User Tools

Site Tools


PPTP NAT traversal

By default, OpenWrt is not configured to allow through PPTP connections from LAN clients (local private network) to WAN (on the Internet) servers. This page explains how to establish PPTP tunnels passing through OpenWrt's network address translation (NAT). Thus this is often referred to as “PPTP pass through”.


PPTP utilizes the GRE (Generic Routing Encapsulation) protocol for its point-to-point tunnel. As a pure IP protocol GRE uses only IP addresses but no port numbers giving the router's NAT a tough time to track such a connection. In its base configuration OpenWrt Backfire is able to NAT a single PPTP connections but not multiple such connections concurrently. It is also unreliable when trying to establish consecutive single PPTP connections from different LAN clients in rapid succession. This limitation can be lifted (as far as I could make out so far) by installing the following package.


Enable NAT traversal. You must install the PPP modules, such as kmod-pptp, before the following steps can be done.

# OpenWrt 14.07 and older
opkg update
opkg install kmod-ipt-nathelper-extra
# OpenWrt 15.05 and newer
opkg update
opkg install kmod-nf-nathelper-extra
# OpenWrt 18.06 additional step
cat << EOF > /etc/sysctl.d/20-nf-conntrack-helper.conf
net.netfilter.nf_conntrack_helper = 1
service sysctl restart

You should now be able to use multiple PPTP connections from LAN to WAN at the same time.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/pptp/nat_traversal.txt · Last modified: 2020/04/01 22:58 by motolav