PPTP VPN problem


#1

When I tryed to negotiate the VPN I received a generic error in the Windows. I create the L3 rule permit all to dest with protocol GRE and was registred many hit 's on this rules but VPN not negociate, I believe of maybe occurs the problem with sphirewall_queue module. If I test with iptables on the same machine(stoping sphirewall) works just loading ip_nat_pptp module.


#2

To my knowledge this will be due to sphirewall not being able to pass GRE traffic at present.

@mshindo Will be able to explain better or possibly provide a solution for you.


#3

Thank you Chris.
I’m wainting @mshindo.


#4

Hello,
Is there resources to bypass the GRE traffic via IPROUTE2/Static Route or other?
I’m still @mshindo but I need to solve it even if it is temporary form at the moment.


#5

Is there some new? If any form the sphirewall team solve that (creating bypass rule, to not filter GRE, some route by protocol).
This problem there are general impact for any user. thats right?
Thankyou.


#6

It is only when our device is natting traffic that you will experience issues.
Support for GRE with NAT will not be added as PPTP VPNs are considered to be insecure these days and it is recommended that you replace your PPTP VPN with an OpenSSL VPN or L2TP/IPSec VPN.

Cheers,
Chris


#7

Hello Chirs, Thank you for your answer again.
Let me try to explain, This PPTP VPN Server(I believe is centos linux) is instaled in my customer.I need to access using this access, and support them. In this case there are the simple mascarade on my sphirewall.
right?

Thank you


#8

I’m not entirely sure what you mean sorry.

If you have masquerading enabled on your device are routing traffic through the device then your traffic will be NATed. This will mean that your PPTP VPN will not be able to send or receive traffic through our appliance.

If you are using the device in a bridge mode and are not routing traffic then you should have no issue with your PPTP VPN working as the device is not performing NAT on this traffic.

Cheers,
Chris


#9

Hi Chris
Thanks for replying again, I’m wait for reply from @mshindo by e-mail.