PPTP client on TL-MR6400

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

I'm trying to setup the PPTP client on the router TP-Link TL-MR6400v5. It seems very easy according to the https://openwrt.org/docs/guide-user/services/vpn/pptp/client but it doesn't work. I know that the problem was described many times on the forum.
I noticed that even the client PPTP installed on my PC is not connecting to the VPN server if the PC is connected to the Internet via TL-MR6400. It seems that not only the PPTP client on the TL-MR6400 is wrong configured but something in global settings of the router blocks the traffic.

Thank you in advance for any suggestions

2

You need the nf_conntrack_pptp and nf_conntrack_proto_gre kernel modules.
They are part of the kmod-nf-nathelper-extra package.
Did you install it?
Check that the modules are loaded:

lsmod | grep 'gre\|pptp'
3

Yes, I have installed the package before. No result.

root@OpenWrt:~# lsmod | grep 'gre\|pptp'
gre                     2400  2 pptp,ip_gre
ip_gre                 16224  0
ip_tunnel              13600  1 ip_gre
nf_conntrack           69104 23 xt_state,xt_nat,xt_conntrack,xt_REDIRECT,xt_MASQUERADE,xt_CT,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_amanda,nf_nat,nf_flow_table,nf_conntrack_tftp,nf_conntrack_snmp,nf_conntrack_sip,nf_conntrack_pptp,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack_broadcast,nf_conntrack_amanda
nf_conntrack_pptp       3904  2 nf_nat_pptp
nf_nat                 21968 10 iptable_nat,xt_nat,xt_REDIRECT,xt_MASQUERADE,nf_nat_tftp,nf_nat_sip,nf_nat_pptp,nf_nat_irc,nf_nat_h323,nf_nat_amanda
nf_nat_pptp             1824  0
ppp_generic            24112  5 pppoe,ppp_async,pptp,pppox,ppp_mppe
pppox                   1264  2 pppoe,pptp
pptp                   13808  0
4

Not sure why you are having those issues, but it is worth mentioning that PPTP is considered unsuitable for the modern internet due to the triviality of cracking the encryption. It has been deprecated and removed from many modern operating systems, and it really should not be used unless there is a very specific reason, and only in situations where security is not needed at all.

I would recommend looking at wireguard as a replacement vpn technology.

5

The VPN server (router Cyberoam CR10wiNG) supports only L2TP and PPTP. VPN is used infrequently in the network and works fairly well for today's purposes.

6

This device is eol and unsupported. It would be a good idea to consider upgrading this device, too, as it is at least 3 years beyond its support window and may have many unpatched vulnerabilities that have been discovered in the past several years.

7

Yes it's true. :slightly_smiling_face:

8

Two modules are missing:

nf_conntrack_proto_gre    2624  1 nf_conntrack_pptp
nf_nat_proto_gre          816   1 nf_nat_pptp

Check if they are available:

ll /lib/modules/*/ | grep proto_gre
9

They are not available. Where can I find the missing modules?

10

Тhey should be included in kmod-nf-nathelper-extra

opkg files kmod-nf-nathelper-extra
11

Check the hw inside CR10wiNG. CR15wiNG and CR25wiNG are x86, perhaps the 10 is too, then you could install openwrt on it.

1 Like
12

root@OpenWrt:~# opkg files kmod-nf-nathelper-extra
Package kmod-nf-nathelper-extra (5.4.188-1) is installed on root and has the following files:
/lib/modules/5.4.188/nf_conntrack_irc.ko
/lib/modules/5.4.188/nf_conntrack_pptp.ko
/lib/modules/5.4.188/nf_nat_h323.ko
/lib/modules/5.4.188/nf_nat_irc.ko
/lib/modules/5.4.188/nf_conntrack_tftp.ko
/lib/modules/5.4.188/nf_nat_pptp.ko
/lib/modules/5.4.188/nf_conntrack_snmp.ko
/etc/modules.d/nf-nathelper-extra
/lib/modules/5.4.188/nf_nat_tftp.ko
/lib/modules/5.4.188/nf_conntrack_amanda.ko
/lib/modules/5.4.188/nf_conntrack_broadcast.ko
/lib/modules/5.4.188/nf_conntrack_sip.ko
/lib/modules/5.4.188/nf_nat_amanda.ko
/lib/modules/5.4.188/nf_nat_snmp_basic.ko
/lib/modules/5.4.188/nf_conntrack_h323.ko
/lib/modules/5.4.188/nf_nat_sip.ko

13

I think, there is no support of OpenWRT for CR10wING.
https://openwrt.org/toh/start

14

If it's x86, it's going to be supported, unless they've locked it down.

There are no device specific images for x86.

15

I have no idea, which CPU is inside the router. Next weekend I will unscrew the device.

https://manualzz.com/doc/25742100/cyberoam-cr10wing-datasheet

16

Don't remove the heat sink, make a dump of the SSD, and look what you can find on it

https://fccid.io/2ADD4-CR10ING/

17

I noticed that not only I have problem with the missing modules.

Below is link to the similar problem but I don't know how I could use the solution on the OpenWRT.

https://access.redhat.com/discussions/6038531#comment-2098641

Any suggestions?

Thanks a lot

18

Despite the package info, proto_gre is obviously missing in all versions 21.02.x (kernel 5.4.x).

Sorry, I am out of ideas, but I can confirm that pptp works as expected with version 19.7.

19

Version 19.7 of OpenWRT doesn't support TL-MR6400. Maybe only the kernel version needs to be downgraded.

20

I made a test with version 21.02.1 and pptp client works fine from the router itself.
Both device (server and client) have public IPs and nat is not involved.
Do you see any errors in the log?

Sun Jun 19 18:55:08 2022 daemon.notice netifd: Interface 'pptp' is setting up now
Sun Jun 19 18:55:08 2022 daemon.info pppd[32295]: Plugin pptp.so loaded.
Sun Jun 19 18:55:09 2022 kern.info kernel: [1641365.600924] pptp-pptp: renamed from ppp0
Sun Jun 19 18:55:09 2022 daemon.info pppd[32295]: Renamed interface ppp0 to pptp-pptp
Sun Jun 19 18:55:09 2022 daemon.info pppd[32295]: Using interface pptp-pptp
Sun Jun 19 18:55:09 2022 daemon.notice pppd[32295]: Connect: pptp-pptp <--> pptp (37.157.x.x)
Sun Jun 19 18:55:10 2022 daemon.notice netifd: Network device 'pptp-pptp' link is up
Sun Jun 19 18:55:10 2022 daemon.notice netifd: Interface 'pptp' is now up