DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
VPN and Vlan
- lectrician
- Topic Author
- Offline
- Member
-
15 Jun 2010 12:03 #7
by lectrician
Replied by lectrician on topic VPN and Vlan
I am still trying to grasp it all.
I would probably be better to strict bind the IP/MACS to prevent lodger changing his computer, using another, or forcing the IP on his machine.
If I do this though, if any of my family or friends want access to the wireless, I would have to strict bind them each time.
This is not ideal
I cant see a way that I can easily prevent all VPN access from the LAN port.
Is it maybe better to implement a firewall rule at my office remote end to only allow my single strict bound PC access to that network?
Also, I have just realised that although the VLan will work to seperate the LAN ports, it will not seperate the LAN ports from the wireless? This means my lodger could access my wirelessly connected devices.....
When I say lodger, it is it's own self contained flat with a single network port.
Thanks for your time and input - it is hugely appreciated!
I would probably be better to strict bind the IP/MACS to prevent lodger changing his computer, using another, or forcing the IP on his machine.
If I do this though, if any of my family or friends want access to the wireless, I would have to strict bind them each time.
This is not ideal
I cant see a way that I can easily prevent all VPN access from the LAN port.
Is it maybe better to implement a firewall rule at my office remote end to only allow my single strict bound PC access to that network?
Also, I have just realised that although the VLan will work to seperate the LAN ports, it will not seperate the LAN ports from the wireless? This means my lodger could access my wirelessly connected devices.....
When I say lodger, it is it's own self contained flat with a single network port.
Thanks for your time and input - it is hugely appreciated!
Please Log in or Create an account to join the conversation.
- lectrician
- Topic Author
- Offline
- Member
-
15 Jun 2010 15:20 #8
by lectrician
Replied by lectrician on topic VPN and Vlan
OK - This is what I have done, and it seems to work I THINK!
I have not done anything to the 'home' router other than set the VLAN (although still not sure what to do with the VLAN vers Wireless).
At the office router I have set the following to rules -
This one BLOCKS all VPN packets from the home IP range 192.168.4.1 - 192.168.4.255 completely.
I then have this rule to PASS traffic over the VPN from only two IP addresses (192.168.4.1 which is the router, and 192.168.4.2 which is the IP of the only machine I want to access the office network, this IP is bound to the mac).
I assume I am correct that 192.168.4.3 with a subnet mask of 255.255.255.252 will relate to 192.168.4.1 - 192.168.4.2.
Anything from 192.168.4.3 upwards should be blocked?
I have not done anything to the 'home' router other than set the VLAN (although still not sure what to do with the VLAN vers Wireless).
At the office router I have set the following to rules -
This one BLOCKS all VPN packets from the home IP range 192.168.4.1 - 192.168.4.255 completely.
I then have this rule to PASS traffic over the VPN from only two IP addresses (192.168.4.1 which is the router, and 192.168.4.2 which is the IP of the only machine I want to access the office network, this IP is bound to the mac).
I assume I am correct that 192.168.4.3 with a subnet mask of 255.255.255.252 will relate to 192.168.4.1 - 192.168.4.2.
Anything from 192.168.4.3 upwards should be blocked?
Please Log in or Create an account to join the conversation.
- voodle
- Offline
- Big Contributor
-
16 Jun 2010 21:37 #9
by voodle
Replied by voodle on topic VPN and Vlan
Yeah that looks like it should be working 
A /30 subnet will only include 0 - 3, I'm not sure how subnetting on the firewall will work since there's no broadcast or network addresses to worry about, so 0 and 3 may still be able to access it but it will definitely allow 1-2.
A /30 subnet will only include 0 - 3, I'm not sure how subnetting on the firewall will work since there's no broadcast or network addresses to worry about, so 0 and 3 may still be able to access it but it will definitely allow 1-2.
Please Log in or Create an account to join the conversation.
- lectrician
- Topic Author
- Offline
- Member
-