I need to block unauthorized IPs or MAC Address to connect to the Client VPN but i cant find where to configure this, maybe someone know how to do it?
My first thought is to create a Layer 3 Firewall rule on the MX that you are using as your Client VPN Hub. Create a rule to deny access to the IP addresses you wish to block.
It is worth a try.
You can not block client VPN connections by IP address.
Actually you could probably do it using RADIUS, but it would be a complicated RADIUS setup. The RADIUS server would have to match the client IP address and permit/deny based on that.
thanks for the response but i guess i have to rephrase the question, for example:
my user one first conect from 188.8.131.52 to the public IP of my meraki, if he tries to connect from a different IP he can't be able to connect unless we add the new IP to a filter.
It is a bit odd to block Client VPN connections by IP, can you explain the reason?
We need to allow the connections only from their home ip address, because our boss dont want them to use the VPN connection from other un-know locations
I would say try RADIUS or implement hardware in place like Z3 or MR33 that can implement VPN to the main office. The other issue you will run into with locking down to single IP with home users is their public IP changing, it usually becomes a bigger headache than its worth depending on the amount of users.
If it's anything like my ISP (Virgin Media), they'll change your public IP address pretty regularly unless you pay for a static IP. So for home addresses, this will never likely be a good solution.
Also, if a user's home internet connection goes down and they wish to use their smartphone's 4G connection to VPN in, you'd prevent that also.