PPTP, Network Device is not present

Hi, I struggling with a simple setup of a PPTP client. This works always on initial setup, install packages, create a PPTP client config, connect. But after a reboot, reconnect I always get "Network device is not present". This happens on different devices, with Wifi and LAN connection.
I saw a different behavior of connection, once the "LAN" interface where I connect via LAN or Wifi has a Gateway (grayed out autoconfigrued to wwan IP) or the field does not show up.
Does anyone can give me a hint to the right direction?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@GL-AR300M:~# ubus call system board
{
        "kernel": "5.10.176",
        "hostname": "GL-AR300M",
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "GL.iNet GL-AR300M (NOR)",
        "board_name": "glinet,gl-ar300m-nor",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.4",
                "revision": "r20123-38ccc47687",
                "target": "ath79/nand",
                "description": "OpenWrt 22.03.4 r20123-38ccc47687"
        }
}

#########################################

root@GL-AR300M:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd5f:6865:250f::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.8.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option isolate '0'
        option device 'br-lan'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'
        option force_link '0'
        option ipv6 '0'
        option classlessroute '0'

config interface 'wan6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@wan'

config interface 'tethering6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@tethering'

config interface 'wwan6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@wwan'

config interface 'guest'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.9.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option multicast_querier '1'
        option igmp_snooping '0'
        option isolate '0'
        option bridge_empty '1'
        option disabled '1'

config interface 'wwan'
        option proto 'dhcp'
        option metric '20'
        option classlessroute '0'

config interface 'modem_1_1_2_6'
        option proto 'dhcpv6'
        option disabled '1'
        option device '@modem_1_1_2'

config rule 'policy_direct_rt'
        option lookup 'main'
        option suppress_prefixlength '0'
        option priority '1100'

config rule 'policy_default_rt_vpn'
        option mark '0x8000/0xc000'
        option lookup '8000'
        option priority '1101'
        option invert '1'

config rule6 'policy_direct_rt6'
        option lookup 'main'
        option suppress_prefixlength '0'
        option priority '1100'

config rule6 'policy_default_rt_vpn6'
        option mark '0x8000/0xc000'
        option lookup '8000'
        option priority '1101'
        option invert '1'

config device
        option name 'wlan0'
        option ipv6 '0'

config interface 'VPNUSG'
        option proto 'pptp'
        option username '<<myuser>>'
        option ipv6 'auto'
        option password '<<mypassword>>'
        option server '<<myserver>>'



#########################################




root@GL-AR300M:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option band '2g'
        option country 'US'
        option disabled '0'
        option htmode 'HT40'
        option hwmode '11g'
        option legacy_rates '1'
        option channel '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2'
        option wds '1'
        option isolate '0'
        option ifname 'wlan0'
        option ssid 'BatMobil'
        option hidden '0'
        option key 'Bin3Cave'

config wifi-iface 'guest2g'
        option device 'radio0'
        option network 'guest'
        option mode 'ap'
        option ifname 'wlan0-1'
        option encryption 'psk2'
        option key 'goodlife'
        option ssid 'GL-AR300M-434-Guest'
        option guest '1'
        option disabled '1'
        option wds '1'
        option isolate '1'

#################################################


root@GL-AR300M:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option rebind_protection '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option force '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config domain
        option name 'console.gl-inet.com'
        option ip '192.168.8.1'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'disabled'
        option ra 'disabled'


########################################





root@GL-AR300M:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone 'lan'
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone 'wan'
        option name 'wan'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'
        list network 'VPNUSG'

config forwarding
        option src 'lan'
        option dest 'wan'

config forwarding
        option dest 'vpn'
        option src 'lan'

config rule
        option target 'ACCEPT'
        list proto 'all'
        option name 'Allow-VPN'
        option src 'vpn'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'nat6'
        option path '/etc/firewall.nat6'
        option reload '1'

config rule 'block_dns'
        option name 'block_dns'
        option src '*'
        option dest_port '53'
        option target 'REJECT'
        option enabled '0'
        option device 'br-*'

config zone
        option name 'guest'
        option forward 'REJECT'
        option output 'ACCEPT'
        option input 'REJECT'
        list network 'guest'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option name 'Allow-DHCP'
        option src 'guest'
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '67-68'

config rule
        option name 'Allow-DNS'
        option src 'guest'
        option target 'ACCEPT'
        option proto 'tcp udp'
        option dest_port '53'

config include 'vpn_server_policy'
        option type 'script'
        option path '/etc/firewall.vpn_server_policy.sh'
        option reload '1'
        option enabled '1'

config include 'gls2s'
        option type 'script'
        option path '/var/etc/gls2s.include'
        option reload '1'

config include 'glblock'
        option type 'script'
        option path '/usr/bin/gl_block.sh'
        option reload '1'

config include 'pbr'
        option fw4_compatible '1'
        option type 'script'
        option path '/usr/share/pbr/pbr.firewall.include'

First thing to mention is that PPTP is not secure and considered unsuitable for use on the modern internet because it is so trivial to crack. If you have any other alternatives available (recommended Wireguard or OpenVPN), you should absolutely avoid PPTP.

Meanwhile... TL;DR: You're running GL-Inet's vendor firmware which is highly modified relative to the official OpenWrt firmware. You need to ask them for help if you're running their firmware. Alternatively, you can install official OpenWrt -- your device is supported.

3 Likes

thank you for the hint. I see the same behaviour on different devices also with native image. However, I'll try anything different

What is the nature/purpose of this VPN? Is it a road-warriror type? Or a commercial VPN or a connection to work/school/etc?

Hi, its used to tunnel streaming content due to country restrictions. Target is a very limited mini USG box with PPTP support client/server or IPSec + OpenVPN site2site

If the USG is running the vendor firmware, it can't run WireGuard... but you could install OpenWrt on it and then that would be possible.

That said, OpenVPN would be a much more secure option. Unfortunately, it's an older and more bloated protocol that won't be particularly fast on either of your devices.

Another option would be to put a VPN endpoint behind the USG. Lots of options in terms of hardware, but an OpenWrt + WireGuard endpoint could work very well (a Raspberry Pi 4 would be a great option here, as would many routers that are supported by OpenWrt).

1 Like