D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Kamil_wojtowicz on October 12, 2015, 06:53:27 AM

Title: DFL 800 VPN L2TP/IPsec deny access from Local Network
Post by: Kamil_wojtowicz on October 12, 2015, 06:53:27 AM

Hey,

First, sorry for my English.

I have got a problem in my area. I don't know how to configure Rules or Routing for Deny access for my local network I got DFL 800 with config L2TP over IPsec.

Local network 192.168.2.0/24
DFL 192.168.2.1
WAN like 1.1.1.1
L2TP Gateway 10.10.0.1
L2TP Network 10.10.0.2-100
Authentication use local DB with account.

DNS IP 192.168.2.181
WINS IP 192.168.2.181

1. I want set disable use default gateway on remote network on DFL, I don't want set on Windows VPN  interface setting.
2. How to set politics. When someone is connect to VPN i want  have available only 4 host in local network like 192.168.2.40-45.

Title: Re: DFL 800 VPN L2TP/IPsec deny access from Local Network
Post by: Rara Avis on October 12, 2015, 09:29:41 AM

Kamil,

Your client devices ultimately get to set their own routing tables, it is on your VPN client config that it is decided if they try to use the VPN for all outbound traffic.  That is not to say that you can't set policies denying that traffic on the DFL, just that the client determines where that traffic is routed in the first place.  On a related note, you may wish to reconsider your position on accepting their default route traffic, as compromised or malicious users are much easier to detect if you receive all of their data streams.

For either of your points (almost) no traffic moves through a DFL unless there are rules specifically permitting it.  Simply make sure your IP rules only permit that traffic you want from the VPN, and you can even write a specific rule denying traffic if that helps you sleep better.  Traffic arriving over a VPN absolutely must have a specific rule allowing it, and you have the privilege of writing those rules yourself.  The FAQs and docs have some rules and policies which are more general than you are looking for, but the necessary changes should be intuitive, replace lannet with your restricted range for example.

I hope all this helps.

Title: Re: DFL 800 VPN L2TP/IPsec deny access from Local Network
Post by: FurryNutz on December 08, 2015, 07:33:48 AM

Any status on this?  ???

Quote from: Kamil_wojtowicz on October 12, 2015, 06:53:27 AM

Hey,

First, sorry for my English.

I have got a problem in my area. I don't know how to configure Rules or Routing for Deny access for my local network I got DFL 800 with config L2TP over IPsec.

Local network 192.168.2.0/24
DFL 192.168.2.1
WAN like 1.1.1.1
L2TP Gateway 10.10.0.1
L2TP Network 10.10.0.2-100
Authentication use local DB with account.

DNS IP 192.168.2.181
WINS IP 192.168.2.181

1. I want set disable use default gateway on remote network on DFL, I don't want set on Windows VPN  interface setting.
2. How to set politics. When someone is connect to VPN i want  have available only 4 host in local network like 192.168.2.40-45.