This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet filter by user group

Hi,

Just configured a PPTP VPN which authenticates in the back-end via Radius server. I want to configure a rule that only permits the (dynamic) Radius group called "PPTPUsers" access to one specific server. So, created a packet filter that has:

Source: PPTPUsers (user group network)
Service: Any
Destination: Server1
Action: Allow

However when the user PPTP's in, and they go to connect, its not matching the rule - the live log is showing it goes straight to default drop. As a test, I altered the source to be the "VPN Pool" and this works, however I want to control access by user group - is this possible?

Cheers

Unless I'm missing something, it seems this maybe a bug. I can get it working if the user is local and part of a local group, configuring the packet filter to allow the local group to the server works...

Any help would be appreciated?...

This thread was automatically locked due to age.

0 BAlfson over 15 years ago

Hi, Chimera, and welcome to Astaro!

I think this is the nature of L2TP and PPTP, at least, it is on the Astaro. When I first saw your other thread, I thought at the time that you might be better off with SSL remote access. If you have Win Server 2008, I suspect that you configured RADIUS on top of Active Directory. With SSL, you can authenticate directly with AD and you can get the granular control you want.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 chimera over 15 years ago

cheers bob, will give that a shot...

...mind you, doesn't explain why it does not work in the first place!
Cancel
Vote Up 0 Vote Down

Cancel