Hi Joel
j knight <[EMAIL PROTECTED]> wrote: > > I have tried to change Network and Netmask in the [default-route] > > section from 0.0.0.0 to the network and netmask of one of the vlan > > subnetworks, but it does not help. I can still connect to the other > > subnet if I define them in the client. Anyone knows how I can restrict > > access to only one of the vlan subnets? > > I don't know why those changes aren't working, however, have you tried: > > - setting a policy via isakmpd.policy that restricts 'remote_filter' No. I will try that. > - blocking traffic using pf Yes, I have tried to filter on VPN client ip addresses on the enc0 interface. This works, but the problem is that not all users should be allowed to do the same things. Since the VPN client ip address can be chosen arbitrary on the VPN client, the user can chose an ip address that is allowed to do what he wants to do. Therefore it is not secured, the user has just to know which ip address has full access, and he can access all he wants on all vlans. Thanks, Daniel
