VPN100 - Allow incoming L2TP VPN based on hostname

ItsMe
ItsMe Posts: 4
First Anniversary
edited July 2022 in Security
Hi,

I'm looking for a way to allow/disallow incoming L2TP VPN connections based on the hostname of the connecting computer.
Would that somehow be possible?

Thanks!

All Replies

  • PeterUK
    PeterUK Posts: 1,569
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    I don't think so....

    A way I allow L2TP VPN is by FQDN like UserallowVPN.no-ip.org and the client runs DDNS the firewall only allow the matching IP of the DDNS.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 295
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 25 Answers First Comment
     Master Member
    Hi @ItsMe,
    As PeterUK said. Using DDNS to restrict source addresses.
    It is hard to implement hostname restrictions.
    Kevin
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So maybe create an ACL for L2TP based on MAC addresses then?
    Would that be possible?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 295
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 25 Answers First Comment
     Master Member
    Hi @ItsMe,
    We don't support L2TP based on MAC address. We will continue to improve this. 
    Thank you
    Kevin

  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So what mechanism do you have to allow or disallow L2TP VPN for specific devices?
  • mMontana
    mMontana Posts: 1,071
    1000 Comments 25 Answers Friend Collector Third Anniversary
     Guru Member
    Firewall rules. AKA Security policies, but it chews only ip addresses and not hostnames.
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So there's no way to control which device can or cannot connect over L2TP.
    That's rather disappointing...

    Thanks for the info anyways.

Security Highlight