VPN100 - Allow incoming L2TP VPN based on hostname

ItsMe
ItsMe Posts: 4
First Anniversary
edited July 2022 in Security
Hi,

I'm looking for a way to allow/disallow incoming L2TP VPN connections based on the hostname of the connecting computer.
Would that somehow be possible?

Thanks!

All Replies

  • PeterUK
    PeterUK Posts: 2,653  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    I don't think so....

    A way I allow L2TP VPN is by FQDN like UserallowVPN.no-ip.org and the client runs DDNS the firewall only allow the matching IP of the DDNS.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @ItsMe,
    As PeterUK said. Using DDNS to restrict source addresses.
    It is hard to implement hostname restrictions.
    Kevin
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So maybe create an ACL for L2TP based on MAC addresses then?
    Would that be possible?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @ItsMe,
    We don't support L2TP based on MAC address. We will continue to improve this. 
    Thank you
    Kevin

  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So what mechanism do you have to allow or disallow L2TP VPN for specific devices?
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Firewall rules. AKA Security policies, but it chews only ip addresses and not hostnames.
  • ItsMe
    ItsMe Posts: 4
    First Anniversary
    So there's no way to control which device can or cannot connect over L2TP.
    That's rather disappointing...

    Thanks for the info anyways.

Security Highlight