[PVE-User] pve-firewall and pptp
Pavel Kolchanov
pavel.kolchanov at gmail.com
Thu Mar 2 22:15:13 CET 2017
Hello.
I have enabled GRE and PPtP macro in firewall:
cat /etc/pve/firewall/cluster.fw
[OPTIONS]
policy_in: REJECT
enable: 1
[RULES]
GROUP vpn
GROUP basic-node
[group basic-node]
IN Ping(ACCEPT)
IN ACCEPT -p tcp -dport 8006 # Proxmox Web Interface
IN ACCEPT -p tcp -dport 22444 # SSH
[group vpn]
OUT GRE(ACCEPT)
IN GRE(ACCEPT)
IN PPtP(ACCEPT)
But still cannot connect to pptpd until executed following commands:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
Without these commands syslog tells:
Mar 2 23:44:56 proxmox pppd[7824]: pppd 2.4.6 started by root, uid 0
Mar 2 23:44:56 proxmox pppd[7824]: using channel 16
Mar 2 23:44:56 proxmox pppd[7824]: Using interface ppp0
Mar 2 23:44:56 proxmox pppd[7824]: Connect: ppp0 <--> /dev/pts/1
Mar 2 23:44:56 proxmox pppd[7824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5aac399d> <pcomp> <accomp>]
Mar 2 23:44:56 proxmox pptpd[7810]: GRE: xmit failed from decaps_hdlc: Operation not permitted
Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: Reaping child PPP[7824]
Mar 2 23:44:56 proxmox pppd[7824]: Modem hangup
Mar 2 23:44:56 proxmox pppd[7824]: Connection terminated.
Can be PPTP properly configured via pve-firewall?
Or those rules makes sense only for VM's, not nodes/cluster?
--
Pavel Kolchanov <pavel.kolchanov at gmail.com>
More information about the pve-user
mailing list