From: Karl K. <la...@so...> - 2004-02-27 19:18:36
|
Any chance I could get you to send me a copy of a couple of files from your box? I would like to tweak my how-to so that everything runs with a firewall, but I have moved on to 1.1.x with my main server (and don't have many intel boxes hanging around), and so I am worried about everything being correct. If you would send me a copy of: /etc/ppp/options.pptp (or pptpd depending on what you decided to change) /etc/init.d/firewall.rules I am going to try and work on this over the weekend, so it would be nice to be able to compare things. If you want, you are free to scrub the files for IP addresses, etc. And my examples will not use your addresses. Thanks! Karl Kuehn la...@so... On Feb 27, 2004, at 1:13 PM, Brian Treadway wrote: > I have a pptp server running on 1.0.4 just fine. 1.0.3 did not have the > proper ms-chapv2 patches in the kernel for the best > Security. 1.0.4 added them. Also, the conntract_nat_pptp or whatever > is not > in there, so you cannot use that to allow related connections into the > firewall box. You instead have to allow GRE packets to enter. I don't > know > what if any security problems there may be with allowing that, but it > works > fine once you do. I have it set up to only allow mschapv2 with 128 bit > encription. |