I've just switched from firestarter to ufw with the gufw gui, and on the whole I'm impressed. However, so far I haven't found a way to allow pptp vpn traffic on the gre protocol p -47, just standard tcp and udp stuff. Anybody have any ideas?
Dark Roasted Ubuntu
I've just switched from firestarter to ufw with the gufw gui, and on the whole I'm impressed. However, so far I haven't found a way to allow pptp vpn traffic on the gre protocol p -47, just standard tcp and udp stuff. Anybody have any ideas?
Dark Roasted Ubuntu
OK, after a little reasearch I've found that I need to add iptables commands into the before ufw scripts, although there's suprisingly little documentation about this. The iptables commands I need to add are:
iptables -I INPUT -p 47 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -I OUTPUT -p tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
or even this one:
# iptables -A INPUT -p 47 -j ACCEPT
# iptables -A OUTPUT -p 47 -j ACCEPT
# iptables -A INPUT -p TCP -s 0.0.0.0/0 --source-port 1723 -j ACCEPT
# iptables -A OUTPUT -p TCP -d 0.0.0.0/0 --destination-port 1723 -j ACCEPT
I would appreciate it if some ufw guru out there could convert these commands into ufw syntax so that I can use them. Many thanks in advance.
Last edited by Steve1961; April 5th, 2009 at 04:08 PM.
First Cup of Ubuntu
Thank you for idea, your rules works successfully in such form:
-A ufw-before-input -p 47 -j ACCEPT
-A ufw-before-output -p 47 -j ACCEPT
-A ufw-before-input -p tcp -s 0.0.0.0/0 --sport 1723 -j ACCEPT
-A ufw-before-output -p tcp -d 0.0.0.0/0 --dport 1723 -j ACCEPT
(tested on Ubuntu 9.10 with ufw + corbina pptp + network-manager)
Last edited by Dennis-K; December 26th, 2009 at 05:27 AM.
Dark Roasted Ubuntu
Thanks for the feedback. Actually when onnecting to my work VPN i found that a pptp connection works without any rules - presumably because its stateful
Tea Glorious Tea!
Actually putting thisinto /etc/ufw/before.rules is enough. TCP port 1723 can be added in the GUI. I'm also seeing some blocking of TCP and UDP port 36224, not sure what that's about.Code:-A ufw-before-input -p 47 -j ACCEPT -A ufw-before-output -p 47 -j ACCEPT
First Cup of Ubuntu
I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?
Skinny Soy Caramel Ubuntu
I have an ASUS N61JV-X2 notebook PC with Crucial 8 GB dual-channel 1,066 MHz SODIMM SDRAM and an Intel 2nd Generation 2.5" MLC NAND FLASH X25-M 160 GB Solid State Drive running Ubuntu 12.04 64 bit Long Term Support. I subscribe to WiTopia personal VPN basic for now. I followed the WiTopia guide to setting up PPTP, but it does not work with GUFW. I made an exception rule for outgoing traffic over port 1723 over TCP protocol and I added the rule for IP 47 (GRE) to both iptables and /etc/ufw/before.rules, but I still can not connect via PPTP protocol when GUFW is denying outgoing traffic. I also made an exception rule for ports 80, 443, 8080, and 53 over TCP and UDP protocols respectively.
How do I get this to work with GUFW?
I will open up a support ticket with WiTopia soon.
Super Master Roaster
Posting Permissions
Adv Reply
Bookmarks