pptp fixes

9 years ago · 81bc34f1ab
parent e6d945f248
commit 81bc34f1ab
3 changed files with 23 additions and 9 deletions
--- a/pptp/install.sh
+++ b/pptp/install.sh
@ -47,16 +47,19 @@ $DIR/dns.sh

 echo
 echo "Starting pptpd..."
-service pptpd restart
 systemctl enable pptpd
+service pptpd restart

 IPTABLESRESTOR=$(which iptables-restore)
-if [[ ! -z $IPTABLESRESTOR ]]; then
-	sed -i -e "/exit 0/d" $RCLOCAL
-	echo "$IPTABLESRESTOR < $IPTABLES" >> $RCLOCAL
-	echo "exit 0" >> $RCLOCAL
-else
-	echo "Cannot save iptables-restore from $IPTABLES to $RCLOCAL."
+RESTORPRESENTS=$(grep iptables-restore $RCLOCAL)
+if [ $? -ne 0 ]; then
+	if [[ ! -z $IPTABLESRESTOR ]]; then
+		sed -i -e "/exit 0/d" $RCLOCAL
+		echo "$IPTABLESRESTOR < $IPTABLES" >> $RCLOCAL
+		echo "exit 0" >> $RCLOCAL
+	else
+		echo "Cannot save iptables-restore from $IPTABLES to $RCLOCAL."
+	fi
 fi

 echo
--- a/pptp/iptables-setup.sh
+++ b/pptp/iptables-setup.sh
@ -18,7 +18,7 @@ if [[ "$IP" = "" ]]; then
 fi

 # backup and remove rules with $LOCALIP
-iptables-save | uniq -u > $IPTABLES.backup
+iptables-save > $IPTABLES.backup

 IFS=$'\n'

@ -57,6 +57,9 @@ if [ "$DROP" == "$ANSDROP" ]; then
    iptables -I FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
 fi

+# MSS Clamping
+iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
 # PPP
 iptables -A INPUT -i ppp+ -j ACCEPT
 iptables -A OUTPUT -o ppp+ -j ACCEPT
@ -68,4 +71,4 @@ iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
 iptables -A INPUT -p 47 -j ACCEPT
 iptables -A OUTPUT -p 47 -j ACCEPT

-iptables-save > $IPTABLES
+iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
--- a/pptp/options.pptp.dist
+++ b/pptp/options.pptp.dist
@ -29,6 +29,14 @@ novjccomp
 nolog
 nologfd

+# LCP echo-requests options
+lcp-echo-interval 30
+lcp-echo-failure 5
+
+# MTU MRU options
+mtu 1200
+mru 1200
+
 # DNS options for Windows clients
 ms-dns 8.8.8.8
 ms-dns 8.8.4.4