VPN100 - Allow incoming L2TP VPN based on hostname

Options
ItsMe
ItsMe Posts: 4
First Anniversary
edited July 2022 in Security
Hi,

I'm looking for a way to allow/disallow incoming L2TP VPN connections based on the hostname of the connecting computer.
Would that somehow be possible?

Thanks!

All Replies

  • PeterUK
    PeterUK Posts: 3,861  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I don't think so....

    A way I allow L2TP VPN is by FQDN like UserallowVPN.no-ip.org and the client runs DDNS the firewall only allow the matching IP of the DDNS.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 958  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @ItsMe,
    As PeterUK said. Using DDNS to restrict source addresses.
    It is hard to implement hostname restrictions.
    Kevin
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So maybe create an ACL for L2TP based on MAC addresses then?
    Would that be possible?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 958  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @ItsMe,
    We don't support L2TP based on MAC address. We will continue to improve this. 
    Thank you
    Kevin

  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So what mechanism do you have to allow or disallow L2TP VPN for specific devices?
  • mMontana
    mMontana Posts: 1,428  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers 1000 Comments
    Firewall rules. AKA Security policies, but it chews only ip addresses and not hostnames.
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So there's no way to control which device can or cannot connect over L2TP.
    That's rather disappointing...

    Thanks for the info anyways.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)