Firewall after 2017-01-13-37cb4cb4-2 and PPTP

Hi, guys!

I've noticed recently that PPTPD server, worked perfectly fine on LEDE 17.01.1, can't be connected in LEDE 17.01.2. After small research I've also found out that it become unconnectable even on 17.01.1 after > opkg upgrade firewall

In both case similar error raised in system log:

GRE: xmit failed from decaps_hdlc: Operation not permitted

I know and understand that PPTP is less secure than L2TP+IpSec or openVPN, but in my case PPTPD is still much more comfortable for various devices (Windows, Linux, Android, iOS, MacOS), plus there is no really secret/sensitive data inside the channel. So at the moment I don't have any alternative for PPTPD.

Can you please help me, how can I upgrage firewall and keep PPTPD operational?


Please test if it works after adding option masq_allow_invalid 1 in /etc/config/firewall, within the wan zone section.

If I update firewall package - how can I downgrade if I find that this trick is inapplicable? Do I need just to opkg remove firewall and the original one (stored in ROM) wiil be deployed?

Sorry for n00b question - I didn't find this info/guide.

Use cp /rom/sbin/fw3 /sbin/fw3 to restore the original version.

Completely solved my problem. Thanks for help!

BTW, is there any chance to make PPTP trafic not "invalid"?