LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-04-2007, 03:10 AM   #1
rob840
LQ Newbie
 
Registered: Apr 2007
Posts: 5

Rep: Reputation: 0
Question Poptop VPN Restrict Access by IP Range


This should be really simple, but I just cannot see how to achieve it..

I have an RH 7.2 (2.4.14) server appliance running at a clients premises with poptop VPN installed and working fine.
We need to restrict access into the VPN to a range of external IP addresses, e.g. 82.23.128.0/19 (all the authorised users have fixed IP addresses within this range). This is an urgent requirement as we getting connections into the network from employees that have left the company.

I would have expected a parameter somewhere similar to that in xinetd.conf: only_from.
However, poptop / pptpd does not appear to have any options to do this.
The server is running IP tables but I have very limited knowledge of this and would rather not mess with a working configuration.
I know that poptop / pptpd uses the script ip-up.local every time a new connection is initiated and maybe some commands could be put in there but I am not aware of the available variables or the correct syntax. ip-up.local currently contains some iptables commands.

Any help is greatly appreciated.
Many thanks and Regards to all.
 
Old 04-05-2007, 09:22 PM   #2
rtspitz
Member
 
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307

Rep: Reputation: 32
how about deleting expired passwords/accounts ?

if poptop supports tcpwrap you could just use /etc/hosts.allow
 
Old 04-06-2007, 04:20 PM   #3
rob840
LQ Newbie
 
Registered: Apr 2007
Posts: 5

Original Poster
Rep: Reputation: 0
Hi, Many thanks for your response..
The expired accounts and passwords are removed from the server as a matter of course. However, as the VPN uses a single username and password for all access, then there is still the ability to connect into the network and explore shares, etc.
I did not install this server but took over the limited support of it. As the VPN works and they have many remote users connecting into it, I do not want to change the authentication settings. Better and easier to just restrict the IP range allowed to access it I thought.
I not aware of what poptop supports or how it works, thats why I came here to ask the experts.
I would have thought that restricting access by IP range to a Linux system VPN service was a fundamental feature, yet I have googled for hours and found nothing specific.
There must be someone with knowledge of this. Please help.
Thank you.
 
Old 04-17-2007, 10:59 PM   #4
rob840
LQ Newbie
 
Registered: Apr 2007
Posts: 5

Original Poster
Rep: Reputation: 0
Hi,
Im still looking for a solution to this problem..
Does anyone have any ideas how to achieve this ?
Many thanks.
 
  


Reply

Tags
poptop, pptpd, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Poptop VPN security bug. byersjlpa Linux - Networking 2 10-11-2006 03:34 PM
Problem with PopTop VPN kragemp3 Linux - Networking 0 12-30-2004 06:27 PM
PoPToP VPN with Shorewall: can only reach PoPToP server pgwillemsen Linux - Networking 0 12-27-2004 07:11 AM
How to use VPN with Poptop? hp83 Linux - Networking 0 07-26-2004 01:53 AM
VPN PPTPD POPTOP , not Stable, need some help! phtkiller Linux - Networking 0 11-05-2003 05:55 AM


All times are GMT -5. The time now is 06:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration