VPN100 - Allow incoming L2TP VPN based on hostname

ItsMe
ItsMe Posts: 4
First Anniversary
edited July 2022 in Security
Hi,

I'm looking for a way to allow/disallow incoming L2TP VPN connections based on the hostname of the connecting computer.
Would that somehow be possible?

Thanks!

All Replies

  • PeterUK
    PeterUK Posts: 3,262  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I don't think so....

    A way I allow L2TP VPN is by FQDN like UserallowVPN.no-ip.org and the client runs DDNS the firewall only allow the matching IP of the DDNS.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 871  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @ItsMe,
    As PeterUK said. Using DDNS to restrict source addresses.
    It is hard to implement hostname restrictions.
    Kevin
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So maybe create an ACL for L2TP based on MAC addresses then?
    Would that be possible?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 871  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @ItsMe,
    We don't support L2TP based on MAC address. We will continue to improve this. 
    Thank you
    Kevin

  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So what mechanism do you have to allow or disallow L2TP VPN for specific devices?
  • mMontana
    mMontana Posts: 1,371  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Firewall rules. AKA Security policies, but it chews only ip addresses and not hostnames.
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So there's no way to control which device can or cannot connect over L2TP.
    That's rather disappointing...

    Thanks for the info anyways.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)