[Solved] Using/Setting VPN PPtP

Hello,
I`m trying to do something that is very simple in my mind. To do an VPN.
The data is:
At home i have an WIN machine with an incoming connection already up and running perfect, an router with all the forwarding things up and running.
OKAY,
In outside i use an mobile data by tethering my phone to laptop/android box. The VPN working and do the job.
I have in mind to do an gateway for this from an old Pirelli ADSL box.
I have do this in the past with an ASUS router with ethernet WAN an was working like a charm. Past days. Now i miss my UTP internet provider.
So the Pirelli box has USB and i am think: USB? Why not to try?
What i have do: OpenWrt latest version flood my Pirelli box and installed some packages.
Do the Tethering USB for WAN. Works!
Do the PPtP connection. Connected. OKAY.
Now what?
Form diagnostic page i can ping openwrt.org or anything i want, looks that traffic is routed by VPN. Tracert google, same thing. But in fact the LAN has no connection what so ever with VPN. I have try almost an week, read a lot of things. I have no ideea what i have to do. Unfortunately my old Asus router has no USB an cannot do what i want.
I have an ideea, if someone make or have already an openwrt setup to work in that manner please make an backup an post-it , i will load it, set my user and server and i have the job done! Thank in advance. Happy Holidays!!!
!!!!SO SHORT TIME UNTIL X-MAS!!!

Here is an picture of the job:
4|682x499

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
1 Like

Okay, I am doing this. Remember that firewall is disabled, otherwise vpn will not connect. This is the result:

login as: root


BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.4, r11208-ce6496d796
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
        "kernel": "4.14.195",
        "hostname": "OpenWrt",
        "system": "bcm63xx/96368_Swiss_S1 (0x6368/0xB2)",
        "model": "ADB P.DG AV4202N",
        "board_name": "av4202n",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.4",
                "revision": "r11208-ce6496d796",
                "target": "brcm63xx/smp",
                "description": "OpenWrt 19.07.4 r11208-ce6496d796"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfd:111b:8612::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 8t'

config interface 'TETHERINGUSB'
        option ifname 'usb0'
        option proto 'dhcp'

config interface 'VPN'
        option proto 'pptp'
        option username 'SERVER'
        option ipv6 'auto'
        option password 'pass'
        option server 'myserver'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:01.0/ssb0:0'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ehci-platform/usb1/1-2/1-2:1.0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option mtu_fix '1'
        option network 'wan wan6 TETHERINGUSB VPN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
    inet 192.168.42.216/24 brd 192.168.42.255 scope global usb0
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
13: pptp-VPN: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN qlen 3
    inet 193.178.100.228 peer 193.178.100.226/32 scope global pptp-VPN
       valid_lft forever preferred_lft forever
default via 193.178.100.226 dev pptp-VPN
79.115.173.93 via 192.168.42.129 dev usb0
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.42.0/24 dev usb0 scope link  src 192.168.42.216
193.178.100.226 dev pptp-VPN scope link  src 193.178.100.228
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link  src 192.168.1.1
local 192.168.1.1 dev br-lan table local scope host  src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link  src 192.168.1.1
broadcast 192.168.42.0 dev usb0 table local scope link  src 192.168.42.216
local 192.168.42.216 dev usb0 table local scope host  src 192.168.42.216
broadcast 192.168.42.255 dev usb0 table local scope link  src 192.168.42.216
local 193.178.100.228 dev pptp-VPN table local scope host  src 193.178.100.228
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx    1 root     root            16 Sep  6 16:19 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root             0 Dec  9 20:35 /tmp/resolv.conf
-rw-r--r--    1 root     root             0 Dec  9 20:35 /tmp/resolv.conf.auto
-rw-r--r--    1 root     root             0 Dec  9 20:35 /tmp/resolv.conf.ppp
==> /etc/resolv.conf <==

==> /tmp/resolv.conf <==

==> /tmp/resolv.conf.auto <==

==> /tmp/resolv.conf.ppp <==
head: /tmp/resolv.*/*: No such file or directory
root@OpenWrt:~#

Make sure to follow the how-to carefully:

  • Install the NAT helper package
  • Enable the conntrack helper
  • Enable the firewall service

https://openwrt.org/docs/guide-user/services/vpn/pptp/client#instructions

If the issue persists, try to decrease MTU:
PPTP client MTU value problem - #56 by vgaetera

Why is there a public IP on the VPN interface?

1 Like

You are the master!!!
It is working as charm!!!
I dont know what i have do there, but its working. Thank you very, very loud!
193.178.100.228? is my internal ips class. Providers modem has to do with it and my VPN incoming connection is set inside of it but on top of the modem.

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like

So for anybody who try the same like me:
Steps:
Install openwrt clean
install required packages as you wish ( PPtP, RNDIS, RT73 for me)
Make the smartphone interface
Verify for working
Restart by unplug
Run the instructions on the top, from https://openwrt.org/docs/guide-user/services/vpn/pptp/client#instructions On # Configuration parameters put your server pass and adress as you have
Restart
Volila!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.