Topic: PPTP - Is there a way to block specific external IP addresses ?

[Gaetan]

Hi,
Is there a way to block specific IP addresses trying to connect through PPTP ?

I regularly get alert messages like this one:

Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: Client 183.60.48.25 control connection started
Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: EOF or bad error reading ctrl packet length.
Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: couldn't read packet header (exit)
Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: CTRL read failed
Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: Reaping child PPP[0]
Nov  3 09:52:11 sme-105 pptpd[21497]: CTRL: Client 183.60.48.25 control connection finished

Obviously, "Client 183.60.48.25" did not managed to connect but I wish I could block some IP addresses.

Thanks

GL

[Stefano]

http://wiki.contribs.org/Fail2ban

with a recipe to block pptpd (or, at least, block IP that try to connect many times)

[guest22]

Ever considered using a different VPN solution (see wiki)? PPTP is to be considered unsafe.

[mmccarn]

If you only need to block a small number of known IPs you can do it using the 'DenyHosts' property for pptpd:

Code: [Select]

config setprop pptpd DenyHosts a.b.c.d,w.x.y.0/24
signal-event remoteaccess-update

If you only need to allow pptpd from select hosts and networks (and want to deny all others) you could use the 'AllowHosts' property.

There is a little more info on this page (search the page for 'denyhosts' or 'allowhosts'):
http://wiki.contribs.org/DB_Variables_Configuration#Miscellaneous_Other_DB_Variables

[Gaetan]

Thanks for your reply.
The latest solution is easy and does the job.
Thanks.