OpenWrt Forum Archive

Topic: Help to configure PPTP via LUCI or /etc/config/network

The content of this topic has been archived on 23 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Shambler0
23 Oct 2010, 17:47

My provider requires me to use PPTP to connect to the internet.
It also requires WAN port to have specific MAC, IP and gateway.

I need to configure my OpenWRT router to connect to it. (Router details are in the end of the post.)

But LUCI does not allow me to configure static IP with PPTP connection. (that option is only visible when "static ip" is selected)

The solution on the FAQ does not work, and i don't know how to troubleshoot it.

Please help.

-----------------------------------------------------------

I already established the connection in a standard linux way:

# Configure the physical WAN port. This is REQUIRED.

ifconfig eth0.2 hw ether 00:C3:91:6B:82:2A
ifconfig eth0.2 10.31.6.22 netmask 255.0.0.0
ifconfig eth0.2 up

# Routing (this should be that way by default, so the following line is not required)

route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.0.2 dev eth0.2

# Start PPTP client. (see config files below)

/usr/sbin/pppd call pptpconnection

# Wait for connection to be established, then add default route
# ("defaultroute" option does not work at all for me)

sleep 10
route add default dev ppp0

# Now setup NAT (85.93.137.42 is my static internet IP):

iptables -t nat -F
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s 192.0.0.0/8 -d 10.0.0.0/8 -o eth0 -j SNAT --to-source 10.31.6.22
iptables -t nat -A POSTROUTING -s 192.0.0.0/8 -o ppp0 -j SNAT --to-source 85.93.137.42

PPP is configured as follows:

/etc/ppp/chap-secrets        wrote:

vpn1234    PPTP    P@$5w0rD
PPTP    vpn1234    P@$5w0rD

/etc/ppp/peers/pptpconnection        wrote:

pty "pptp 10.0.0.2 --nolaunchpppd"
connect /bin/true
name vpn1234
remotename PPTP
lock
nobsdcomp
nodeflate
require-chap
defaultroute
persist
debug
noauth

-----------------------------------------------------------

My router is DIR-300 Rev A (Atheros 183 MHz, 4MB Flash)
I have latest OpenWRT "Backfire RC3 (r22752)".
I have installed all required packages. (PPP, PPTP, kmod-ppp, kmod-gre, etc)
I understand basic networking and know how to use vi, sh, etc.

My provider requires following config:

WAN MAC=00:C3:91:6B:82:2A
WAN IP=10.31.6.22
WAN NetMask=255.0.0.0
WAN GateWay=10.0.0.2
PPTP-Server=10.0.0.2
PPTP Login=vpn1234
PPTP Password=P@$5w0rD            (this is not my real password)
PPTP Auth=CHAP or MSCHAPv2
PPTP Encryption=Forbidden
PPTP Compression=Forbidden
PPTP IP,NetMask,GateWay=Auto

-----------------------------------------------------------

ifconfig wrote:

root@OpenWrt:~# ifconfig

ath0      Link encap:Ethernet  HWaddr 00:11:22:33:44:55
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1183 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:413776 (404.0 KiB)

br-lan    Link encap:Ethernet  HWaddr 00:11:22:33:44:55
          inet addr:192.168.177.1  Bcast:192.168.177.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:464682 errors:0 dropped:0 overruns:0 frame:0
          TX packets:283969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:536493169 (511.6 MiB)  TX bytes:118535504 (113.0 MiB)

eth0      Link encap:Ethernet  HWaddr 00:22:44:66:88:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:778765 errors:0 dropped:0 overruns:0 frame:0
          TX packets:806368 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:677149355 (645.7 MiB)  TX bytes:656730316 (626.3 MiB)
          Interrupt:4 Base address:0x1000

eth0.1    Link encap:Ethernet  HWaddr 00:22:44:66:88:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:464682 errors:0 dropped:0 overruns:0 frame:0
          TX packets:283969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:538351897 (513.4 MiB)  TX bytes:119671380 (114.1 MiB)

eth0.2    Link encap:Ethernet  HWaddr 00:C3:91:6B:82:2A
          inet addr:10.31.6.22  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:313935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:522397 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:127883801 (121.9 MiB)  TX bytes:537057851 (512.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:855 (855.0 B)  TX bytes:855 (855.0 B)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:85.93.137.42  P-t-P:85.93.128.114  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:287129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:445997 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:113998478 (108.7 MiB)  TX bytes:508999313 (485.4 MiB)

