Results 1 to 9 of 9

Thread: el firewall deshabilita VPN, ¿cómo tener ambos?

  1. #1

    Default el firewall deshabilita VPN, ¿cómo tener ambos?

    Hola,
    puedo conectarme a través del administrador de red a la VPN de mi empresa,
    pero solo si detengo el firewall.
    No hay configuraciones especiales en el firewall, configuración predeterminada.
    No me siento bien cuando el firewall está desactivado, entonces, ¿cómo puedo tener ambos?
    ¿Es la zona externa de VPN y qué servicios debo permitir? o hay alguna otra configuración?
    la VPN es PPTP
    lei en otro tema igual esto

    Para el cliente PPTP con firewall, debe limitar el módulo de seguimiento de conexión 'nf_conntrack_pptp' esté cargado.
    Código:
    sudo modprobe nf_conntrack_pptp

    Puede utilizar de este módulo se cargue al arrancar creando /etc/modules-load.d/pptp.conf con la entrada 'nf_conntrack_pptp'.
    en esta carpeta /etc/modules-load.d no hay nada
    como creo el archivo pptp.conf y como añado la entrada 'nf_conntrack_pptp'.

    ¡Gracias por la ayuda!

  2. #2
    Join Date
    Mar 2011
    Location
    Sauerland
    Posts
    4,886

    Default AW: el firewall deshabilita VPN, ¿cómo tener ambos?

    This is an English speaking forum, so please ask in English or ask here:
    http://www.forosuse.org/forosuse/

  3. #3

    Default the firewall disables VPN, how to have both?

    Hello,
    I can connect through the network administrator to my company's VPN, but only if I stop the firewall.
    There are no special settings in the firewall, default setting.
    I don't feel good when the firewall is disabled so how can I have both?
    Is it the external VPN zone and what services should I allow? or is there any other settings?
    the VPN is PPTP
    I read on another topic like this
    "For the firewall PPTP client, you must limit the connection tracking module 'nf_conntrack_pptp' to be loaded.
    Code:
    sudo modprobe nf_conntrack_pptp
    You can use this module to be loaded at startup by creating /etc/modules-load.d/pptp.conf with the entry 'nf_conntrack_pptp'. "
    nothing in this /etc/modules-load.d folder
    How do I create the pptp.conf file and how do I add the entry 'nf_conntrack_pptp'.


    Thanks for the help!

  4. #4

    Question the firewall disables VPN, how to have both?

    Hello,
    I can connect through the network administrator to my company's VPN, but only if I stop the firewall.
    There are no special settings in the firewall, default setting.
    I don't feel good when the firewall is disabled so how can I have both?
    Is it the external VPN zone and what services should I allow? or is there any other settings?
    the VPN is PPTP
    I read on another topic like this
    "For the firewall PPTP client, you must limit the connection tracking module 'nf_conntrack_pptp' to be loaded.
    Code:
    sudo modprobe nf_conntrack_pptp
    You can use this module to be loaded at startup by creating /etc/modules-load.d/pptp.conf with the entry 'nf_conntrack_pptp'. "
    nothing in this /etc/modules-load.d folder
    How do I create the pptp.conf file and how do I add the entry 'nf_conntrack_pptp'.


    Thanks for the help!

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,094
    Blog Entries
    1

    Default Re: the firewall disables VPN, how to have both?

    I assume you were referring to this old thread.

    If firewalld is active, you can use the 'firewall-config' graphical utility to ensure that the connection trackers are loaded.

    From the menu > 'View' > check 'Helpers' is enabled

    then 'Options' > 'Runtime to Permanent'

    See if that does the trick.

    Code:
    lsmod |grep nf
    openSUSE Leap 15.2; KDE Plasma 5

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,094
    Blog Entries
    1

    Default Re: the firewall disables VPN, how to have both?

    BTW, you may need to install the 'firewalll-config' package first...
    Code:
    sudo zypper in firewall-config
    openSUSE Leap 15.2; KDE Plasma 5

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    22,094
    Blog Entries
    1

    Default Re: el firewall deshabilita VPN, ¿cómo tener ambos?

    Refer answer in your other thread
    https://forums.opensuse.org/showthre...w-to-have-both
    openSUSE Leap 15.2; KDE Plasma 5

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    27,155

    Default Re: el firewall deshabilita VPN, ¿cómo tener ambos?

    Merged the two threads. @alejokp, Please do not double post.
    Henk van Velden

  9. #9

    Cool Re: el firewall deshabilita VPN, ¿cómo tener ambos?

    Quote Originally Posted by deano_ferrari View Post
    I have solved my problem old school, manually.
    First I have consulted my configuration
    firewall-cmd --list-all
    MyZone (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0
    sources:
    services: ssh
    ports:
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:
    Then I observed that ppp0 was not listed in intrerfaces
    The ports 1723/1687 tcp were not open either
    When I saw this, the second thing I did was open the ports, execute the following:
    firewall-cmd --zone = MyZone --add-port = 1723 / tcp --permanent
    firewall-cmd --zone = MyZone --add-port = 1687 / tcp --permanent
    Enable masquerade
    firewall-cmd --zone = public --add-masquerade --permanent
    then enable the GRE protocol
    firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
    finally reload the new configuration
    firewall-cmd --reload
    Please check again
    firewall-cmd --list-all
    MyZone (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0 ppp0
    sources:
    services: ssh
    ports: 1723 / tcp 1687 / tcp
    protocols:
    masquerade: yes
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:
    Start the PPPTP connection
    Successful connection!
    Thank you
    I leave the steps in case someone needs them with a similar problem

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •