VPN whitelist with RT-AC3200?

[IT@K]

Is it possible to have a VPN whitelist based either on IP or MAC, or do I need to upgrade to something else?

 

[ColinTaylor]

What do you mean by "whitelist"? VPN server? VPN client? OpenVPN? PPTP? Source address? Destination address?

 

[kfp]

I’m guessing “selective routing”, and those that are not being routed through the VPN tunnel are on the “whitelist”.

 

[ColinTaylor]

Maybe.

 

[IT@K]

Sorry, that was unclear.

I’m looking for a way to allow only certain IP addresses in through the VPN (this being above and beyond dedicated vpn accounts).

 

[ColinTaylor]

PPTP, OpenVPN, IPSec?

 

[IT@K]

PPTP, OpenVPN, IPSec?

OpenVPN

 

[ColinTaylor]

There's not an easy way of doing it unfortunately. OpenVPN has no built-in method of blocking client IP addresses AFAIK. The most obvious place to do it would be on the firewall. But because of the way the router dynamically creates the firewall rules it's difficult to implement reliably.

There was a similar discussion here, but that was for a blacklist rather than a whitelist. I think the take-away from that thread was that instead of relying on IP addresses it would be much more preferable to use a password+certificate combination.

 

[IT@K]

There's not an easy way of doing it unfortunately. OpenVPN has no built-in method of blocking client IP addresses AFAIK. The most obvious place to do it would be on the firewall. But because of the way the router dynamically creates the firewall rules it's difficult to implement reliably.

There was a similar discussion here, but that was for a blacklist rather than a whitelist. I think the take-away from that thread was that instead of relying on IP addresses it would be much more preferable to use a password+certificate combination.

Thanks for the link. I just wanted to make sure I wasn't missing something obvious.