Are you saying that you want PPTP connections to come in only via one WAN connection, or that you have multiple internal connections and you want only one internal subnet to be accessed?
I attempt to allow PPTP only at an interface connected to an internal subnet. The other interface connected to WAN should be reached only via L2TP-IPSec.
It is possible to specify an interface for IPSec-connections, but I didn't find any way to interdict PPTP on WAN interface. I tried to set a rule that do this at the WAN interface. It didn't work.
PPTP is not secure, so I would just eliminate its use. In any case, I think it is bound to the external interface with the default gateway, and that that cannot be changed.
If you are trying to allow VPN access from a DMZ, then maybe we should ask you to describe the problem you are trying to solve.
PPTP connections should only be capable at the interface connected to the office working network, for internal use only. From WAN / Internet only L2TP connections should be allowed.
I think I have to heed your advice and eliminate PPTP generally.
PPTP connections should only be capable at the interface connected to the office working network, for internal use only. From WAN / Internet only L2TP connections should be allowed.
I think I have to heed your advice and eliminate PPTP generally.
