Can't Connect To PPTP VPN With Ufw Enabled On Ubuntu 14.04 With Kernel 3.18
Answer :
This is caused by a change for security reason in kernel 3.18 [1]. There are two ways to fix this.
First approach is adding this rule to the file /etc/ufw/before.rules
before the line # drop INVALID packets ...
-A ufw-before-input -p 47 -j ACCEPT
Second approach is manually loading the nf_conntrack_pptp
module. You can do this by running
sudo modprobe nf_conntrack_pptp
To load this module on every boot on Ubuntu, add it to the file /etc/modules
.
For more recent versions of ufw a solution is instead:
sudo ufw allow proto gre from [PPTP gateway IP address] sudo systemctl restart ufw
Add nf_conntrack_pptp
to /etc/modules-load.d/pptp.conf
One liner
echo nf_conntrack_pptp | sudo tee /etc/modules-load.d/pptp.conf
Explanation
The accepted answer works for me, especially the 2nd suggestion--loading the nf_conntrack_pptp
kernel module--as opposed to modifying my iptables firewall. My laptop firewall is otherwise unmodified. sudo ufw enable
without exceptions is nice and clean. But I don't like editing /etc/modules
by hand... future package upgrades may have conflicts. /etc/modules-load.d/
provides an upgrade-friendly and more easily automatable way to load the module.
See also
Is there a ".d" directory to use to load modules at boot time, opposed to /etc/modules?
Parting shot: Do not use PPTP!
- https://www.schneier.com/cryptography/pptp/faq.html
- https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
- http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/
Try openvpn instead.
Comments
Post a Comment