The PPTP Client cannot connect to the PPTP server using cellular

Hi，When I use the router to connect to the pptp server wirelessly, I find that the connection cannot be successful, but I can be successful when I use the cable. The following is the debug log of pptp

Wed Dec 13 13:33:00 2023 daemon.info pppd[21687]: Plugin pptp.so loaded.
Wed Dec 13 13:33:00 2023 daemon.info pppd[21687]: PPTP plugin version 1.00
Wed Dec 13 13:33:00 2023 daemon.notice pppd[21687]: pppd 2.4.7 started by root, uid 0
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21688]: pptp: call manager for 125.70.163.123
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21688]: window size: 50
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21688]: call id:     174
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21688]: control connection
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21688]: unix_sock
Wed Dec 13 13:33:00 2023 daemon.debug pppd[21695]: Sent control packet type is 1 'Start-Control-Connection-Request'
Wed Dec 13 13:33:01 2023 daemon.debug pppd[21695]: Received Start Control Connection Reply
Wed Dec 13 13:33:01 2023 daemon.debug pppd[21695]: Client connection established.
Wed Dec 13 13:33:01 2023 daemon.info dnsmasq[5639]: read /etc/hosts - 2 addresses
Wed Dec 13 13:33:01 2023 daemon.info dnsmasq[5639]: read /tmp/hosts/dhcp.dnsmasq - 1 addresses
Wed Dec 13 13:33:01 2023 daemon.info dnsmasq-dhcp[5639]: read /etc/ethers - 0 addresses
Wed Dec 13 13:33:01 2023 daemon.debug pppd[21695]: Sent control packet type is 7 'Outgoing-Call-Request'
Wed Dec 13 13:33:02 2023 daemon.debug pppd[21695]: Received Outgoing Call Reply.
Wed Dec 13 13:33:02 2023 daemon.debug pppd[21695]: Outgoing call established (call ID 174, peer's call ID 64000).
Wed Dec 13 13:33:02 2023 daemon.debug pppd[21687]: using channel 168
Wed Dec 13 13:33:02 2023 daemon.info pppd[21687]: Renamed interface ppp20 to pptp-pptp1
Wed Dec 13 13:33:02 2023 daemon.info pppd[21687]: Using interface pptp-pptp1
Wed Dec 13 13:33:02 2023 daemon.notice pppd[21687]: Connect: pptp-pptp1 <--> pptp (app.wthink.cn)
Wed Dec 13 13:33:02 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:05 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:05 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:05 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:08 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:08 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:08 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:11 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:11 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:11 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:14 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:14 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:14 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:17 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:17 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:17 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:20 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:20 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:20 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:23 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:23 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:23 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:26 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:26 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:26 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:29 2023 daemon.debug pppd[21687]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5c8599> <pcomp> <accomp>]
Wed Dec 13 13:33:29 2023 daemon.debug pppd[21687]: sent [LCP ConfRej id=0x1 <pcomp> <accomp>]
Wed Dec 13 13:33:29 2023 daemon.debug pppd[21687]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x7a46edb5>]
Wed Dec 13 13:33:30 2023 daemon.info pppd[15294]: closing control connection due to missing echo reply
Wed Dec 13 13:33:30 2023 daemon.err pppd[15294]: Fatal signal 6
Wed Dec 13 13:33:30 2023 daemon.info pppd[15294]: Exit.
Wed Dec 13 13:33:32 2023 daemon.warn pppd[21687]: LCP: timeout sending Config-Requests
Wed Dec 13 13:33:32 2023 daemon.notice pppd[21687]: Connection terminated.
Wed Dec 13 13:33:32 2023 daemon.debug pppd[21695]: Closing connection (unhandled)
Wed Dec 13 13:33:32 2023 daemon.debug pppd[21695]: Sent control packet type is 12 'Call-Clear-Request'
Wed Dec 13 13:33:32 2023 daemon.debug pppd[21695]: Closing connection (call state)
Wed Dec 13 13:33:32 2023 daemon.notice pppd[21687]: Modem hangup
Wed Dec 13 13:33:32 2023 daemon.info pppd[21687]: Exit.

