0

I have configured a Windows Server with a public IP address and set up Routing and Remote Access. After configuring Routing and Remote Access, I selected custom settings and enabled NAT and VPN. I then set up a custom IPsec policy for L2TP/IKEv2 connections with a preshared key and defined a static address pool (40.30.0.1 - 40.30.0.6).

With this configuration, I can connect easily to my VPN from any network. However, I noticed that my public IP address is still pingable even when I'm not connected to the VPN. I want to restrict access to ping my public IP address only when the VPN connection is active.

How can I configure my Windows Server so that my public IP address is only pingable when the VPN connection is established? Are there specific firewall rules or settings within Routing and Remote Access that I need to adjust?

Harsh
  • 1

1 Answers1

0

Here is a PowerShell script which you could put in the task scheduler and let it run every 5 minutes or so. It checks if a VPN is active then creates two firewall rules to allow ping

# Check if a VPN connection is active
$vpnActive = (Get-VpnConnection -AllUserConnection).Where({ $_.ConnectionStatus -eq 'Connected' })

if ($vpnActive) {
    Write-Host "VPN connection is active. Creating firewall rule to allow ping."


# Create a new inbound firewall rule to allow ICMP (ping) traffic
New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Direction Inbound -Protocol ICMPv4 -Action Allow
New-NetFirewallRule -DisplayName "Allow ICMPv6-In" -Direction Inbound -Protocol ICMPv6 -Action Allow

Write-Host "Firewall rule to allow ping created successfully."



} else {
    Write-Host "No VPN connection active. Deleting firewall rule to allow ping."


# Delete the existing firewall rules to allow ICMP (ping) traffic
Get-NetFirewallRule -DisplayName "Allow ICMPv4-In" | Remove-NetFirewallRule
Get-NetFirewallRule -DisplayName "Allow ICMPv6-In" | Remove-NetFirewallRule

Write-Host "Firewall rule to allow ping deleted successfully."



}
Turdie
  • 2,945