Unable to route traffic via PPTP-VPN

lijomathew80 · May 25, 2021, 9:38pm

BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.0-rc1, r10649-c4fdb377a2
 -----------------------------------------------------

I have PPTP Client Setup, but it won't route all traffic via PPTP VPN, I am looking to route all traffic via VPN

root@GL-MV1000:~# logread -e pppd
Tue May 25 23:27:31 2021 daemon.info pppd[31010]: Plugin pptp.so loaded.
Tue May 25 23:27:31 2021 daemon.info pppd[31010]: PPTP plugin version 1.00
Tue May 25 23:27:31 2021 daemon.notice pppd[31010]: pppd 2.4.7 started by root, uid 0
Tue May 25 23:27:32 2021 daemon.info pppd[31010]: Using interface pptp-vpn
Tue May 25 23:27:32 2021 daemon.notice pppd[31010]: Connect: pptp-vpn <--> pptp (myhomeonline.net)
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: CHAP authentication succeeded
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: MPPE 128-bit stateless compression enabled
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: local  IP address 192.168.10.160
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: remote IP address 192.168.10.150
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: primary   DNS address 8.8.8.8
Tue May 25 23:27:33 2021 daemon.notice pppd[31010]: secondary DNS address 8.8.8.8

root@GL-MV1000:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
--- no response

root@GL-MV1000:~# ping -I pptp-vpn 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=64 time=164.061 ms
64 bytes from 192.168.10.1: seq=1 ttl=64 time=165.595 ms
--- via pptp-vpn i get a response

root@GL-MV1000:~# ip route
default via 192.168.178.1 dev wan proto static src 192.168.178.17 metric 10
122.166.121.74 via 192.168.178.1 dev wan proto static metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.10.150 dev pptp-vpn proto kernel scope link src 192.168.10.159
192.168.178.0/24 dev wan proto static scope link metric 10

I want to ensure that all traffic is route to 192.168.10.150 (VPN Server) dev pptp-vpn and not to 192.168.178.1 dev wan (Local Network Router IP)

stangri · May 26, 2021, 4:04am

Are you running vanilla OpenWrt or GL-Inet's build?

pavelgl · May 26, 2021, 6:43am

There is no an option defaultroute '0' in the pptp-vpn interface section, right?

Are those logs collected during the same pptp session?
Your local IP address should be 192.168.10.160, but in the routing table as source address
(to 192.168.10.150) is used 192.168.10.159.

lijomathew80 · May 26, 2021, 6:54am

GL-Inet's build

lijomathew80 · May 26, 2021, 7:01am

I used this guide to setup the VPN client. https://openwrt.org/docs/guide-user/services/vpn/pptp/client

192.168.10.159/192.168.10.160 are from different sessions, I restarted network, trying to find a way give a default route, there isn't any option that I found for the pptp-vpn interface or config.

In the following documentation https://openwrt.org/docs/guide-user/services/vpn/pptp/extras#disable_gateway_redirection it states

Disable gateway redirection

If you do not need to redirect all traffic to VPN. Disable gateway redirection on VPN client.

Configure VPN service
uci set network.vpn.defaultroute="0"
uci commit network
/etc/init.d/network restart

I tried the opposite and set network.vpn.defaultroute="1", still no luck

vgaetera · May 26, 2021, 7:15am

uci -q delete network.default
uci set network.default="route"
uci set network.default.interface="vpn"
uci set network.default.target="0.0.0.0/0"
uci commit network
/etc/init.d/network restart

