Restict PPTP access to remote IP number

robwellesley

92
+0/-0

Restict PPTP access to remote IP number

« on: April 13, 2018, 12:18:01 AM »

Hi Guys

How would one Restrict PPTP access to connections from just one remote IP number (or numbers)?
Thanks in advance for any advice on this.

Rob

Logged

ReetP

3,950
+6/-0

Re: Restict PPTP access to remote IP number

« Reply #1 on: April 13, 2018, 12:54:34 AM »

I'd have a look at allowhosts/denyhosts

https://wiki.contribs.org/DB_Variables_Configuration

Something like:

config setprop pptp Allowhosts 1.2.3.4

I'm not sure if you need to set Denyhosts to 0.0.0.0 as well.

HOWEVER, saying all that I presume you are aware PPTP is pretty well worse than useless for security? It has been broken for years. Apple have dropped it entirely.

You really should use ipsec or openvpn if you care about your data.

If you are in a country where GDPR applies, or are dealing with one, then that advice should be considered mandatory.

Here endeth the lesson

Logged

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

robwellesley

92
+0/-0

Re: Restict PPTP access to remote IP number

« Reply #2 on: April 13, 2018, 03:49:10 AM »

Cheers,
Looks simpler than IP Tables seeing as PPTP is already an SME service.

Yes, point taken - so convenient though

OpenVPN seems to not be 'free' however?

Logged

ReetP

3,950
+6/-0

Re: Restict PPTP access to remote IP number

« Reply #3 on: April 13, 2018, 10:05:44 AM »

Quote from: robwellesley on April 13, 2018, 03:49:10 AM

Cheers,
Looks simpler than IP Tables seeing as PPTP is already an SME service.

No... those keys add iptables rules for you all done by magic

Quote

Yes, point taken - so convenient though

But worse than useless!! And remember GPDR. If that applies, and you KNOW data transfer is insecure you may have a problem.....

Quote

OpenVPN seems to not be 'free' however?

Not sure where you get that? I don't pay anything for it?

Logged

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

DanB35

764
+0/-0

Re: Restict PPTP access to remote IP number

« Reply #4 on: April 13, 2018, 12:00:16 PM »

Quote from: robwellesley on April 13, 2018, 03:49:10 AM

OpenVPN seems to not be 'free' however?

OpenVPN is free, open source software, released under the GPL.

Logged

......

mmccarn

2,656
+10/-0

Re: Restict PPTP access to remote IP number

« Reply #5 on: April 13, 2018, 01:20:49 PM »

I think the recommendation is that you use the OpenVPN_Bridge contrib.

Logged

janet

4,812
+0/-0

Re: Restict PPTP access to remote IP number

« Reply #6 on: April 13, 2018, 03:57:10 PM »

robwellesley

Also see
https://wiki.contribs.org/Firewall

Follow the command
config setprop pptp Allowhosts 1.2.3.4
with
signal-event remoteaccess-update

Logged

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Jean-Philippe Pialasse

2,912
+11/-0
aka Unnilennium

Re: Restict PPTP access to remote IP number

« Reply #7 on: April 13, 2018, 04:17:44 PM »

I can understand the idea that open vpn is not free. If you seek the client for windows and go straight to download, they will guide you to the services where they get money to keep the project alive.

To get what you want for the client computer , go to openvpn.net then click community then download/community to end there: https://openvpn.net/index.php/download/community-downloads.html

To equip your SME all is on the wiki as already pointed.

Logged