Currently the DO firewall filters IP Protocol 47 (GRE) packets, which interferes with pptp vpn links. If GRE packets were added to the list, along with ICMP, IPv4 and IPv6, this would allow the use of PPTP VPNs (see e.g. https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp) and other VPNs that utilize GRE packets, such as IPSec
If you implement support for this, can you also implement support for IPSEC passthrough (ESP-packages) at the same time? It seems reasonable that the Firewalls should allow for both IPSEC and PPTP, especially since IPSec IKEv2 is more modern and secure. There is another ides ticket specifically about this as well, with number DO-I-2955. Maybe you can implement both at the same time?
Attachments Open full size
When adding GRE support is planning?
Attachments Open full size
We need this
Attachments Open full size
Also please add support for ESP (for IPsec)
Attachments Open full size
+1
Â
i can't use firewall service because of this. I have to use Ufw
Attachments Open full size