OpenWrt Project

User Tools

Site Tools

You are here: Welcome to the OpenWrt Project » Documentation » User guide » Additional Services » VPN (aka Virtual Private Network) » PPTP » PPTP extras
en
 ?

Sidebar

Learn about OpenWrt

Contributing

Project

docs:guide-user:services:vpn:pptp:extras

Table of Contents

PPTP extras

This article relies on the following:

Introduction

Extras

References

Web interface

Install the necessary packages if you want to manage VPN settings using web interface. 

# Install packages
opkg update
opkg install luci-proto-ppp

Navigate to LuCI → Network → Interfaces to configure PPTP.

Dynamic connection

Preserve default route to restore WAN connectivity when VPN is disconnected. 

# Preserve default route
uci set network.wan.metric="100"
uci set network.wan6.metric="100"
uci commit network
/etc/init.d/network restart

NAT traversal

Provide PPTP passthrough for LAN clients over your router. 

# Install packages
opkg update
opkg install kmod-nf-nathelper-extra
 
# Configure kernel parameters
cat << EOF >> /etc/sysctl.conf
net.netfilter.nf_conntrack_helper=1
EOF
/etc/init.d/sysctl restart

Multi-client

Set up multi-client VPN server using unique credentials. 

# Configure VPN service
uci -q delete pptpd.login1
uci set pptpd.login1="login"
uci set pptpd.login1.username="PPTP_USERNAME1"
uci set pptpd.login1.password="PPTP_PASSWORD1"
uci commit pptpd
/etc/init.d/pptpd restart

Static addresses

Provide static IP address allocation on VPN server. 

# Configure VPN service
rm -f /tmp/etc/chap-secrets
uci set pptpd.login.remoteip="192.168.7.2"
uci commit pptpd
/etc/init.d/pptpd restart

DNS over VPN

Utilize DNS over VPN to prevent DNS leak.

Disable peer DNS and configure a VPN-routed DNS provider on OpenWrt client.

Modify the VPN connection using NetworkManager on Linux desktop client. 

nmcli connection modify id VPN_CON ipv4.dns-search ~. ipv6.dns-search ~. ipv4.dns-priority -50 ipv6.dns-priority -50

Kill switch

Prevent traffic leak on OpenWrt client isolating VPN interface in a separate firewall zone. 

uci rename firewall.@forwarding[0]="lan_wan"
uci set firewall.lan_wan.enabled="0"
uci -q delete firewall.vpn
uci set firewall.vpn="zone"
uci set firewall.vpn.name="vpn"
uci set firewall.vpn.input="REJECT"
uci set firewall.vpn.output="ACCEPT"
uci set firewall.vpn.forward="REJECT"
uci set firewall.vpn.masq="1"
uci set firewall.vpn.mtu_fix="1"
uci add_list firewall.vpn.network="vpn"
uci del_list firewall.wan.network="vpn"
uci -q delete firewall.lan_vpn
uci set firewall.lan_vpn="forwarding"
uci set firewall.lan_vpn.src="lan"
uci set firewall.lan_vpn.dest="vpn"
uci commit firewall
/etc/init.d/firewall restart
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/pptp/extras.txt · Last modified: 2020/10/17 21:31 by vgaetera

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki