Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-04-2007, 03:10 AM
|
#1
|
LQ Newbie
Registered: Apr 2007
Posts: 5
Rep:
|
Poptop VPN Restrict Access by IP Range
This should be really simple, but I just cannot see how to achieve it..
I have an RH 7.2 (2.4.14) server appliance running at a clients premises with poptop VPN installed and working fine.
We need to restrict access into the VPN to a range of external IP addresses, e.g. 82.23.128.0/19 (all the authorised users have fixed IP addresses within this range). This is an urgent requirement as we getting connections into the network from employees that have left the company.
I would have expected a parameter somewhere similar to that in xinetd.conf: only_from.
However, poptop / pptpd does not appear to have any options to do this.
The server is running IP tables but I have very limited knowledge of this and would rather not mess with a working configuration.
I know that poptop / pptpd uses the script ip-up.local every time a new connection is initiated and maybe some commands could be put in there but I am not aware of the available variables or the correct syntax. ip-up.local currently contains some iptables commands.
Any help is greatly appreciated.
Many thanks and Regards to all.
|
|
|
04-05-2007, 09:22 PM
|
#2
|
Member
Registered: Jan 2005
Location: germany
Distribution: suse, opensuse, debian, others for testing
Posts: 307
Rep:
|
how about deleting expired passwords/accounts ?
if poptop supports tcpwrap you could just use /etc/hosts.allow
|
|
|
04-06-2007, 04:20 PM
|
#3
|
LQ Newbie
Registered: Apr 2007
Posts: 5
Original Poster
Rep:
|
Hi, Many thanks for your response..
The expired accounts and passwords are removed from the server as a matter of course. However, as the VPN uses a single username and password for all access, then there is still the ability to connect into the network and explore shares, etc.
I did not install this server but took over the limited support of it. As the VPN works and they have many remote users connecting into it, I do not want to change the authentication settings. Better and easier to just restrict the IP range allowed to access it I thought.
I not aware of what poptop supports or how it works, thats why I came here to ask the experts.
I would have thought that restricting access by IP range to a Linux system VPN service was a fundamental feature, yet I have googled for hours and found nothing specific.
There must be someone with knowledge of this. Please help.
Thank you.
|
|
|
04-17-2007, 10:59 PM
|
#4
|
LQ Newbie
Registered: Apr 2007
Posts: 5
Original Poster
Rep:
|
Hi,
Im still looking for a solution to this problem..
Does anyone have any ideas how to achieve this ?
Many thanks.
|
|
|
All times are GMT -5. The time now is 02:27 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|