Topic: PPTP for Internet Access in Kamikaze

The content of this topic has been archived on 6 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

roedel

2 Oct 2007, 12:36

Hi!

For getting Internet Access I have to use PPTP. The ADSL-modem has the IP 10.0.0.138, to dial in, a device 10.0.0.140 has to open a pptp connection. It's exactly the thing that is described in the WhiteRussion/How Do I configure PPTP for Internet access entry in the FAQ.

But with Kamikaze 7.09 i just can't get the connection up and running. Here's my /etc/config/network:

#### VLAN configuration
config switch eth0
        option vlan0    "0 1 2 3 5*"
        option vlan1    "4 5"


#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0


#### LAN configuration
config interface lan
        option type     bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   192.168.2.15
        option netmask  255.255.255.0


#### WAN configuration
config interface        wan
        option ifname   "eth0.1"
        option proto    static
        option ipaddr   10.0.0.140
        option netmask  255.255.255.0

config interface        ppp0
        option ifname   "eth0.2"
        option proto    pptp
        option server   10.0.0.138
        option username "my-ISP-username"
        option password "my-ISP-password"
        option keepalive        10
        option mtu      1492

When working, the ppp0 interface should obtain a dynamically assigned WAN-IP from my ISP server. Using the PPTP-for-internet-access settings as described in the FAQ worked out of the box with WhiteRussian releases. If you have any idea how to configure the Kamikaze-box please let me know. The PPTP-package is installed.

Thanks in advance
Stephan

(Last edited by roedel on 2 Oct 2007, 12:38)

Post #2

MMCM

3 Oct 2007, 08:49

Some time ago, I couldn't get it to work, too.
In the end, I wrote my own pppd start script, and tuned firewall rules to use ppp0 as the wan interface.
Still very buggy, when the connection gets dropped every 8h by AON (Austrian Telekom), it takes up to 15 minutes to reconnect.
I would never choose a provider with pptp access (this is not my own router).

Post #3

roedel

4 Oct 2007, 14:05

Same provider, same problem :-)

For now I've switched back to WR 0.9 where the connection is working properly.
BTW: If your modem is the alcatel Speed Touch 510, you can configure the modem to act as router with integrated modem: HOWTO
Theoretically this should also be possible for the old Speed-Touch Home: HOWTO For now i've only tested the 510 as router which works well.

Post #4

decuplo

4 Oct 2007, 17:58

Hi,
I have the same problem with kamikaze 7.07 as it is described in
http://forum.openwrt.org/viewtopic.php?id=12448

I download and installed kamikaze 7.09 but the problem is still there.

I haven't time to analyze the problem so, I decide to go back to whiterussian 0.9 where it work without any problem.
In December if the problem will be still there I'll try to investigate better.

Post #5

liri

24 Nov 2007, 17:22

roedel wrote:

Same provider, same problem :-)
For now I've switched back to WR 0.9 where the connection is working properly.
BTW: If your modem is the alcatel Speed Touch 510, you can configure the modem to act as router with integrated modem: HOWTO
Theoretically this should also be possible for the old Speed-Touch Home: HOWTO For now i've only tested the 510 as router which works well.

I am finding WR 0.9 problematic about the pptp connection to the ISP as well.
My ISP provides me with a DHCP address upon which I need to put up a PPTP vpn to the ISP server.

I am finding that it doesn't work well (if at all) through the WR webif.
Also, if I try to manually add the info to chap-secrets and then use the command line pptp to start up
the pptp session I do get connected, ppp0 is up, I changed the default route to the IP I received from
the gateway and manually edited the dns entries in /etc/resolv.conf although still nothing is working.

It could be that the firewall rules are messing up.
What exactly needs to be modified in those?

Post #6

allesmueller

4 Dec 2007, 23:38

Hi!

I'm running 7.09 with AON, the only drawback I face at the moment is, that pptp seem's to suck up all memory, because the pptp processes don't die after being disconnected (I've worked around this with a cron script which reboots if mem gets low).

my /etc/config/network:
#### VLAN configuration 
config switch eth0
        option vlan0    "1 2 3 4 5*"
        option vlan1    "0 5"

#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

#### LAN configuration
config interface lan
        option ifname   "eth0.0"
        option proto    static
        option ipaddr    MYINTERNALNET
        option netmask  255.255.255.0

