This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Isnt this dangerous?

I created a PPTP VPN which I want to use ONLY for an internal network (I have 3 networks - WAN, LanA, LanB - the VPN is for connectivity from LanA to LanB). I configured the VPN, it works, however I can also connect to this VPN via my WAN interface. Is this not a security hole? Anyone from the Internet can attempt a PPTP connection to my WAN interface. Should I not be able to say "this VPN can only connect from the internal network - NOT THE WAN".

Thanks

This thread was automatically locked due to age.

Parents

0 Cath over 18 years ago

You can try to limit any type of connection attempts by setting a DNAT rule to a non-existant address.

Example:
Create a network definition of Shangri-la
Host address of 1.2.3.4

Network>>NAT
Source: Any Destination: WAN(address) Service: PPTP
Change Destination: Shangri-la

Now any pptp traffic destined for the WAN address is sent to Shangri-la and no pptp connection.

In theory [;)]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Cath over 18 years ago

You can try to limit any type of connection attempts by setting a DNAT rule to a non-existant address.

Example:
Create a network definition of Shangri-la
Host address of 1.2.3.4

Network>>NAT
Source: Any Destination: WAN(address) Service: PPTP
Change Destination: Shangri-la

Now any pptp traffic destined for the WAN address is sent to Shangri-la and no pptp connection.

In theory [;)]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Scrif over 18 years ago in reply to Cath

Thanks for the replies. I guess I assumed that interface protection would be a little more granular. It seems a little risky to use VPN in this manner.
Cancel
Vote Up 0 Vote Down

Cancel