wifi0     Link encap:UNSPEC  HWaddr 00-11-22-33-44-55-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:654 errors:0 dropped:0 overruns:0 frame:59
          TX packets:1722 errors:16 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:195
          RX bytes:50275 (49.0 KiB)  TX bytes:527865 (515.4 KiB)
          Interrupt:3 Memory:b0000000-b000ffff

route -n wrote:

root@OpenWrt:~# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.93.128.114   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.177.0   0.0.0.0         255.255.255.0   U     0      0        0 br-lan
10.0.0.0        10.0.0.2        255.0.0.0       UG    0      0        0 eth0.2
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0.2
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
0.0.0.0         192.168.177.13  0.0.0.0         UG    0      0        0 br-lan
0.0.0.0         10.0.0.2        0.0.0.0         UG    0      0        0 eth0.2

(Last edited by Shambler0 on 12 Nov 2010, 00:12)

Post #2
jow
24 Oct 2010, 20:47

Simply declare wan as static, set the ip there. Then create a new interface, call it "vpn" or similar and set it to pptp. Put the new interface into the wan zone too.

Post #4
Shambler0
25 Oct 2010, 22:53

[size=24]SOLVED!!![/size] But don't close the topic yet....

I have tried all that, but it didn't help. Most of time not only i won't connect to PPTP, but WAN gateway didn't even answer pings! (it does that if one's IP-address or MAC-address is incorrect).

After a lot of trial and error, I found a config that surprisingly worked. To make it work for me, all of the following must be done:
* There must be 2 interfaces: one ('WAN') set to static IP, another ('VPN') is for PPTP. (this is as suggested by jow and others)
* MAC-address must be set for both 'WAN' and 'VPN' interfaces (and it must be the same as the provider needs)
* 'VPN' LUCI interface must be associated to 'gre0' linux interface (option 'ifname' 'gre0'). My hand-configured PPTP used 'ppp0' instead, but in LUCI setting it to 'custom'->'ppp0' didn't work. 'eth0.2' didn't work either. I haven't tried all of the other choices here. The resulting p-t-p linux interface is named 'pptp-vpn'.
* The firewall zone has to be the same for 'WAN' and 'VPN'. I had to manually enable incoming traffic for that zone in firewall settings. If they are not in the same zone, some kind bridging of may be neccesary.

I am not sure, which of the above are actually required, I'll test it if I won't forget to.

So, this is my config:

/etc/config/network    wrote:

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ifname' 'eth0.1'
        option 'ipaddr' '192.168.177.1'
        option 'gateway' '192.168.177.13'
        option 'dns' '8.8.8.8'

config 'switch' 'eth0'
        option 'name' 'eth0'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan' 'eth0_1'
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '0 1 2 3 5t'

config 'switch_vlan' 'eth0_2'
        option 'device' 'eth0'
        option 'vlan' '2'
        option 'ports' '4 5t'

config 'interface' 'wan'
        option 'ifname' 'eth0.2'
        option 'macaddr' '00C3916B822A'
        option 'proto' 'static'
        option 'ipaddr' '10.31.6.22'
        option 'netmask' '255.0.0.0'
        option 'gateway' '10.0.0.2'
        option 'dns' '85.93.129.2'

config 'route'
        option 'interface' 'lan'
        option 'target' '10.0.0.0'
        option 'netmask' '255.0.0.0'
        option 'gateway' '10.0.0.2'

config 'interface' 'vpn'
        option 'proto' 'pptp'
        option 'server' '10.0.0.2'
        option 'username' 'vpn1234'
        option 'password' 'P@$$w0rD'
        option 'macaddr' '00C3916B822A'
        option 'ifname' 'gre0'

ifconfig -a    wrote:

ath0      Link encap:Ethernet  HWaddr 00:11:22:33:44:55
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:5611 (5.4 KiB)

br-lan    Link encap:Ethernet  HWaddr 00:11:22:33:44:55
          inet addr:192.168.177.1  Bcast:192.168.177.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44598 errors:0 dropped:0 overruns:0 frame:0
          TX packets:46731 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:28704532 (27.3 MiB)  TX bytes:41700636 (39.7 MiB)

eth0      Link encap:Ethernet  HWaddr 00:22:44:66:88:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:122696 errors:0 dropped:0 overruns:0 frame:0
          TX packets:101908 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:76666750 (73.1 MiB)  TX bytes:73747257 (70.3 MiB)
          Interrupt:4 Base address:0x1000

eth0.1    Link encap:Ethernet  HWaddr 00:22:44:66:88:00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:47039 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48976 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:29096757 (27.7 MiB)  TX bytes:42372036 (40.4 MiB)

eth0.2    Link encap:Ethernet  HWaddr 00:C3:91:6B:82:2A
          inet addr:10.31.6.22  Bcast:10.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:75371 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52930 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:45805284 (43.6 MiB)  TX bytes:31374136 (29.9 MiB)

