Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Gaetan on November 03, 2015, 02:21:55 PM
-
Hi,
Is there a way to block specific IP addresses trying to connect through PPTP ?
I regularly get alert messages like this one:
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: Client 183.60.48.25 control connection started
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: EOF or bad error reading ctrl packet length.
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: couldn't read packet header (exit)
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: CTRL read failed
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: Reaping child PPP[0]
Nov 3 09:52:11 sme-105 pptpd[21497]: CTRL: Client 183.60.48.25 control connection finished
Obviously, "Client 183.60.48.25" did not managed to connect but I wish I could block some IP addresses.
Thanks
GL
-
http://wiki.contribs.org/Fail2ban
with a recipe to block pptpd (or, at least, block IP that try to connect many times)
-
Ever considered using a different VPN solution (see wiki)? PPTP is to be considered unsafe.
-
If you only need to block a small number of known IPs you can do it using the 'DenyHosts' property for pptpd:
config setprop pptpd DenyHosts a.b.c.d,w.x.y.0/24
signal-event remoteaccess-update
If you only need to allow pptpd from select hosts and networks (and want to deny all others) you could use the 'AllowHosts' property.
There is a little more info on this page (search the page for 'denyhosts' or 'allowhosts'):
http://wiki.contribs.org/DB_Variables_Configuration#Miscellaneous_Other_DB_Variables
-
Thanks for your reply.
The latest solution is easy and does the job.
Thanks.