Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


PPTP VPN and firewall config problems
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

PPTP VPN and firewall config problems

DeorDeor Member
edited June 2012 in General

I want to use PPTP rather than OpenVPN as I can use it directly from my phone or windows without any extra installs.

I've been using this script for awhile to install and configure PPTPd and it works fine: http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/

Fine that is until I want to firewall my server with iptables. I use Firehol to configure iptables as its a lot easier for a noob like me.

I have tested my config of everything by stopping firehol, which purges everything, and then doing

iptables -t nat -A POSTROUTING -j SNAT --to-source 11.22.33.44

And everything works, VPN connects and i can browse the net etc with the IP address of my VPS, so I'm happy that the PPTPd config etc is right.

If i then start firehol, it stops working. I can still connect to the VPN and access the server, but browsing just times out. Firehol allows you to pass iptables commands so that's what I've done to set up the SNAT command above.

Firehol config: http://pastebin.com/re4MCchD
Iptables output with firehol stopped and VPN working: http://pastebin.com/W6mr22VP
Iptables output with firehol enabled and VPN connected but not allowing browsing: http://pastebin.com/6HaY4SpZ

Server is Debian 6 btw and i have changed my servers Ip to 11.22.33.44 in the various pastes :)

Really would appreciate some input from you guys.

Comments

  • Take a look at http://docs.cslabs.clarkson.edu/wiki/Install_PPTP_on_CentOS_5

    using venet0 as the device instead of eth

  • DeorDeor Member

    Link doesn't seem to work from here Daniel.

  • use google cache.

  • I know this probably isn't something you'd like, but take a look at this:
    http://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html

    If you'd like to use it on your phone (assuming its an iPhone or an Android phone) you can use L2TP. Now if you're really focused on PPTP (nothing wrong with that, I guess its preference) then take a look at what everyone else is bringing to the table.

  • BluBoyBluBoy Member

    Well, with a million new Linux guides published and to save me from opening a new thread... Does anyone know of any good guides for running a VPN on FreeBSD.

    Must have native Win 7, Android and IOS support and be more secure than PPTP (bonus points if can run PPTP also).

  • HalfEatenPieHalfEatenPie Veteran
    edited June 2012

    @BluBoy google L2TP and look up tutorials on setting it up. From the article I linked I'd say L2TP is what you want (I have OpenVPN set-up so I can't help you there on the how-to do it part)

    Thanked by 1BluBoy
  • DeorDeor Member

    Thanks for the input all. I've looked through the other 2 tutorials but not found anything that helps as yet. My iptables knowledge just isnt good enough to work out what firehol is adding that stops it working.

    Thanks for that list @HalfEatenPie, interesting stuff. I think I'll look into setting up L2TP and see if I can get that to play nice with my firewall.

  • Good luck @Deor, let me know how L2TP turns out. If I need a VPN for my iPhone and my android devices that's what I'm planning on setting up on my own box.

  • klikliklikli Member

    I noticed there's a nice tutorial here.

  • netomxnetomx Moderator, Veteran

    I have never made L2TP work with Windows :(

  • DeorDeor Member

    @netomx said: I have never made L2TP work with Windows :(

    Thats great then :/

    I've also noticed various comments about L2TP not working on OpenVZ. You wouldnt think it would be so hard to make this stuff work would you.

  • netomxnetomx Moderator, Veteran

    @Deor said: ou wouldnt think it would be so hard to make this stuff work would you.

    I know it doesnt work on OpenVZ. I tried it on a Xen.

  • Yea, L2TP on OpenVZ is exceedingly difficult if not impossible. I only know of 1 maybe 2 people on our stuff that has actually gotten it to work as anticipated. Rest of them migrate over to Xen.

  • DeorDeor Member

    Well that's the end of that then! Guess i'll have to start learning iptables properly so i can make pptpd work with my other rules.

    Oh and i just tried UFW as well and that doest let pptpd work properly either :/

  • Bummer. I guess I didn't really research that too thoroughly =/ sorry dude.

    Anyone know if it works on a KVM?

  • It should work fine in KVM to my knowledge.

  • klikliklikli Member

    I think with racoon L2TP would work on an OpenVZ, but not definitely sure with that since I don't even got racoon+L2TP working with Mac/iOS on my KVM box!

    Thanked by 1netomx
Sign In or Register to comment.