el firewall deshabilita VPN, ¿cómo tener ambos?

Hola,
puedo conectarme a través del administrador de red a la VPN de mi empresa,
pero solo si detengo el firewall.
No hay configuraciones especiales en el firewall, configuración predeterminada.
No me siento bien cuando el firewall está desactivado, entonces, ¿cómo puedo tener ambos?
¿Es la zona externa de VPN y qué servicios debo permitir? o hay alguna otra configuración?
la VPN es PPTP
lei en otro tema igual esto

Para el cliente PPTP con firewall, debe limitar el módulo de seguimiento de conexión ‘nf_conntrack_pptp’ esté cargado.
Código:
sudo modprobe nf_conntrack_pptp
Puede utilizar de este módulo se cargue al arrancar creando /etc/modules-load.d/pptp.conf con la entrada ‘nf_conntrack_pptp’.
en esta carpeta /etc/modules-load.d no hay nada
como creo el archivo pptp.conf y como añado la entrada ‘nf_conntrack_pptp’.

¡Gracias por la ayuda!

This is an English speaking forum, so please ask in English or ask here:
http://www.forosuse.org/forosuse/

Hello,
I can connect through the network administrator to my company’s VPN,
but only if I stop the firewall.
There are no special settings in the firewall, default setting.
I don’t feel good when the firewall is disabled so how can I have both?
Is it the external VPN zone and what services should I allow? or is there any other settings?
the VPN is PPTP
I read on another topic like this

For the PPTP client with firewall, you must limit the connection tracking module ‘nf_conntrack_pptp’ to be loaded.
Code:
sudo modprobe nf_conntrack_pptp
You can use this module to be loaded at startup by creating /etc/modules-load.d/pptp.conf with the entry ‘nf_conntrack_pptp’.
nothing in this /etc/modules-load.d folder
How do I create the pptp.conf file and how do I add the entry ‘nf_conntrack_pptp’.

Thanks for the help!

Hello,
I can connect through the network administrator to my company’s VPN, but only if I stop the firewall.
There are no special settings in the firewall, default setting.
I don’t feel good when the firewall is disabled so how can I have both?
Is it the external VPN zone and what services should I allow? or is there any other settings?
the VPN is PPTP
I read on another topic like this
"For the firewall PPTP client, you must limit the connection tracking module ‘nf_conntrack_pptp’ to be loaded.
Code:
sudo modprobe nf_conntrack_pptp
You can use this module to be loaded at startup by creating /etc/modules-load.d/pptp.conf with the entry ‘nf_conntrack_pptp’. "
nothing in this /etc/modules-load.d folder
How do I create the pptp.conf file and how do I add the entry ‘nf_conntrack_pptp’.

Thanks for the help!

Hello,
I can connect through the network administrator to my company’s VPN, but only if I stop the firewall.
There are no special settings in the firewall, default setting.
I don’t feel good when the firewall is disabled so how can I have both?
Is it the external VPN zone and what services should I allow? or is there any other settings?
the **VPN is PPTP
I read on another topic like this
"**For the firewall PPTP client, you must limit the connection tracking module ‘nf_conntrack_pptp’ to be loaded.
Code:
sudo modprobe nf_conntrack_pptp
You can use this module to be loaded at startup by creating /etc/modules-load.d/pptp.conf with the entry ‘nf_conntrack_pptp’. "
nothing in this /etc/modules-load.d folder
**How do I create the pptp.conf file and how do I add the entry ‘nf_conntrack_pptp’.

Thanks for the help!******

I assume you were referring to this old thread.

If firewalld is active, you can use the ‘firewall-config’ graphical utility to ensure that the connection trackers are loaded.

From the menu > ‘View’ > check ‘Helpers’ is enabled

then ‘Options’ > ‘Runtime to Permanent’

See if that does the trick.

lsmod |grep nf

BTW, you may need to install the ‘firewalll-config’ package first…

sudo zypper in firewall-config

Refer answer in your other thread
https://forums.opensuse.org/showthread.php/541549-the-firewall-disables-VPN-how-to-have-both

Merged the two threads. @alejokp, Please do not double post.

I happen to like PIA more because they have better Linux support, and support port forwarding with fast low latency connections.

I have solved my problem old school, manually.
First I have consulted my configuration
firewall-cmd --list-all
MyZone (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Then I observed that ppp0 was not listed in intrerfaces
The ports 1723/1687 tcp were not open either
When I saw this, the second thing I did was open the ports, execute the following:
firewall-cmd --zone = MyZone --add-port = 1723 / tcp --permanent
firewall-cmd --zone = MyZone --add-port = 1687 / tcp --permanent
Enable masquerade
firewall-cmd --zone = public --add-masquerade --permanent
then enable the GRE protocol
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
finally reload the new configuration
firewall-cmd --reload
Please check again
firewall-cmd --list-all
MyZone (active)
target: default
icmp-block-inversion: no
interfaces: eth0 ppp0
sources:
services: ssh
ports: 1723 / tcp 1687 / tcp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Start the PPPTP connection
Successful connection!
Thank you
I leave the steps in case someone needs them with a similar problem