Opening/closing VPN ports on a per WAN basis


#1

Hi Team,
We have a request to address the way the firmware handles opening ports on WAN connections. Our understanding is that currently for VPN configurations, needed ports are opened on all WANs and then rejects traffic on unselected interfaces. The request is to only open the needed ports on the selected interfaces.
So if we want to open WAN 2 for L2TP users, UDP ports 500, 4500, and 1701 would only be open on WAN 2 and not on WAN 1.

Thanks,
-Topher


#2

Can you elaborate more on your request? Are you looking a way to allow VPN service (e.g. L2TP/IPSec) from WAN to LAN (there is a L2TP/IPSec server on LAN side of Peplink router) on particular WAN interface?


#3

Hi TK,
The post here:Close ports 32015/500 for PCI compliance is also in regard to this particular issue and deployment.
As an example:
A Balance 380 has 3 WAN connections
L2TP connections are required, but we only want to open up the required ports on WAN 2 leaving the ports closed on WAN1 and WAN 3. Right now, by allowing L2TP connections, the required ports remain open on all WAN connections regardless of whether or not the WAN connections are selected to allow L2TP connections in the configuration. I hope this helps explain things.

-Topher


#4

Thanks for the explanation. I will relay this to the engineering team.