On Wed, Mar 1, 2017 at 6:14 PM poma <[email protected]> wrote:
> On 01.03.2017 17:11, Thomas Haller wrote: > > On Wed, 2017-03-01 at 08:07 +0100, poma wrote: > >> From 28b7713cda1deba1b54bd9e52b0d62716e356b66 Mon Sep 17 00:00:00 > >> 2001 > >> From: poma <[email protected]> > >> Date: Wed, 1 Mar 2017 07:05:40 +0100 > >> Subject: [PATCH] nm-pptp-service: Grant proto GRE by firewalld. > >> > >> With recent kernels, the Poptop - The PPTP Server for Linux (pptpd) > >> requires > >> explicit load of nf_conntrack_pptp kernel module to achieve the > >> operating state of the service itself. > >> However this is not the case with the PPTP Client (pptp) on a Linux > >> based platform. > >> What is needed is to apply directly, rule within the firewalld, to > >> grant proto gre, > >> to achieve the operating state of the client itself. > >> > >> Ref. > >> https://bugzilla.redhat.com/show_bug.cgi?id=1187328 > >> https://bugzilla.redhat.com/show_bug.cgi?id=1214643 > > > > Hi poma, > > > > the patch does two things. I think there should be two patches for it. > > > > 1) drop loading the kernel module "nf_conntrack_pptp". The patch > > basically reverts > > > https://git.gnome.org/browse/network-manager-pptp/commit/?id=695d4f2f3d1003e18be6f97bbb103e44f75d3c2b > > but it's not explained why that is correct beyond "this is not the case > > with...". It should be explained better whats wrong with 695d4f2f > > and how that affects the two bugs that were closed by it. Will the issue > > reapar, or was there a different issue in the first place? > > > > Here, just for you, once again ;) > > by By Ryan Roth > 6/07/2005 > "Troubleshooting 'GRE: Protocol not available' errors" > http://poptop.sourceforge.net/dox/gre-protocol-unavailable.phtml > #1. Client firewall: > "Make sure your client is not running a software firewall. If it is make > sure port 1723 and protocol 47 are allowed." > > Port 1723 is not a problem, but proto GRE is, meaning, > to achieve the operating state of the client itself, > "protocol 47 must be allowed" i.e. "grant proto gre". > > > 2) call to firewallcmd. firewalld is commonly only available on > > Fedora/RHEL, thus patch would cause a warning on Debian systems... > > You would at least need to check whether such a binary file exists and > > only call it if necessary. > > > > I am a user of the Fedora - a Linux based operating system. > "Choose Freedom. Choose Fedora." > Well, even in Fedora firewalld is not guarantied to be installed. And even if its installed its not guarantied to be used/running. So blindly using firewall-cmd is wrong on any Linux distro. Jeka > >
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
