All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Issues with a PPTP VPN and CSF
I recently got a PPTP VPN up and running on my VPS, and if I disable my firewall it works great. However, I use CSF for my firewall, and if I enable it my VPN doesn't work quite right. Specifically, I can still connect to the VPN, and from there I can access my server, but nowhere else (can't get anywhere else on the Internet).
I've done a lot of searching about how to get CSF and PPTP to work together, and nearly everyone says to create a file, /etc/csf/csfpre.sh, with the following contents:
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.84.1.0/24 -j SNAT --to-source ww.xx.yy.zz
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
(Well, they say to use the MASQUERADE line, which I commented out and replaced with the SNAT line since MASQUERADE isn't supported on my VPS. And of course I replace ww.xx.yy.zz with my server's public IP address.)
There's also /etc/csf/csfpost.sh, with the following:
service pptpd stop
service pptpd start
But I can't find any other suggestions. Again, my pptpd config seems to work fine, but the firewall is interfering. Any ideas on how to tweak it to get things working?
Thanks!
Comments
This is OpenVZ VPS, right? (seeing that you need to use SNAT instead of MASQ).
If so, the interface should be venet0, not eth0
That did it, thanks! (And yeah, OpenVZ.)
For anyone else, this was my final /etc/csf/csfpre.sh (again, replacing ww.xx.yy.zz with my public IP):