Jump to Navigation

Microsoft PPTP VPN and Susefirewall2

How do I get these two working together without additional tools like pptpproxy? That was a question I had for a long time and finally there is a solution. On a forum, I found a post that allows GRE connections through the default openSUSE firewall. So here is the working configuration for my openSUSE 10.2 with Microsoft Small Business Server 2003.

First, you have to enable custom rules in your /etc/sysconfig/SuSEfirewall2. Find

## Type: string
#
# 25.)
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/
SuSEfirewall2-custom
#
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""

Uncomment #FW_CUSTOMRULES="/etc/sysconfig/scripts/
SuSEfirewall2-custom"
and remove FW_CUSTOMRULES="".

Then open /etc/sysconfig/scripts/SuSEfirewall2-custom and find

fw_custom_after_antispoofing() {
...
true
}

Before true add the following lines:

vpnserver="192.168.168.1"
inetdevice="dsl0"
iptables -N pptp
iptables -A pptp -p tcp --destination-port 1723 --dst $vpnserver -j ACCEPT
iptables -A pptp -p 47 --dst $vpnserver -j ACCEPT
iptables -I FORWARD -j pptp
iptables -t nat -N pptp
iptables -t nat -A pptp -i $inetdevice -p tcp --dport 1723 -j DNAT --to $vpnserver:1723
iptables -t nat -A pptp -i $inetdevice -p 47 -j DNAT --to $vpnserver
iptables -t nat -A PREROUTING -j pptp

Change vpnserver and inetdevice according to your settings; inetdevice is usually ppp0.

Now restart Susefirewall2 with rcSuSEfirewall2 restart and you’re done.

One Response to “Microsoft PPTP VPN and Susefirewall2”

  1. BIll jones:

    This is great stuff, thanks for having the blog and putting details like this on it. Those of us with no writing skills really appreciate it. Believe me.