I would like to limit IP ranges within a single subnet that a VPN role can access. Is it possible?
The field's tip shows examples:
tcp://*:1-1024
tcp://*:80,443
udp://10.10.10.0/24:*
icmp://10.10.10.10/255.255.255.255
10.10.10.0/24
However, I would be interested in something like tcp://10.10.10.50-99:*
When I put it in the field, it auto-updates it to tcp://10.10.10.50-10.10.10.99:*, as if it recognizes and supports the method. It also doesn't whine about that entry, unlike when a faulty entry is made (i.e. impossible IP address, missing protocol, etc).
When I test the VPN connection, it doesn't even want to connect at all. Removing that line establishes the connection instantly.
This is further odd (at least to me) because port ranges work fine; just IP ranges are breaking the policy.
The long-term solution would certainly be to segment...