Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Isnt this dangerous?

Scrif
I created a PPTP VPN which I want to use ONLY for an internal network (I have 3 networks - WAN, LanA, LanB - the VPN is for connectivity from LanA to LanB). I configured the VPN, it works, however I can also connect to this VPN via my WAN interface. Is this not a security hole? Anyone from the Internet can attempt a PPTP connection to my WAN interface. Should I not be able to say "this VPN can only connect from the internal network - NOT THE WAN".

Thanks


This thread was automatically locked due to age.
  • 0
    Hmm, I don't know of any way to do what you are asking. It seems that it should be easy to restrict access to PPTP connections to only specified NICs or networks, but there isn't a way to do it now.

    Anyone know a workaround? Perhaps in the meantime open a trouble ticket.
  • 0
    You can try to limit any type of connection attempts by setting a DNAT rule to a non-existant address.

    Example:
    Create a network definition of Shangri-la
    Host address of 1.2.3.4

    Network>>NAT
    Source: Any  Destination: WAN(address)  Service: PPTP
    Change Destination: Shangri-la

    Now any pptp traffic destined for the WAN address is sent to Shangri-la and no pptp connection.

    In theory [;)]
  • 0 in reply to Cath
    Thanks for the replies. I guess I assumed that interface protection would be a little more granular. It seems a little risky to use VPN in this manner.
Cookie Information Banner