Zentyal Forum, Linux Small Business Server

Zentyal Server => Contributions / Tips&Tricks / Features Requests => Topic started by: stevech on March 02, 2019, 07:12:45 pm

Title: How to allow PPTP passthrough on Zentyal 6 Community.
Post by: stevech on March 02, 2019, 07:12:45 pm
I could not get the server to accept an external Windows PPTP logon to connect as it appeared to not allow GRE even though I added the GR and port 1723 to the Firewall.

I finally solved it, for the benefit of other uses who had this problem here are the steps.

Some of this information has been gleaned from other users on this forum. My thanks for the sharing.

From the command line via ssh enter sudo modprobe ip_nat_pptp
then add  net.netfilter.nf_conntrack_helper = 1 to /etc/sysctl.conf.

Check to make sure that the following modules exist in /lib/modules/4.15.0-45-generic/kernel/net/netfilter. If that doesn't exist look here /lib/modules/4.15.0-38-generic/kernel/net/netfilter (I have 2 directories on my server) but I used  the first one which is a later version I assume.
Modules

nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_h323, nf_nat_h323, nf_conntrack_pptp, nf_nat_pptp, nf_conntrack_sip, nf_nat_sip, nf_conntrack_proto_gre.ko

If they don't all exist try the following command from the command line
modprobe ip_nat_ftp ip_nat_pptp ip_conntrack_pptp ip_gre.

Thius should install them on the system.

Use nano /etc/zentyal/firewall.conf as root.

Look for the following line.

iptables_modules = nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_h323, nf_nat_h323, nf_conntrack_pptp, nf_nat_pptp, nf_conntrack_sip, nf_nat_sip

Add the following to the end of the line nf_conntrack_proto_gre.ko so it looks like this.
iptables_modules = nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_h323, nf_nat_h323, nf_conntrack_pptp, nf_nat_pptp, nf_conntrack_sip, nf_nat_sip, nf_conntrack_proto_gre.ko

Don't forget the comma after nat_sip.

Mine was missing the , nf_conntrack_proto_gre.ko at the end.

Save it and reboot, PPTP to an external address should work now.