And i have noticed that i have not recevied ConfAck message,why is that?

Is there a specific reason you need to use PPTP? It is not recommended for use on the internet at all anymore because it is trivially easy to hack. You should only use this technology if no other option is available.

Which side is wireless/cellular? The server or the client or both?

When you're using the cable, does this mean the client is on the same local network as the server?

Yes, I have two routers, a server and a client. I tried to test pptp using a wireless network and found that I could not connect. The client was using cellular

Re-asking the question:

Since you control both sides of the vpn, you would be better off with wireguard.

Also:

I want to test whether the cellular can properly connect to pptp, and the client and server are on the local network

Does the server have a public ip address on the wan? When you look at the IPv4 upstream on the luci main status page, what are the first two octets of the ip address? (In bold aaa.bbb.ccc.ddd)

Yes, the server has a public ip address, and the client uses the domain name of the server to connect to the server

How have you verified the public address?

I queried the address using the curl(curl ipinfo.io) command

That is not a reliable indicator. That will always return a public ip address, even if you are behind nat/cg-nat and don’t have one.

OK,The IP address obtained by using the client to ping the domain name is also unreliable，Below is a screenshot from web [moderator edit: removed image to maintain user security]

What you showed in your image does appear to be a public ip.

Let’s start to look at your config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/firewall

root@router:~# ubus call system board
{
        "kernel": "4.14.149",
        "hostname": "router",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "xxxx",
        "board_name": "xxxxx,xxxx",
        "release": {
                "distribution": "OpenWrt",
                "version": "7.1.0",
                "revision": "7.1.0(5934)",
                "target": "ramips/mt76x8",
                "description": "OpenWrt 7.1.0(5934)"
        }
}
root@router:~#
root@router:~#
root@router:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'auto'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.0.1'
        option netmask '255.255.255.0'
        option mtu '1500'
        option ip6addr 'fd00::1/64'
        option ip6assign '64'

config interface 'wan1'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option mtu '1500'
        option metric '10'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config interface 'loopback0'
        option ifname 'loopback0'
        option proto 'static'
        option netmask '0.0.0.0'
        option ipaddr '0.0.0.0'

config interface 'loopback1'
        option ifname 'loopback1'
        option proto 'static'
        option ipaddr '0.0.0.0'
        option netmask '0.0.0.0'

config interface 'umts1'
        option enable '1'
        option auto '0'
        option proto 'umts'
        option unit '0'
        option ifname 'cell_wwan0'
        option hubport '1'
        option mode '1'
        option bind '0'
        option bindhwid '0'
        option enablebak '0'
        option wband '0'
        option lteband '0'
        option enable2 '1'
        option mode2 '1'
        option wband2 '0'
        option lteband2 '0'
        option metric '20'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'
        option metric '40'

config interface 'pptp1'
        option proto 'pptp'
        option ifname 'pptp-pptp1'
        option username 'pptp-test'
        option password '1'
        option mppe_enable '1'
        option localintf 'any'
        option disabled '0'
        option server 'xxx.xxxx.xxx'

root@router:~#
root@router:~#
root@router:~#
root@router:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option drop_invalid '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '0'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan1'

config include
        option path '/etc/firewall.user'

config include
        option path '/lib/whitelist/whitelist.sh'

config zone
        option name 'wan1'
        list network 'wan1'
        list network 'wwan'
        option output 'ACCEPT'
        option masq '1'
        option masq_allow_invalid '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        list helper 'ftp'
        list helper 'pptp'
        list helper 'sip'
        list helper 'snmp'
        list helper 'tftp'

config zone
        option name 'umts1'
        list network 'umts1'
        option output 'ACCEPT'
        option masq '1'
        option masq_allow_invalid '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'loopback0'
        list network 'loopback0'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'loopback1'
        list network 'loopback1'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config include
        option path '/etc/config/firewall.nat6'

config zone
        option name 'wan6'
        list network 'wan6'
        option family 'ipv6'
        option output 'ACCEPT'
        option masq '1'
        option masq_allow_invalid '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

root@router:~#

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

Got it,Thanks for your help

The last question, can the official openwrt implement this

Yes but I would advise against using pptp. It is not safe.