Show pagesourceOld revisionsBacklinksBack to top × Table of Contents PPTP client Introduction Goals Command-line interface 1. Preparation 2. Firewall 3. Network Testing Troubleshooting PPTP client This article relies on the following: Accessing OpenWrt CLI Managing configurations Managing packages Managing services Introduction This how-to describes the method for setting up PPTP client on OpenWrt. Follow PPTP server to set up PPTP server and PPTP extras for additional tuning. Goals Encrypt your internet connection to enforce security and privacy. Prevent data leak and traffic spoofing on the client side. Bypass regional restrictions using commercial providers. Escape client side content filters and internet censorship. Access your LAN services remotely without port forwarding. Command-line interface 1. Preparation Install the packages and specify the VPN client configuration parameters. # Install packages opkg update opkg install ppp-mod-pptp kmod-nf-nathelper-extra # Configuration parameters PPTP_IF="vpn" PPTP_SERV="SERVER_NAME_OR_IP_ADDRESS" PPTP_USER="USERNAME" PPTP_PASS="PASSWORD" 2. Firewall Enable conntrack helper to allow related GRE traffic. Consider VPN network as public and assign VPN interface to WAN zone to minimize firewall setup. # Configure kernel parameters cat << EOF >> /etc/sysctl.conf net.netfilter.nf_conntrack_helper=1 EOF /etc/init.d/sysctl restart # Configure firewall uci rename firewall.@zone[0]="lan" uci rename firewall.@zone[1]="wan" uci del_list firewall.wan.network="${PPTP_IF}" uci add_list firewall.wan.network="${PPTP_IF}" uci commit firewall /etc/init.d/firewall restart 3. Network Set up VPN interface. # Configure network uci -q delete network.${PPTP_IF} uci set network.${PPTP_IF}="interface" uci set network.${PPTP_IF}.proto="pptp" uci set network.${PPTP_IF}.server="${PPTP_SERV}" uci set network.${PPTP_IF}.username="${PPTP_USER}" uci set network.${PPTP_IF}.password="${PPTP_PASS}" uci commit network /etc/init.d/network restart Provide dynamic connection management if required. Testing Establish the VPN connection. Use traceroute and traceroute6 to verify your client traffic is routed via the VPN gateway. traceroute openwrt.org traceroute6 openwrt.org Check your client public IP addresses. https://ipleak.net/ Make sure there is no DNS leak on the client side. https://dnsleaktest.com/ Delegate a public IPv6 prefix to the VPN network to use IPv6 by default. Troubleshooting Collect and analyze the following information. # Restart services /etc/init.d/log restart; /etc/init.d/network restart; sleep 10 # Log and status logread -e pppd # Runtime configuration pgrep -f -a pppd ip address show; ip route show table all ip rule show; ip -6 rule show; iptables-save; ip6tables-save sysctl net.netfilter.nf_conntrack_helper # Persistent configuration uci show network; uci show firewall grep -v -e "^#" -e "^$" /etc/sysctl.conf This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2021/03/21 07:35by vgaetera