load nf_nat_pptp module

[ycherniavskyi]

Is it possible to add nf_nat_pptp module in load_modules function of main arno-iptables-firewall? Because without this module, users behind the FW could not connect to MS VPN server with MS VPN Client :disappointed:.

[abelbeck]

I won't speak for @arnova but I would suggest on a user by user basis enabling that via the custom-rules script, ex: /etc/arno-iptables-firewall/custom-rules

add...

echo "[CUSTOM RULE] Enable PPTP NAT helper module"
modprobe_multi nf_nat_pptp ip_nat_pptp

(the echo line helps remind you where this option was added)

Personally I would hope PPTP would go away in favor of the vastly more secure OpenVPN :-)

[ycherniavskyi]

@abelbeck thank you for such clear hint. It completely resolve my issue :thumbsup:.

[arnova]

I agree with @abelbeck : This doesn't belong in the main script. We could create a (dummy) plugin doing the loading. @abelbeck : What do you think?

[ycherniavskyi]

@arnova hmm plugin will be even better then custom rules :blush:. Of course, I hope that OpenVPN will beat PPTP, but MS VPN as part of MS infrastructure will exist long enough because no one what to change it, if it works.

[abelbeck]

We currently have a "PPTP VPN plugin" to support a local PPTP server, too confusing to add this feature there. I suppose we could create a "PPTP VPN Passthrough plugin".

Though, in my years here and with the AstLinux project, enabling nf_nat_pptp has not come-up until now.

I'm willing to add this feature as a "PPTP VPN Passthrough plugin" if you think it would be generally useful.

[arnova]

If you don't mind, I think it would nice yes :-)

[abelbeck]

Now available in the nightly build: http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_nightly.tar.gz

@ycherniavsky if you want to test the plugin you can manually copy the 50pptp-vpn-passthrough.plugin and pptp-vpn-passthrough.conf onto your system in their respective locations.

[arnova]

Thanks @abelbeck

[ycherniavskyi]

@abelbeck thanks, works as expected!