And i forgot to tell you that pptp doesnt work from sys-net directly else. Do you know why? Journalctl gives me a little info such like "Modem hangs up".So i cant troubleshooting connection. >From another host it works good. Firewall doesnt block 1723 (telnet and ping >to server works) Nat_conntrack enabled in fedora template kernel.
Jun 6, 2020, 17:51 by [email protected]: > On Thu, Jun 04, 2020 at 08:25:50PM +0200, 0rb via qubes-users wrote: > >> Telnet 1723 port works and i can ping server?? from >> sys-net/sys-firewall/proxy-vm >> But connection can't be established from proxy-vm. Modem hangs if watch >> journalctl | grep ppptp >> >> [user@sys-net ~]$ lsmod | grep pptp >> nf_nat_pptp?????????????????????? 16384?? 0 >> nf_nat_proto_gre???????????? 16384?? 1 nf_nat_pptp >> nf_conntrack_pptp?????????? 16384?? 1 nf_nat_pptp >> nf_conntrack_proto_gre?????? 16384?? 1 nf_conntrack_pptp >> nf_nat???????????????????????????????? 36864?? 5 >> nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_nat_proto_gre,xt_REDIRECT >> nf_conntrack?????????????????? 163840?? 11 >> xt_conntrack,nf_nat,nft_ct,xt_state,nf_conntrack_pptp,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_nat_pptp,nf_conntrack_proto_gre,xt_REDIRECT >> >> Can anyone help how to use ppptp in QubesOS ? >> >> In 2016 Unman says >> >> First you need to allow INBOUND protocol 47: >> On sys-net: >> modprobe ip_conntrack_pptp >> modprobe ip_nat_pptp >> iptables -I FORWARD -p 47 -s <vpn server>?? -j ACCEPT >> >> On proxyVM: >> iptables -I INPUT -p 47 -s <vpn server> -j ACCEPT >> >> Now, zero the iptables counters, (using -Z), and try to start the vpn. >> You should see the counters incrementing both in sys-net and on the >> vpn proxy. >> If the connection fails look to see if any DROP rules are being >> triggered. >> By default PPTP uses tcp port 1723 so you could put in a rule to log >> that traffic : >> iptables -I FORWARD -p tcp --dport 1723 -j LOG >> >> But it doesnt solve the problem. >> > > 4 year old suggestions will rarely work in Qubes, but the principle is > good. > I don't use pptp myself, but have set this up for various users - a little > more information from your end would be useful. > Where are you trying to set up pptp connection from? > What does your Qubes netvm structure look like? > Have you set up firewall rules to allow INBOUND protocol 47? > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20200606145106.GB10363%40thirdeyesecurity.org. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/M99n2j---3-2%40tuta.io.