#### WAN configuration
config interface        wan
        option ifname   'ppp0'
        option proto    'pptp'
        option username 'XXXXXXXXXX'
        option password 'XXXXXXXXXX'
        option server   '10.0.0.138'
        option mtu      '1492'
        option persist  ''
        option keepalive        ''

config "interface" "lan1"
        option ifname   'eth0.1'
        option proto    'static'
        option ipaddr   '10.0.0.140'
        option netmask  '255.255.255.0'

... looks like I've split up my network a little bit different.

my /etc/ppp/options.ppp:
lock 
noauth 
nobsdcomp 
nodeflate
idle 0
defaultroute
maxfail 0

my /etc/ppp/ip-up.d/user:
#!/bin/sh
/etc/init.d/firewall
killall -9 ntpd
sleep 10
/etc/init.d/ntpd restart
/usr/sbin/ez-ipupdate -c /etc/ez-ipupdate.conf

I've not played with wireless at the moment.

Then I've replace the usual firewall ruleset with a "self-brewn" fwbuilder firewall script, I dont want to post it here, but I think essential is only that you allow ip protcol 47, and tcp port 1723 in both directions between adsl modem and router (10.0.0.140 and 138)

I've to say that I even did not try to use the provided firewall mechanism (because I upgraded in little hurry from whiterussian where I had already a fwbuilder script in place).

then I also had to change

my /etc/init.d/network:
#!/bin/sh /etc/rc.common                                                       
# Copyright (C) 2006 OpenWrt.org                                               
                                                                               
START=40                                                                       
STOP=40                                                                        
                                                                               
boot() {                                                                       
        setup_switch() { return 0; }                                           
                                                                               
        include /lib/network                                                   
        setup_switch                                                           
        [ -s /etc/config/wireless ] || \                                       
                /sbin/wifi detect > /etc/config/wireless                       
        ifup -a                                                                
        /sbin/wifi up                                                          
}                                                                              
                                                                               
start() {                                                                      
        ifup -a                                                                
        /sbin/wifi up                                                          
}                                                                              
                                                                               
restart() {                                                                    
        ifup -a                                                                
        /sbin/wifi up                                                          
}                                                                              
                                                                               
stop() {                                                                       
        ifdown -a                                                              
}

(added a "ifup -a" at end of boot() )

Has someone an idea how to get rid of the "old" pptp processes (in a re-connect situation) ?

allesmueller

Post #7

stephane

7 Feb 2008, 17:24

Hello All,

Yes, I also encountered some troubles with the default config in the kamikaze pppoe access.

I followed the instructions given on this page
http://wiki.openwrt.org/OpenWrtDocs/Har … ys/WRT54GL

about PPPoE
-----------
With Kamikaze 7.09 PPPoE works out-of-the-box. All required packages are already installed in the default image. To configure PPPoE with UCI, do this:

uci set network.wan.proto=pppoe
uci set network.wan.username=<pppoe_psername>
uci set network.wan.password=<pppoe_password>
uci commit network
ifup wan
----------

ok the pppoe access works. Sure, but the box is not nating and filtering in the correct way if I do that (even after a reboot), lan pc can get access to the net.

There are 2 main problems
one in the iptables (filter) FORWARD table
iptables -v -L FORWARD gives as last line
ACCEPT all -- br-lan eth0.1 anywhere anywhere
and iptables -v -t nat -L POSTROUTING gives as last line
MASQUERADE all -- any eth0.1 anywhere anywhere

The problem is that in both lines, the output device should be ppp0 and not eth0.1
if you had these two lines :
itpables -A FORWARD -i br-lan -o ppp0 -j ACCEPT
itpables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
then everything works great

(Ooops, you also need to add your dns servers to /etc/resolv.conf)
I don t know how to do that via uci or webif.

I tried to change to /etc/config/network
from
#### WAN configuration
config interface wan
option ifname 'eth0.1'
option proto 'pppoe'
option username 'xxxx'
option password 'xxxx'
(please replace xxx by something relevant !)

to
#### WAN configuration
config interface wan
option ifname 'ppp0'
option proto 'pppoe'
option username 'xxxx'
option password 'xxxx'

but then it s not possible to ifup wan, I got an error message.(sorry I can t play much wiht my router, and give you the exact error message).

My feeling is that there must be something messed up between eth0.1 and ppp0 in the default config.
Maybe the difference between ifname and wan_device... I don t know kamikaze enough and as my router is used days and nights by 35 people, it s hard to test it and report a bug in a beter way.

But there is a bug.

Openwrt people, help your poor users on that !!!

Steff

The discussion might have continued from here.

Page 1 of 1