PPTP Client, Disable MSCHAP?

Hey guys!
So I was trying to setup a PPTP client on my router following this guide: https://openwrt.org/docs/guide-user/services/vpn/pptp/client#instructions.

I've successfully completed each step through the LuCi interface, however the VPN interface seems unable to connect to the VPN server (I'm using PureVPN as provider). The only thing that comes to my mind is that as required by PureVPN I should disable MSCHAP, however I have no clue on how to do that.

Could someone suggest me how to disable MSCHAP for the VPN Client? Thanks! =)

PS: beside trying to configure the VPN client on the router, I tried to connect a LAN client to the VPN, however even there the connection fails (I think it might be caused by some firewall rules), I found a topic explaining the exact problem i have (https://forum.archive.openwrt.org/viewtopic.php?id=59150), however if I try to apply the suggested fix:

iptables -A PREROUTING -t raw -p tcp --dport 1723 -j CT --helper pptp

I get this error:

iptables: No chain/target/match by that name.

Any ideas on how to fix it?

Have you initialized the CT target?

1 Like

Have no idea on how to do that honestly.

As suggested here: https://openwrt.org/docs/guide-user/services/vpn/pptp/nat_traversal

I've installed the related packages and modified 20-nf-conntrack-helper.conf, I can now connect from android devices but not from Windows.

You'll need to install kmod-nf-nathelper-extra first then issue the above command.

1 Like

Hi trendy, thanks for the support.
As stated in the previous post I've already:

# OpenWrt 15.05 and newer
opkg update
opkg install kmod-nf-nathelper-extra
 
# OpenWrt 18.06 additional step
cat << EOF > /etc/sysctl.d/20-nf-conntrack-helper.conf
net.netfilter.nf_conntrack_helper = 1
EOF
service sysctl restart

But I still get the same iptables error as at the start.
The interesting thing is that PPTP correctly works on android, I'm starting to wonder if it's a Microsoft issue.

Edit /etc/ppp/options.pptp:

noipdefault
noauth
nobsdcomp
nodeflate
idle 0
maxfail 0
refuse-pap
refuse-eap
refuse-chap
refuse-mschap

Will try, Thanks!

Hi @stangri!
Thanks a lot, your suggestions actually made the VPN interface connect correctly!
I'm now working on trying to setup your plugin "Vpnbypass", I get an error but i think it might be something stupid I'm missing:

404 Not Found

Sorry, the object you requested was not found.

Unable to dispatch: /cgi-bin/luci/admin/services/vpnbypass

Thanks again, you made my day!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.