Hello. I have enabled GRE and PPtP macro in firewall:
cat /etc/pve/firewall/cluster.fw [OPTIONS] policy_in: REJECT enable: 1 [RULES] GROUP vpn GROUP basic-node [group basic-node] IN Ping(ACCEPT) IN ACCEPT -p tcp -dport 8006 # Proxmox Web Interface IN ACCEPT -p tcp -dport 22444 # SSH [group vpn] OUT GRE(ACCEPT) IN GRE(ACCEPT) IN PPtP(ACCEPT) But still cannot connect to pptpd until executed following commands: iptables -I INPUT -p gre -j ACCEPT iptables -I OUTPUT -p gre -j ACCEPT Without these commands syslog tells: Mar 2 23:44:56 proxmox pppd[7824]: pppd 2.4.6 started by root, uid 0 Mar 2 23:44:56 proxmox pppd[7824]: using channel 16 Mar 2 23:44:56 proxmox pppd[7824]: Using interface ppp0 Mar 2 23:44:56 proxmox pppd[7824]: Connect: ppp0 <--> /dev/pts/1 Mar 2 23:44:56 proxmox pppd[7824]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5aac399d> <pcomp> <accomp>] Mar 2 23:44:56 proxmox pptpd[7810]: GRE: xmit failed from decaps_hdlc: Operation not permitted Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: Reaping child PPP[7824] Mar 2 23:44:56 proxmox pppd[7824]: Modem hangup Mar 2 23:44:56 proxmox pppd[7824]: Connection terminated. Can be PPTP properly configured via pve-firewall? Or those rules makes sense only for VM's, not nodes/cluster? -- Pavel Kolchanov <pavel.kolcha...@gmail.com> _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
