pptp fixes

pptp/install.sh

@@ -47,16 +47,19 @@ $DIR/dns.sh
 
 echo
 echo "Starting pptpd..."
-service pptpd restart
 systemctl enable pptpd
+service pptpd restart
 
 IPTABLESRESTOR=$(which iptables-restore)
-if [[ ! -z $IPTABLESRESTOR ]]; then
+RESTORPRESENTS=$(grep iptables-restore $RCLOCAL)
-	sed -i -e "/exit 0/d" $RCLOCAL
+if [ $? -ne 0 ]; then
-	echo "$IPTABLESRESTOR < $IPTABLES" >> $RCLOCAL
+	if [[ ! -z $IPTABLESRESTOR ]]; then
-	echo "exit 0" >> $RCLOCAL
+		sed -i -e "/exit 0/d" $RCLOCAL
-else
+		echo "$IPTABLESRESTOR < $IPTABLES" >> $RCLOCAL
-	echo "Cannot save iptables-restore from $IPTABLES to $RCLOCAL."
+		echo "exit 0" >> $RCLOCAL
+	else
+		echo "Cannot save iptables-restore from $IPTABLES to $RCLOCAL."
+	fi
 fi
 
 echo

pptp/iptables-setup.sh

@@ -18,7 +18,7 @@ if [[ "$IP" = "" ]]; then
 fi
 
 # backup and remove rules with $LOCALIP
-iptables-save | uniq -u > $IPTABLES.backup
+iptables-save > $IPTABLES.backup
 
 IFS=$'\n'
 
@@ -57,6 +57,9 @@ if [ "$DROP" == "$ANSDROP" ]; then
     iptables -I FORWARD -s $LOCALIPMASK -d $LOCALIPMASK -j DROP
 fi
 
+# MSS Clamping
+iptables -t mangle -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
 # PPP
 iptables -A INPUT -i ppp+ -j ACCEPT
 iptables -A OUTPUT -o ppp+ -j ACCEPT
@@ -68,4 +71,4 @@ iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
 iptables -A INPUT -p 47 -j ACCEPT
 iptables -A OUTPUT -p 47 -j ACCEPT
 
-iptables-save > $IPTABLES
+iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES

pptp/options.pptp.dist

@@ -29,6 +29,14 @@ novjccomp
 nolog
 nologfd
 
+# LCP echo-requests options
+lcp-echo-interval 30
+lcp-echo-failure 5
+
+# MTU MRU options
+mtu 1200
+mru 1200
+
 # DNS options for Windows clients
 ms-dns 8.8.8.8
 ms-dns 8.8.4.4