PPTP client

This article relies on the following:

Introduction

  • This how-to describes the method for setting up PPTP client on OpenWrt.
  • Follow PPTP server for server setup and PPTP extras for additional tuning.

Goals

  • Encrypt your internet connection to enforce security and privacy.
    • Prevent traffic leaks and spoofing on the client side.
  • Bypass regional restrictions using commercial providers.
    • Escape client side content filters and internet censorship.
  • Access your LAN services remotely without port forwarding.

Command-line instructions

1. Preparation

Install the required packages. Specify configuration parameters for VPN client. 

# Install packages
opkg update
opkg install ppp-mod-pptp kmod-nf-nathelper-extra
 
# Configuration parameters
VPN_IF="vpn"
VPN_SERV="SERVER_ADDRESS"
VPN_USER="USERNAME"
VPN_PASS="PASSWORD"

2. Firewall

Enable conntrack helper to allow related GRE traffic. Consider VPN network as public. Assign VPN interface to WAN zone to minimize firewall setup. 

# Configure kernel parameters
cat << EOF >> /etc/sysctl.conf
net.netfilter.nf_conntrack_helper=1
EOF
service sysctl restart
 
# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.network="${VPN_IF}"
uci add_list firewall.wan.network="${VPN_IF}"
uci commit firewall
service firewall restart

3. Network

Set up VPN interface. 

# Configure network
uci -q delete network.${VPN_IF}
uci set network.${VPN_IF}="interface"
uci set network.${VPN_IF}.proto="pptp"
uci set network.${VPN_IF}.server="${VPN_SERV}"
uci set network.${VPN_IF}.username="${VPN_USER}"
uci set network.${VPN_IF}.password="${VPN_PASS}"
uci set network.${VPN_IF}.ipv6="1"
uci commit network
service network restart

Configure dynamic connection if necessary.

Testing

Establish the VPN connection. Verify your routing with traceroute and traceroute6. 

traceroute openwrt.org
traceroute6 openwrt.org

Check your IP and DNS provider.

Troubleshooting

Collect and analyze the following information. 

# Restart services
service log restart; service network restart; sleep 10
 
# Log and status
logread -e pppd
 
# Runtime configuration
pgrep -f -a pppd
ip address show; ip route show table all
ip rule show; ip -6 rule show; nft list ruleset
sysctl net.netfilter.nf_conntrack_helper
 
# Persistent configuration
uci show network; uci show firewall
grep -v -e "^#" -e "^$" /etc/sysctl.conf
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/10/14 05:13
  • by vgaetera