Consider a simple configuration: local network connected to Internet via server A with Ubuntu Server 20.04, acting as a gateway/firewall/dhcp server. Now, some internal hosts (say, B) need to connect to an external VPN server C. There is no problem connecting to server C with pptp directly from our gateway A, but all of the internal hosts such as B fail to connect. Googling through similar issues, I checked that I have appropriate kernel modules loaded (sudo modprobe nf_conntrack_pptp) both at A and B, and that the ufw firewall at A is configured to allow GRE protocol (sudo ufw allow proto gre from [IP_address_of_C]). Most suprisingly, however, is that the issue remains if I disable firewall both at A and B at all (sudo ufw disable) - the B host still cannot reach C server. An attempt to connect from B to C (sudo pon tunnel_to_C debug dump logfd 2 nodetach) retries sending requests each ~3 seconds and then breaks with timeout:
...
Using interface ppp0
Connect: ppp0 <--> /dev/pts/5
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa7cef43c> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
whereas the same procedure directly from server A gets reply after the first sent line. How then is it possible that requests from internal hosts cannot get to external server when the firewall is disabled at gateway A?
