PPTP passthrough in CloudPlatform guest networks
Problem
Networks implemented using CloudPlatform like isolated guest network and tiers in VPC (Virtual Private Cloud) makes use of VR (Virtual Router) to forward the packets. By design VR is not configured to allow GRE. This blocks PPTP connections to VMs attached to before said networks since PPTP uses an enhanced GRE (Generic Routing Encapsulation) mechanism to provide a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets.
Steps
For VMs in VPC tiers we need to configure the tier's ACL to allow protocol number 47 and perform below steps 1 and 2. For isolated guest networks we need to perform all three steps .
1. modprobe ip_conntrack_pptp
2. modprobe ip_nat_pptp
3. iptables -t mangle -I PREROUTING -p 47 -j ACCEPT
Note: Above steps need to be performed on the VR using console or ssh, We could also add them to '/etc/rc.local' to make the configuration persistent across reboot. In case the VR is recreated from template the steps need to be performed again.
Prerequisites
A VM deployed in above mentioned network configured to accept PPTP connections, eg: VyOs.
Document ID:
115001586986
Product:
CloudPlatform
Version:
4.5.0.0,4.5.1.0,4.7,4.7.1
Reference Jira ID:
ES-4517
Comments