Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pptp:server [2020/10/16 14:54] – clean unrelated/outdated content vgaeteradocs:guide-user:services:vpn:pptp:server [2023/03/14 13:32] – consolidate variable naming vgaetera
Line 1: Line 1:
 ====== PPTP server ====== ====== PPTP server ======
-{{section>meta:infobox:howto_links#cli_skills&noheader&nofooter&noeditbutton}}+{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
 ===== Introduction ===== ===== Introduction =====
   * This how-to describes the method for setting up [[wp>Point-to-Point_Tunneling_Protocol|PPTP]] server on OpenWrt.   * This how-to describes the method for setting up [[wp>Point-to-Point_Tunneling_Protocol|PPTP]] server on OpenWrt.
-  * Follow [[docs:guide-user:services:vpn:pptp:client|PPTP client]] to set up PPTP server and [[docs:guide-user:services:vpn:pptp:extras|PPTP extras]] for additional tuning+  * Follow [[docs:guide-user:services:vpn:pptp:client|PPTP client]] for client setup and [[docs:guide-user:services:vpn:pptp:extras|PPTP extras]] for additional tuning.
-  * Follow [[docs:guide-user:services:rng|Random generator]] to overcome low entropy issues.+
  
 ===== Goals ===== ===== Goals =====
-{{section>docs:guide-user:services:vpn:openvpn:server#goals&noheader&nofooter&noeditbutton}}+{{section>docs:guide-user:services:vpn:wireguard:server#goals&noheader&nofooter&noeditbutton}}
  
-===== Instructions =====+===== Command-line instructions =====
 ==== 1. Preparation ==== ==== 1. Preparation ====
-Set up [[docs:guide-user:services:ddns:client|DDNS client]] if required. +Install the required packages
-Install the packages and specify the VPN server configuration parameters.+Specify the VPN server configuration parameters.
  
 <code bash> <code bash>
Line 21: Line 20:
  
 # Configuration parameters # Configuration parameters
-PPTP_USER="PPTP_USERNAME+VPN_POOL="192.168.6.128-254
-PPTP_PASS="PPTP_PASSWORD+VPN_USER="USERNAME
-PPTP_POOL="192.168.7.2-255"+VPN_PASS="PASSWORD"
 </code> </code>
  
 ==== 2. Firewall ==== ==== 2. Firewall ====
-Consider VPN network as private and assign VPN interface to LAN zone to minimize firewall setup.+Enable conntrack helper to allow related GRE traffic. 
 +Consider VPN network as private
 +Assign VPN interface to LAN zone to minimize firewall setup.
 Allow access to VPN server from WAN zone. Allow access to VPN server from WAN zone.
  
 <code bash> <code bash>
 +# Configure kernel parameters
 +cat << EOF >> /etc/sysctl.conf
 +net.netfilter.nf_conntrack_helper=1
 +EOF
 +/etc/init.d/sysctl restart
 +
 # Configure firewall # Configure firewall
 uci rename firewall.@zone[0]="lan" uci rename firewall.@zone[0]="lan"
 uci rename firewall.@zone[1]="wan" uci rename firewall.@zone[1]="wan"
-uci rename firewall.@forwarding[0]="lan_wan" 
 uci del_list firewall.lan.device="ppp+" uci del_list firewall.lan.device="ppp+"
 uci add_list firewall.lan.device="ppp+" uci add_list firewall.lan.device="ppp+"
Line 44: Line 50:
 uci set firewall.pptp.proto="tcp" uci set firewall.pptp.proto="tcp"
 uci set firewall.pptp.target="ACCEPT" uci set firewall.pptp.target="ACCEPT"
-uci -q delete firewall.gre 
-uci set firewall.gre="rule" 
-uci set firewall.gre.name="Allow-GRE" 
-uci set firewall.gre.src="wan" 
-uci set firewall.gre.proto="47" 
-uci set firewall.gre.target="ACCEPT" 
 uci commit firewall uci commit firewall
 /etc/init.d/firewall restart /etc/init.d/firewall restart
 </code> </code>
  
-==== Server configuration ==== +==== 3. VPN service ==== 
-There is no need to modify server configuration files /etc/pptpd.conf /etc/ppp/options.pptpd, however some parameters needs to be adjusted depending from clients and network configuration ( such as mtu, mru, ms-dns, proxyarp). +Configure VPN service.
-See documentation and tips below. +
- +
-Clients configuration is located in /etc/config/pptpd. +
-Modify it to enable pptpd and configure clients and network. +
-Following is example for two clients. +
-You can add multiple config 'login'.+
  
 <code bash> <code bash>
-# /etc/config/pptpd+Configure VPN service 
 +uci set pptpd.pptpd.enabled="1" 
 +uci set pptpd.pptpd.logwtmp="0" 
 +uci set pptpd.pptpd.localip="${VPN_POOL%.*}.1" 
 +uci set pptpd.pptpd.remoteip="${VPN_POOL}" 
 +uci -q delete pptpd.@login[0] 
 +uci set pptpd.client="login" 
 +uci set pptpd.client.username="${VPN_USER}" 
 +uci set pptpd.client.password="${VPN_PASS}" 
 +uci commit pptpd 
 +/etc/init.d/pptpd restart 
 +</code>
  
-config service pptpd +===== Testing ===== 
- option enabled '1' +{{section>docs:guide-user:services:vpn:wireguard:server#testing&noheader&nofooter&noeditbutton}}
- option localip 'xxx.yyy.www.zzz'+
  
-config login +===== Troubleshooting ===== 
- option username 'foo' +Collect and analyze the following information.
- option password 'bar' +
- option remoteip 'xxx.yyy.zzz.1'+
  
-config login +<code bash> 
- option username 'foo' +# Restart services 
- option password 'bar' +/etc/init.d/log restart; /etc/init.d/pptpd restart; sleep 10
- option remoteip 'xxx.yyy.zzz.2' +
-</code>+
  
-==== Network configuration ==== +# Log and status 
-If you are using different subnet for VPN clients you need to add route:+logread -e pptpd; netstat -l -n -p | grep -e pptpd
  
-<code bash> +Runtime configuration 
-/etc/config/network+pgrep -f -a pptpd 
 +ip address show; ip route show table all 
 +ip rule show; ip -6 rule show; nft list ruleset 
 +sysctl net.netfilter.nf_conntrack_helper
  
-config route +# Persistent configuration 
- option interface 'lan' +uci show network; uci show firewall; uci show pptpd 
- option target 'xxx.yyy.zzz.0' +grep -v -e "^#" -e "^$" /etc/sysctl.conf
- option netmask '255.255.255.0' +
- option gateway 'xxx.yyy.www.zzz'+
 </code> </code>
  
  • Last modified: 2023/10/29 01:14
  • by vgaetera