SoftEther VPN User Forum

Hi,
I want to limit the internal network IP each user can see.
For example, i want the user can see only the PC with IP 192.168.1.30

I have tried with the access list, but i dont have found a solution.
In this forum I have read this:
"There is priority in the access list.

You may want to use the following priority.
1. Allow access to specific local IP
2. Allow return packets
3. Deny access to all local IP
4. Allow access to all IP"



[attachment=0]fig4.jpg[/attachment]
[attachment=1]fig3.jpg[/attachment]
[attachment=2]fig2.jpg[/attachment]

The priority just mean the order in which those rules are probed. (smaller priority will be tested first)

If you want to disable access to all PCs in 192.168.30.1/24 except the the .1 PC, then allow destination 192.168.1.30 (Priorty 1) as you did, then deny 192.168.1.30/24 (Priority 100 or so)

All traffic destined to 192.168.1.30 will get accepted, all traffic destined to other 192.168.1.30/24 will be denied
Btw 192.168.1.30/24 means the net mask is 255.255.255.0

Cheers

Thanks,
i have tried but don't work again.

step 1
allow destination IP 192.168.1.30 / 255.255.255.255 priority 1 source name "utente 1"

step2
deny destination IP 192.168.1.30 / 255.255.255.0 priority 100 source name "utente 1"

step 3
allow all source addresses and all destination addresses destination name "utente1"

I have modify only the access list. nothing else.
where is my error? thanks

Step3 is not needed.

Sorry, I made a mistake in my last answer. I meant deny all traffic to the rest of 192.168.1.1/24, precisely the rule should look like:

deny destination IP 192.168.1.1 / 255.255.255.0 priority 100 source name "utente 1"

After applying this rule. Do you see undesired behaviour? if yes which IPs can you still access while you shouldn't?

I think the error is caused by dropping DHCP request.
Please try to allow DHCP packet.