PPTP VPN iptables firewall issues csf [closed]
Solution 1:
You don't really seem to have the GRE protocol enabled, from what I can see. You have port 47 TCP allowed, but that's not the same. Your rc.local
rules regarding GRE seem fine but are probably being overwritten, so add those rules in your firewall system proper.
You also have a DROP policy for forwarding packets - add this rule as a mininum:
iptables -A FORWARD -i ppp+ -j ACCEPT
This enables forwarding for all interfaces beginning with ppp
, which should be enough for a PPTP-based VPN.
Also, you probably did this already but check you've enabled packet forwarding using sysctl net.ipv4.ip_forward
- it should be 1.
Note your packet count (first column) for TCP 1723 is 0. Try connecting and check it goes up. But enable GRE first or it won't work, of course.