Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
This should be really simple, but I just cannot see how to achieve it..
I have an RH 7.2 (2.4.14) server appliance running at a clients premises with poptop VPN installed and working fine.
We need to restrict access into the VPN to a range of external IP addresses, e.g. 82.23.128.0/19 (all the authorised users have fixed IP addresses within this range). This is an urgent requirement as we getting connections into the network from employees that have left the company.
I would have expected a parameter somewhere similar to that in xinetd.conf: only_from.
However, poptop / pptpd does not appear to have any options to do this.
The server is running IP tables but I have very limited knowledge of this and would rather not mess with a working configuration.
I know that poptop / pptpd uses the script ip-up.local every time a new connection is initiated and maybe some commands could be put in there but I am not aware of the available variables or the correct syntax. ip-up.local currently contains some iptables commands.
Any help is greatly appreciated.
Many thanks and Regards to all.
Hi, Many thanks for your response..
The expired accounts and passwords are removed from the server as a matter of course. However, as the VPN uses a single username and password for all access, then there is still the ability to connect into the network and explore shares, etc.
I did not install this server but took over the limited support of it. As the VPN works and they have many remote users connecting into it, I do not want to change the authentication settings. Better and easier to just restrict the IP range allowed to access it I thought.
I not aware of what poptop supports or how it works, thats why I came here to ask the experts.
I would have thought that restricting access by IP range to a Linux system VPN service was a fundamental feature, yet I have googled for hours and found nothing specific.
There must be someone with knowledge of this. Please help.
Thank you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Poptop VPN Restrict Access by IP Range
