Hi, Unman! I talk about default scheme. I know that pptp insecure, but i need it to test production multicast in corporate networks.
Clean Qubes install. net-vm - fedora 30,31,32. firewall-vm - fedora 30,31,32 proxy-vm based on debian-10 template provides network and sys-firewall as netvm (pptp-linux network-manager-pptp network-manager-pptp-gnome packages preinstalled) For any another Linux distro, for example Ubuntu, its enough to establish connection and send igmp query over pptp to router. Can you advice to me which full iptables firewall rules do i need to enable on sys-firewall vm? Thank you. -- Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: https://tutanota.com Jun 6, 2020, 17:51 by [email protected]: > On Thu, Jun 04, 2020 at 08:25:50PM +0200, 0rb via qubes-users wrote: > >> Telnet 1723 port works and i can ping server?? from >> sys-net/sys-firewall/proxy-vm >> But connection can't be established from proxy-vm. Modem hangs if watch >> journalctl | grep ppptp >> >> [user@sys-net ~]$ lsmod | grep pptp >> nf_nat_pptp?????????????????????? 16384?? 0 >> nf_nat_proto_gre???????????? 16384?? 1 nf_nat_pptp >> nf_conntrack_pptp?????????? 16384?? 1 nf_nat_pptp >> nf_conntrack_proto_gre?????? 16384?? 1 nf_conntrack_pptp >> nf_nat???????????????????????????????? 36864?? 5 >> nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_nat_proto_gre,xt_REDIRECT >> nf_conntrack?????????????????? 163840?? 11 >> xt_conntrack,nf_nat,nft_ct,xt_state,nf_conntrack_pptp,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_conntrack_proto_gre,xt_REDIRECT >> >> Can anyone help how to use ppptp in QubesOS ? >> >> In 2016 Unman says >> >> First you need to allow INBOUND protocol 47: >> On sys-net: >> modprobe ip_conntrack_pptp >> modprobe ip_nat_pptp >> iptables -I FORWARD -p 47 -s <vpn server>?? -j ACCEPT >> >> On proxyVM: >> iptables -I INPUT -p 47 -s <vpn server> -j ACCEPT >> >> Now, zero the iptables counters, (using -Z), and try to start the vpn. >> You should see the counters incrementing both in sys-net and on the >> vpn proxy. >> If the connection fails look to see if any DROP rules are being >> triggered. >> By default PPTP uses tcp port 1723 so you could put in a rule to log >> that traffic : >> iptables -I FORWARD -p tcp --dport 1723 -j LOG >> >> But it doesnt solve the problem. >> > > 4 year old suggestions will rarely work in Qubes, but the principle is > good. > I don't use pptp myself, but have set this up for various users - a little > more information from your end would be useful. > Where are you trying to set up pptp connection from? > What does your Qubes netvm structure look like? > Have you set up firewall rules to allow INBOUND protocol 47? > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20200606145106.GB10363%40thirdeyesecurity.org. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/M99l_e---3-2%40tuta.io.
