Show pagesourceOld revisionsBacklinksBack to top × Table of Contents PPTP server Introduction Goals Command-line instructions 1. Preparation 2. Firewall 3. VPN service Testing Troubleshooting PPTP server This article relies on the following: Accessing web interface / command-line interface Managing configs / packages / services / logs Introduction This how-to describes the method for setting up PPTP server on OpenWrt. Follow PPTP client for client setup and PPTP extras for additional tuning. Goals Encrypt your internet connection to enforce security and privacy. Prevent traffic leaks and spoofing on the client side. Bypass regional restrictions using commercial providers. Escape client side content filters and internet censorship. Access your LAN services remotely without port forwarding. Command-line instructions 1. Preparation Install the required packages. Specify configuration parameters for VPN server. # Install packages opkg update opkg install pptpd kmod-nf-nathelper-extra # Configuration parameters VPN_POOL="192.168.6.128-254" VPN_USER="USERNAME" VPN_PASS="PASSWORD" 2. Firewall Enable conntrack helper to allow related GRE traffic. Consider VPN network as private. Assign VPN interface to LAN zone to minimize firewall setup. Allow access to VPN server from WAN zone. # Configure kernel parameters cat << EOF >> /etc/sysctl.conf net.netfilter.nf_conntrack_helper=1 EOF /etc/init.d/sysctl restart # Configure firewall uci rename firewall.@zone[0]="lan" uci rename firewall.@zone[1]="wan" uci del_list firewall.lan.device="ppp+" uci add_list firewall.lan.device="ppp+" uci -q delete firewall.pptp uci set firewall.pptp="rule" uci set firewall.pptp.name="Allow-PPTP" uci set firewall.pptp.src="wan" uci set firewall.pptp.dest_port="1723" uci set firewall.pptp.proto="tcp" uci set firewall.pptp.target="ACCEPT" uci commit firewall /etc/init.d/firewall restart 3. VPN service Configure VPN service. # Configure VPN service uci set pptpd.pptpd.enabled="1" uci set pptpd.pptpd.logwtmp="0" uci set pptpd.pptpd.localip="${VPN_POOL%.*}.1" uci set pptpd.pptpd.remoteip="${VPN_POOL}" uci -q delete pptpd.@login[0] uci set pptpd.client="login" uci set pptpd.client.username="${VPN_USER}" uci set pptpd.client.password="${VPN_PASS}" uci commit pptpd /etc/init.d/pptpd restart Testing Establish the VPN connection. Verify your routing with traceroute and traceroute6. traceroute openwrt.org traceroute6 openwrt.org Check your IP and DNS provider. ipleak.net dnsleaktest.com Troubleshooting Collect and analyze the following information. # Restart services /etc/init.d/log restart; /etc/init.d/pptpd restart; sleep 10 # Log and status logread -e pptpd; netstat -l -n -p | grep -e pptpd # Runtime configuration pgrep -f -a pptpd ip address show; ip route show table all ip rule show; ip -6 rule show; nft list ruleset sysctl net.netfilter.nf_conntrack_helper # Persistent configuration uci show network; uci show firewall; uci show pptpd grep -v -e "^#" -e "^$" /etc/sysctl.conf This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2023/03/14 23:56by vgaetera