Can't Connect To PPTP VPN With Ufw Enabled On Ubuntu 14.04 With Kernel 3.18


Answer :

This is caused by a change for security reason in kernel 3.18 [1]. There are two ways to fix this.

First approach is adding this rule to the file /etc/ufw/before.rules before the line # drop INVALID packets ...

-A ufw-before-input -p 47 -j ACCEPT 

Second approach is manually loading the nf_conntrack_pptp module. You can do this by running

sudo modprobe nf_conntrack_pptp 

To load this module on every boot on Ubuntu, add it to the file /etc/modules.


For more recent versions of ufw a solution is instead:

sudo ufw allow proto gre from [PPTP gateway IP address] sudo systemctl restart ufw 

Add nf_conntrack_pptp to /etc/modules-load.d/pptp.conf

One liner

echo nf_conntrack_pptp | sudo tee /etc/modules-load.d/pptp.conf 

Explanation

The accepted answer works for me, especially the 2nd suggestion--loading the nf_conntrack_pptp kernel module--as opposed to modifying my iptables firewall. My laptop firewall is otherwise unmodified. sudo ufw enable without exceptions is nice and clean. But I don't like editing /etc/modules by hand... future package upgrades may have conflicts. /etc/modules-load.d/ provides an upgrade-friendly and more easily automatable way to load the module.

See also

Is there a ".d" directory to use to load modules at boot time, opposed to /etc/modules?

Parting shot: Do not use PPTP!

  • https://www.schneier.com/cryptography/pptp/faq.html
  • https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
  • http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

Try openvpn instead.


Comments

Popular posts from this blog

Converting A String To Int In Groovy

"Cannot Create Cache Directory /home//.composer/cache/repo/https---packagist.org/, Or Directory Is Not Writable. Proceeding Without Cache"

Android How Can I Convert A String To A Editable