Hello,
After upgrading to OpenWrt version 22.03.0, I have issue configuring PPTP server:
I successfully installed the PPTP server package and I can connect from a remote machine and after that, I can also ping to my router internal IP and login to luci.
The issue is that I cannot access my internal LAN IPs (192.168.18.x) except the internal IP of my router (192.168.18.254).
Up to OpenWrt version 22.02.0 I could solve this with the command iptables -A forwarding_rule -i "$ifname" -j ACCEPT inside the file /etc/ppp/ip-up.
But it does not work anymore with OpenWrt version 22.03.0/fw4/nftables and I have no clue how it should be done (I have read all the wiki pages regarding PPTP/firewall with no success).
Do you have the option to change your VPN protocol? If you control both sides of the tunnel, you presumably can do this. PPTP is not secure and is considered unsuitable for the modern internet threat landscape.
I'd recommend Wireguard as a replacement -- it's available for Mac, Linux, Windows, iOS, and Android (and obviously OpenWrt), and is easy to configure. It is also high performance, modern, and secure.
So what is the actual ifname in your case? My suggested solution should've worked and I would like to know why it didn't. I'd rather not see custom ppp-up/ppp-down scripts staging broad forward allow rules as canonical solution as it will be copied by future readers without much thought.
They should be actually. fw4 still uses + in order to stay compatible with existing configurations. It will translate it to * internally. (See also 0bc844ba02ae460d4a895878b9136ba5d8e09b37) However...
... looks like an actual endianess bug in nftables itself.