[ross]

Hello DD-WRT board :)

I've just configured the inbuilt VPN server (micro v23 SP1) and it is working fine from within my Windows XP box. My next task is to restrict internet (WAN) access only to users who are authenticated via VPN.

Is this possible?

It would seem it can be done under OpenWRT. I looked at the following guide (http://p3f.gmxhome.de/OpenWRT/Configure-OpenVPN.html) but I dont think it quite matches up to a dd-wrt install.

Do we have the same vlan1 (wan), wlan (eth2), and lan (vlan2) configuration? I've done some reading on iptables and begun to work this out. I'm not planning on installing the OpenVPN software, just using the one that ships with DD-WRT.

Any help appreciated.

- Ross

[ross]

Just as a follow up post. I've worked out how to get this working!

Now, I'm not saying this is correct (or safe) so use these commands at your own risk...

(You must have the PPTP server enabled as per the wiki before doing this)

1) Open Administration -> Diagnostics

2) Paste the following commands:

iptables --flush
iptables -A FORWARD -i br0 -o eth1 -p TCP --source-port 1723 -j ACCEPT
iptables -A FORWARD -i br0 -j DROP

3) Press 'Save Firewall Settings' button.

4) Reboot router from Management tab.

Now you can only access the internet when authenticated via PPTP VPN.