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:23 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1444 (1.4 KiB)  TX bytes:1444 (1.4 KiB)

pptp-vpn  Link encap:Point-to-Point Protocol
          inet addr:85.93.137.42  P-t-P:85.93.128.114  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1452  Metric:1
          RX packets:49789 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45321 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:41167723 (39.2 MiB)  TX bytes:28378492 (27.0 MiB)

wifi0     Link encap:UNSPEC  HWaddr 00-11-22-33-44-55-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17943 errors:0 dropped:0 overruns:0 frame:459
          TX packets:445 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:195
          RX bytes:2004370 (1.9 MiB)  TX bytes:52957 (51.7 KiB)
          Interrupt:3 Memory:b0000000-b000ffff

route    wrote:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
85.93.128.114   *               255.255.255.255 UH    0      0        0 pptp-vpn      <----------- the internet
10.0.0.2        10.0.0.2        255.255.255.255 UGH   0      0        0 eth0.2       <-------------- provider's WAN (static route here, just to be sure)
192.168.177.0   *               255.255.255.0   U     0      0        0 br-lan         <-------------- home LAN
10.0.0.0        *               255.0.0.0       U     0      0        0 eth0.2            <-------------- WAN again, no idea why no gateway here.
default         *               0.0.0.0         U     0      0        0 pptp-vpn           <------------- the default route
default         192.168.177.13  0.0.0.0         UG    0      0        0 br-lan       <----------- this is for fallback, don't pay attention

(Last edited by Shambler0 on 12 Nov 2010, 00:59)

Post #5
pop0ff
5 Jan 2013, 18:37

hi all. i have the same problem with Shambler0. but i cant solve it.

my isp-provider also requires same config:

WAN MAC=00:11:22:33:44:55
WAN IP=10.115.24.174
WAN NetMask=255.255.255.252
WAN GateWay=10.115.24.173
PPTP-Server=10.255.7.250
PPTP Login=login
PPTP Password=pass
PPTP Auth=CHAP or MSCHAPv2
PPTP Encryption=Forbidden
PPTP Compression=Forbidden
PPTP IP,NetMask,GateWay=Auto

my /etc/config/network:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option ifname 'eth0'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option dns '8.8.8.8 8.8.4.4 10.7.1.23'

config interface 'wan'
        option ifname 'eth1'
        option proto 'static'
        option dns '10.7.1.23 8.8.8.8 8.8.4.4'
        option macaddr '00:11:22:33:44:55'
        option ipaddr '10.115.24.174'
        option netmask '255.255.255.252'
        option gateway '10.115.24.173'

config switch
        option name 'eth0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'eth0'
        option vlan '1'
        option ports '0 1 2 3 4'

config interface 'vpn'
        option proto 'pptp'
        option server '10.255.7.250'
        option username 'login'
        option password 'pass'
        option macaddr '00:11:22:33:44:55'

config route
        option interface 'wan'
        option target '10.0.0.0'
        option netmask '255.0.0.0'
        option gateway '10.115.24.173'

etc/config/firewall:

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan vpn'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

i add 'ifup vpn' in /etc/rc.local

but even after reboot no inernet access. although vpn connected.
can anybody said me what i doing wrong?

my device tl wr741nd_v1 and last openwrt (12.09-rc1)

Post #6
jow
5 Jan 2013, 20:16

What is the exact error reported by "ping 8.8.8.8" on a client?

Post #7
pop0ff
5 Jan 2013, 21:17

request timed out.
although ping to 10.x.x.x is successful.

(Last edited by pop0ff on 5 Jan 2013, 22:21)

Post #8
pop0ff
9 Jan 2013, 00:11

have any idea?

Post #9
pop0ff
10 Jan 2013, 23:19

system log writes:

Jan 11 00:17:35 OpenWrt daemon.info pppd[4171]: Using interface pptp-vpn
Jan 11 00:17:35 OpenWrt daemon.notice pppd[4171]: Connect: pptp-vpn <--> pptp (10.255.7.250)
Jan 11 00:17:35 OpenWrt daemon.err pppd[4171]: MS-CHAP authentication failed:
Jan 11 00:17:35 OpenWrt daemon.err pppd[4171]: CHAP authentication failed
Jan 11 00:17:35 OpenWrt daemon.notice pppd[4171]: Connection terminated.

The discussion might have continued from here.