How to prevent all VPN clients from accessing each other (isolate)?

D

Denis2021-10-18 17:52:02

Computer networks

Denis, 2021-10-18 17:52:02

Hello. Please tell me what rules in the firewall on the server should be registered in order to prohibit all VPN clients from accessing each other .
VPN type: SSTP
VPN network 172.16.16.0/24
If you have a client address and a login with a password, any of this network can go to another client Mikrotik.
It is desirable to make sure that the Internet does not fall off at the same time.
The server itself is in the cloud (CHR)
Addresses are assigned from a pool, or manually in secrets.
UPD. Thanks for the correction, I thought the local network and access to each other is the same thing. But in fact, it is necessary to isolate clients from each other, as I understand it

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Denis, 2021-10-18
@hanigun

Correctly formulated the question and found the answer. It worked. Nothing even fell off :)
Source: https://qna.habr.com/q/966407

/ip route rule
add action=unreachable comment="Block VPN Client-to-Client access" dst-address=192.168.100.0/24 src-address=192.168.100.0/24

Obviously changed the addresses to their own.

C

CityCat4, 2021-10-18
@CityCat4

You need to start with what type of VPN and how addresses are assigned to its clients. In Mikrotik, a hundred thousand different VPNs are supported, if so.