VPN does not add network route

Using Openwrt 4.9.120

I have set up a pptp vpn to connect to another site, the link comes up and I can ping Internet sites and the vpn remote gateway, but not any hosts on the remote LAN. Basically, I want to set up a LAN-LAN vpn for traffic between the LANs and all other traffic to go the default local gw to Internet.

Local LAN:
Remote LAN:

`ip -o link show up` -->
11124: pptp-SCD_pptp01: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 3\    link/ppp

route -n gives

root@OpenWrt:~# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 usb0 UGH   0      0        0 usb0 UH    0      0        0 pptp01   U     0      0        0 br-lan   U     0      0        0 usb0

I can ping, but not any host on the 192.168.1.x LAN.

If I add the route manually with:
/sbin/route add -net gw
all works as desired and expected.

Now, back to the LuCi vpn setup. What do I need to do to have the route added and deleted on this vpn link, in LuCi?

Or, is this a bug or deficiency?

1 Like

It is expected behavior.
The static routes that are bound to an interface will be erased when the interface goes down. You need to add this route with an if-up script, if there is no option in Luci.
It would be a better idea to leave pptp and go to Wireguard or Openvpn for site-to-site tunnels. Better security and you can automatically install routes.

1 Like

"expected behavior", no, it is a deficiency: a design deficiency; a not yet implemented issue; or a bug. Beta behavior at best.

So, lets move this to a design recommendation list.

pptp is another issue which will be remedied later, however; this is probably a common denominator issue for any vpn that is used. An option that needs to be implemented.

So, looks like a if-up script is the only answer to my question at this stage. Hopefully, that will be mainline implemented, as a basic route or based on policy-based routing in the future.

I am having to re-visit this problem, for a pptp vpn and later an ip-sec vpn, but for now the pptp. I have added logger line into scripts at various locations, including /etc/hotplug.d/iface/, /etc/ppp/ without getting any log events/messages.

So, when a pptp vpn is brought up (usually via LuCi) and at other times via uci; what file if the location to add a few lines of script code to set routes for the vpn?

I need to automate this as much as possible, as vpn code is not adding the appropriate network route. Thence, removing the network route on closing down the vpn.


1 Like

So we need the hotplug script in here .
But how to make the script
For event when pptp0 is up
route add -net gw

I read some articles but I didn't get where and what exactly I have write

Do you need to add the route on the server or client side?

1 Like

I need to make both
On server
If ppp0 is up
then route add -net gw

On client
If ppp0 is up route add -net
gw (ppp0)

And forbid to make ppp0 default gateway

The question is what file to edit and what exactly
To write

1 Like

Thanks a lot but what is ${1} ${5}

Device is like ppp0 as I understand
and via is ip for gateway like pppo0 ip
And why for server it is hotplug script with
Ip route 2
And for client it is ip tables ?

1 Like

Client side interface is managed by netifd, since it supports the PPTP client protocol.
So, we can attach the route to the PPTP interface with native UCI syntax.

Server side interface is managed by pptpd.
Thus, we cannot rely on netifd, but need to use PPP scripts instead.

1 Like

There is another problem when first client connects it has ppp0 interface and the script make right gw for it ( I made server ppp interface like gw for 44.0/24 )
But the second interface connects and gets ppp1 interface with default route through wan
I need only one route for any numbers of clients
Because if client router lost power and then up it will get new interface new ip address and I need that route to (44.0/24) working for it

I modified the PPP script to support multiple clients and moved the code to the wiki.


But is client IP
What if client changed its IP

Configure static address allocation on the server.
Or check the variable PEERNAME instead.

1 Like

There was ${1} and ${5} no there is ${IPREMOTE}
and ${IFNAME} arent these the same things ?

Yep, but it wasn't originally documented.
I updated the wiki only recently after testing the code.

1 Like

Good I understand that
Can do

case ${IPREMOTE} in
( ip route add dev ${IFNAME} via ${IPREMOTE} ;;

case ${IPREMOTE} in
( ip route add dev ${IFNAME} via ${IPREMOTE} ;;


So any client connects they know the route to 2.0/24

case ${IPREMOTE} in
(| ... ;;
(192.168.6.[45]) ... ;;
( ... ;;
(*.6.7) ... ;;
(*.8) ... ;;
(*) ... ;;
1 Like
case ${IPREMOTE} in                                                                    
( ip route add dev ${IFNAME} via ${IPREMOTE} ;;          
( ip route add dev ${IFNAME} via ${IPREMOTE} ;;          

Did like this didn't work
Only for first one route was created
Maybe it needs some metric parametr or something