I tried to post these in the "Support 1.8" fourm, but had no answers. The second one I don't care about to much, but would like fixed... the first one is a big concern for me...
1)
I noticed the version of SSH that is running on my astaro box (version 1.8) is OpenSSH_2.1.1. The newest version of OpenSSH is 2.5.2p2.
Version 2.1.1 had a lot of security issues, it would be a wise choice to upgrade this version.
This is a security update about OpenSSH. http://linuxtoday.com/news_story.php3?ltsn=2001-03-29-018-04-SC
2)
When I try and run PoPToP, among some other problems with PPP, I get the following error...
Failed to exec /astaro/system/nfsroot/var/chroot-pptpd//sbin/pptpctrl!
I created the directory...
/var/chroot-pptpd/astaro/system/nfsroot/var/chroot-pptpd
then created a link in that directory..
transfire:/var/chroot-pptpd/astaro/system/nfsroot/var/chroot-pptpd # ls -al
total 2
drwxr-xr-x 2 root root 1024 Apr 2 20:24 .
drwxr-xr-x 3 root root 1024 Apr 2 20:23 ..
lrwxrwxrwx 1 root root 5 Apr 2 20:24 sbin -> /sbin
basicly pointed sbin to /sbin (witch would be /var/chroot-pptpd/sbin, after the chroot command was executed).
I'm guessing you guys might have messed up when you compiled this? Also, not 100% sure as I havn't looked more into it and going home for the night now, but might want to check the path for the pppd also. I had problem executing that, but was able to executed it outside of the chroot?!
I've read that you guys are going to support the PPTP, and also that you arn't. But it would really help if you could fix this.
Will there be a PPTP web interface in the future? I want to use the PPTP for our remote users, but IPsec for our remote networks. This seams to be a lot better soulution then using IPsec for everything (since PPTP will give out an IP address).
+++++++++++++++
I'm still not able to get the PPTP working correctly yet now that I have it running(I think so atleast, I can telnet from the firewall to itself and make a connection to port 1723).
When I try to make the PPTP connection, or even telnet to port 1723 from outside the firewall (or even inside the network), I get blocked by the firewall. It keeps coming up in the /var/log/kernel file as a TCP DROP, yet I've even tryied an ANY,ANY,ANY,ALLOW rule.
I would really like some help on this, IPSec just isn't going to do what we need it to do for a host->subnet connection.
This thread was automatically locked due to age.