OpenWrt Forum Archive

Topic: [SOLVED] PopTop Server ip-up/ip-down scripting

The content of this topic has been archived on 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi there,

I am a great fan of OpenWRT long time ago, and decided finally to create an account here.

This time I was unable to find an answer to a question that is bothering me since a month or so.

I've managed to deploy PPTPD (a.k.a PopTop server) on a Barrier Breaker, by following the documentation in the Wiki.
Before anyone raise exclamations and warnings about the vulnerability of PPTP and MPPE, yes I know. It is an old and vulnerable protocol for VPN. I am using it because I do not need any encryption at all!
Just need a tunnel between two endpoints, and additional support for embed devices that do not support anything else but pptp.

My setup looks like this:
Remote Site have a local LAN 192.168.30.0/24 and a ppp interface with address 10.10.2.4
the server have a local LAN 192.168.2.0/24 and a ppp concentrator with address 10.10.2.1

I am able to add the server LAN (192.168.2.0/24) to the client routing table by using the ip-up scripting.

However I am not able to add the client LAN (192.168.30.0/24) to the server routing table.
The server /etc/ppp/ip-up.d/* are simply not executed.

Does anyone of you knows how I might be able to add the client LANs to the pptp server?

Thank you

(Last edited by void_runner on 30 Jun 2015, 20:24)

C'mon guys!

Seriously no one is able to help me here?
A simple cronjob script checking and adding route every 5min?

All I know is that adding static routes is not working at all:

config route
        option interface 'lan'
        option target '192.168.30.0'
        option netmask '255.255.255.0'
        option gateway '10.10.2.4'

You can't add a route unless the gateway is on a known subnet, in this case that would be after the PPTP connection has been established. Try adding the route manually once the tunnel is up, should work fine.

Just a FYI, you can run OpenVPN without any encryption/compression as well. There are also other VPN suites made for easy set up of full mesh networking like Tinc.

I am aware of OpenVPN "cypher none" encryption instalment. However the requirements are for PopTop.

As far as the manual addition of the routes...hm... not an option, the tunnel is far from stable, and it drops irregularly. Some times it withstand more than 12h, next time it last just for 5min.. etc.

On the Debian version of pptpd, once a connection is established the /etc/ppp/ip-up.d/* scripts are executed with the corresponding pptpd parameters. I was just hopping that the OpenWRT implementation works the similar way.

So there're no mechanisms for routes addition through pptpd connection establishment?

Hey there.

Can you execute your scripts under /etc/ppp/ip-up.d/ manually? Just try to remoe any variable and call them. Might be some misspelling or something. You could start with "touch /tmp/pppup.foo" and see if the file gets executed but is not capable of creating routes or if it realy does not get called at al.

Documentation says there is also a fille called "/etc/ppp/ip-up". What about this one? Having multiple if-up-something files placed in /etc/ppp/ip-up.d/ and only have some lines of code per file clearly makes things more obvious and readable, but there are chances the directory thingy doesn't work but the single if-up file does.

As another option, you can add your "route add" command to Network -> Firwakk -> "Custom rules". This one gets saved at "/etc/firewall.user" and executed "every now and then when firewall situations change". I don't know exactly what it is triggered by, but I guess "having a new interface up" is one of those situations.

Additionally, there is that "hotplug" system.
http://wiki.openwrt.org/doc/techref/hotplug
http://wiki.openwrt.org/doc/uci/firewal … hooks_8092
This way you should be able to catch exactly the situation where the ppp interface comes up.

The last thingly is the one I would prefer. Create a script /etc/hotplug.d/firewall/42-ppproutes should be pretty easy.

Regards,
Stephan.

It's actually a feature of pppd, not pptpd. The correct file is /etc/ppp/ip-up and /etc/ppp/ip-down. The ip-up.d is most likely something the Debian guys added.

golialive and arokh,
You're great!!

Of course, it is not ip-up.d/ip-down.d. I am a lazy absent lost sheep!!!
It is ip-up and ip-down scripts that are calling scripts named after tunnel inside *.d/*
This is the regular Debian behavior.

Even in OpenWRT there are scripts (/lib/netifd/ppp-down and /lib/netifd/ppp-up) which are calling everything inside /etc/ppp/ip-up.d/ and corresponding /etc/ppp/ip-down.d/

Now on the functional part. I was able to accomplish my goal by using this little script named after /etc/ppp/ip-up

#!/bin/sh
# Script parameters
# $0 Script name in that case /etc/ppp/ip-up
# $1 Interface name
# $2 tty device name
# $3 tty device speed
# $4 interface local IP address
# $5 interface remote IP address
# $6 client public IP address

 logfile=/var/log/ppp

#init the log
  echo "`date` $0 $1 $2 $3 $4 $5 $6" >> $logfile

case "$5" in
 10.10.2.4)
  route add -net 192.168.30.0/24 dev $1
 ;;
esac

One could add as far cases as much clients the /etc/config/pptpd contains

The discussion might have continued from here.