lijomathew80 · May 26, 2021, 7:24am

No luck

root@GL-MV1000:~# uci -q delete network.default
root@GL-MV1000:~# uci set network.default="route"
root@GL-MV1000:~# uci set network.default.interface="vpn"
root@GL-MV1000:~# uci set network.default.target="0.0.0.0/0"
root@GL-MV1000:~# uci commit network
root@GL-MV1000:~# /etc/init.d/network restart
root@GL-MV1000:~# ip -4 ro
default dev pptp-vpn proto static scope link
default via 192.168.178.1 dev wan proto static src 192.168.178.17 metric 10
122.166.121.74 via 192.168.178.1 dev wan proto static metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.10.150 dev pptp-vpn proto kernel scope link src 192.168.10.153
192.168.178.0/24 dev wan proto static scope link metric 10
root@GL-MV1000:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
^C
--- 192.168.10.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root@GL-MV1000:~# traceroute openwrt.org
traceroute to openwrt.org (139.59.209.225), 30 hops max, 46 byte packets
 1  192.168.178.1 (192.168.178.1)  4.688 ms  4.191 ms  3.447 ms
 2  10.254.89.1 (10.254.89.1)  12.758 ms  11.567 ms  12.576 ms
 3  amr-rc0011-cr102-et116-251.core.as33915.net (213.51.193.69)  13.071 ms  14.425 ms  14.435 ms
 4  asd-tr0021-cr101-be154-10.core.as9143.net (213.51.158.102)  14.276 ms  15.496 ms  12.855 ms
 5  nl-srk03a-ri1-ae51-0.core.as9143.net (213.51.64.198)  16.732 ms  15.571 ms  15.353 ms
 6  213.46.182.142 (213.46.182.142)  16.443 ms  15.865 ms  15.980 ms

vgaetera · May 26, 2021, 7:25am

ip route show table all; ip rule show; ip route get 1

/etc/init.d/mwan3 disable
/etc/init.d/mwan3 stop

lijomathew80 · May 26, 2021, 8:28am

root@GL-MV1000:~# ip route show table all; ip rule show; ip route get 1
default via 192.168.178.1 dev wan table 1
default via 192.168.10.150 dev pptp-vpn proto static
default via 192.168.178.1 dev wan proto static src 192.168.178.17 metric 10
122.166.121.74 via 192.168.178.1 dev wan proto static metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.10.150 dev pptp-vpn proto kernel scope link src 192.168.10.157
192.168.178.0/24 dev wan proto static scope link metric 10
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.8.0 dev br-lan table local proto kernel scope link src 192.168.8.1
local 192.168.8.1 dev br-lan table local proto kernel scope host src 192.168.8.1
broadcast 192.168.8.255 dev br-lan table local proto kernel scope link src 192.168.8.1
local 192.168.10.157 dev pptp-vpn table local proto kernel scope host src 192.168.10.157
broadcast 192.168.178.0 dev wan table local proto kernel scope link src 192.168.178.17
local 192.168.178.17 dev wan table local proto kernel scope host src 192.168.178.17
broadcast 192.168.178.255 dev wan table local proto kernel scope link src 192.168.178.17
fdac:742f:46dc::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdac:742f:46dc::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wan proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fdac:742f:46dc:: dev br-lan table local proto kernel metric 0 pref medium
local fdac:742f:46dc::1 dev br-lan table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wan table local proto kernel metric 0 pref medium
anycast fe80:: dev br-lan table local proto kernel metric 0 pref medium
local fe80::9683:c4ff:fe09:e3b3 dev eth0 table local proto kernel metric 0 pref medium
local fe80::9683:c4ff:fe09:e3b3 dev wan table local proto kernel metric 0 pref medium
local fe80::9683:c4ff:fe09:e3b4 dev br-lan table local proto kernel metric 0 pref medium
ff00::/8 dev eth0 table local metric 256 pref medium
ff00::/8 dev br-lan table local metric 256 pref medium
ff00::/8 dev wan table local metric 256 pref medium
0:      from all lookup local
1001:   from all iif wan lookup main
2001:   from all fwmark 0x100/0x3f00 lookup 1
2061:   from all fwmark 0x3d00/0x3f00 blackhole
2062:   from all fwmark 0x3e00/0x3f00 unreachable
32766:  from all lookup main
32767:  from all lookup default
1.0.0.0 via 192.168.10.150 dev pptp-vpn src 192.168.10.157 uid 0
    cache
root@GL-MV1000:~# /etc/init.d/mwan3 disable
root@GL-MV1000:~# /etc/init.d/mwan3 stop
root@GL-MV1000:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=64 time=172.990 ms
64 bytes from 192.168.10.1: seq=1 ttl=64 time=168.084 ms
64 bytes from 192.168.10.1: seq=2 ttl=64 time=169.581 ms

it worked, thank you

system · June 5, 2021, 8:28am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.