Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:pptp:server [2020/10/16 14:54] – clean unrelated/outdated content vgaetera | docs:guide-user:services:vpn:pptp:server [2023/03/14 13:32] – consolidate variable naming vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PPTP server ====== | ====== PPTP server ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| * This how-to describes the method for setting up [[wp> | * This how-to describes the method for setting up [[wp> | ||
| - | * Follow [[docs: | + | * Follow [[docs: |
| - | * Follow [[docs: | + | |
| ===== Goals ===== | ===== Goals ===== | ||
| - | {{section> | + | {{section> |
| - | ===== Instructions | + | ===== Command-line instructions |
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| - | Set up [[docs: | + | Install the required |
| - | Install the packages | + | Specify |
| <code bash> | <code bash> | ||
| Line 21: | Line 20: | ||
| # Configuration parameters | # Configuration parameters | ||
| - | PPTP_USER="PPTP_USERNAME" | + | VPN_POOL="192.168.6.128-254" |
| - | PPTP_PASS="PPTP_PASSWORD" | + | VPN_USER="USERNAME" |
| - | PPTP_POOL="192.168.7.2-255" | + | VPN_PASS="PASSWORD" |
| </ | </ | ||
| ==== 2. Firewall ==== | ==== 2. Firewall ==== | ||
| - | Consider VPN network as private | + | Enable conntrack helper to allow related GRE traffic. |
| + | Consider VPN network as private. | ||
| + | Assign | ||
| Allow access to VPN server from WAN zone. | Allow access to VPN server from WAN zone. | ||
| <code bash> | <code bash> | ||
| + | # Configure kernel parameters | ||
| + | cat << EOF >> / | ||
| + | net.netfilter.nf_conntrack_helper=1 | ||
| + | EOF | ||
| + | / | ||
| + | |||
| # Configure firewall | # Configure firewall | ||
| uci rename firewall.@zone[0]=" | uci rename firewall.@zone[0]=" | ||
| uci rename firewall.@zone[1]=" | uci rename firewall.@zone[1]=" | ||
| - | uci rename firewall.@forwarding[0]=" | ||
| uci del_list firewall.lan.device=" | uci del_list firewall.lan.device=" | ||
| uci add_list firewall.lan.device=" | uci add_list firewall.lan.device=" | ||
| Line 44: | Line 50: | ||
| uci set firewall.pptp.proto=" | uci set firewall.pptp.proto=" | ||
| uci set firewall.pptp.target=" | uci set firewall.pptp.target=" | ||
| - | uci -q delete firewall.gre | ||
| - | uci set firewall.gre=" | ||
| - | uci set firewall.gre.name=" | ||
| - | uci set firewall.gre.src=" | ||
| - | uci set firewall.gre.proto=" | ||
| - | uci set firewall.gre.target=" | ||
| uci commit firewall | uci commit firewall | ||
| / | / | ||
| </ | </ | ||
| - | ==== Server configuration | + | ==== 3. VPN service |
| - | There is no need to modify server configuration files / | + | Configure VPN service. |
| - | See documentation and tips below. | + | |
| - | + | ||
| - | Clients configuration is located in / | + | |
| - | Modify it to enable pptpd and configure clients and network. | + | |
| - | Following is example for two clients. | + | |
| - | You can add multiple config ' | + | |
| <code bash> | <code bash> | ||
| - | # /etc/config/pptpd | + | # Configure VPN service |
| + | uci set pptpd.pptpd.enabled=" | ||
| + | uci set pptpd.pptpd.logwtmp=" | ||
| + | uci set pptpd.pptpd.localip=" | ||
| + | uci set pptpd.pptpd.remoteip=" | ||
| + | uci -q delete pptpd.@login[0] | ||
| + | uci set pptpd.client=" | ||
| + | uci set pptpd.client.username=" | ||
| + | uci set pptpd.client.password=" | ||
| + | uci commit pptpd | ||
| + | /etc/init.d/ | ||
| + | </ | ||
| - | config service pptpd | + | ===== Testing ===== |
| - | option enabled ' | + | {{section> |
| - | option localip ' | + | |
| - | config login | + | ===== Troubleshooting ===== |
| - | option username ' | + | Collect and analyze the following information. |
| - | option password ' | + | |
| - | option remoteip ' | + | |
| - | config login | + | <code bash> |
| - | option username ' | + | # Restart services |
| - | option password ' | + | /etc/init.d/log restart; /etc/init.d/pptpd restart; sleep 10 |
| - | option remoteip 'xxx.yyy.zzz.2' | + | |
| - | </code> | + | |
| - | ==== Network configuration ==== | + | # Log and status |
| - | If you are using different subnet for VPN clients you need to add route: | + | logread -e pptpd; netstat -l -n -p | grep -e pptpd |
| - | <code bash> | + | # Runtime configuration |
| - | # / | + | pgrep -f -a pptpd |
| + | ip address show; ip route show table all | ||
| + | ip rule show; ip -6 rule show; nft list ruleset | ||
| + | sysctl net.netfilter.nf_conntrack_helper | ||
| - | config route | + | # Persistent configuration |
| - | option interface ' | + | uci show network; uci show firewall; uci show pptpd |
| - | option target 'xxx.yyy.zzz.0' | + | grep -v -e " |
| - | option netmask ' | + | |
| - | option gateway ' | + | |
| </ | </ | ||