Restrict VPN user to access one network device (Draytek)

Needed a remote user to be able to access a server (with admin rights) but nothing else on the LAN. Without getting into detail, the option for using VLANs (tagged or otherwise) wasn’t available, so needed a simple solution. Using the existing Draytek router I created a ‘remote dial-in user’ account and gave the connection a specific internal IP address. Then in the firewall rules on the router I configured two entries on it so that this specific address could only access the one internal address, all others were blocked as per this Draytek KB article.

0

0