On 01.03.2017 17:11, Thomas Haller wrote: > On Wed, 2017-03-01 at 08:07 +0100, poma wrote: >> From 28b7713cda1deba1b54bd9e52b0d62716e356b66 Mon Sep 17 00:00:00 >> 2001 >> From: poma <[email protected]> >> Date: Wed, 1 Mar 2017 07:05:40 +0100 >> Subject: [PATCH] nm-pptp-service: Grant proto GRE by firewalld. >> >> With recent kernels, the Poptop - The PPTP Server for Linux (pptpd) >> requires >> explicit load of nf_conntrack_pptp kernel module to achieve the >> operating state of the service itself. >> However this is not the case with the PPTP Client (pptp) on a Linux >> based platform. >> What is needed is to apply directly, rule within the firewalld, to >> grant proto gre, >> to achieve the operating state of the client itself. >> >> Ref. >> https://bugzilla.redhat.com/show_bug.cgi?id=1187328 >> https://bugzilla.redhat.com/show_bug.cgi?id=1214643 > > Hi poma, > > the patch does two things. I think there should be two patches for it. > > 1) drop loading the kernel module "nf_conntrack_pptp". The patch > basically reverts > https://git.gnome.org/browse/network-manager-pptp/commit/?id=695d4f2f3d1003e18be6f97bbb103e44f75d3c2b > but it's not explained why that is correct beyond "this is not the case > with...". It should be explained better whats wrong with 695d4f2f > and how that affects the two bugs that were closed by it. Will the issue > reapar, or was there a different issue in the first place? >
Here, just for you, once again ;) by By Ryan Roth 6/07/2005 "Troubleshooting 'GRE: Protocol not available' errors" http://poptop.sourceforge.net/dox/gre-protocol-unavailable.phtml #1. Client firewall: "Make sure your client is not running a software firewall. If it is make sure port 1723 and protocol 47 are allowed." Port 1723 is not a problem, but proto GRE is, meaning, to achieve the operating state of the client itself, "protocol 47 must be allowed" i.e. "grant proto gre". > 2) call to firewallcmd. firewalld is commonly only available on > Fedora/RHEL, thus patch would cause a warning on Debian systems... > You would at least need to check whether such a binary file exists and > only call it if necessary. > I am a user of the Fedora - a Linux based operating system. "Choose Freedom. Choose Fedora." _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
