Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:pptp:server [2020/10/16 15:43] – [VPN service] description vgaeteradocs:guide-user:services:vpn:pptp:server [2023/03/14 13:32] – consolidate variable naming vgaetera
Line 1: Line 1:
 ====== PPTP server ====== ====== PPTP server ======
-{{section>meta:infobox:howto_links#cli_skills&noheader&nofooter&noeditbutton}}+{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
 ===== Introduction ===== ===== Introduction =====
   * This how-to describes the method for setting up [[wp>Point-to-Point_Tunneling_Protocol|PPTP]] server on OpenWrt.   * This how-to describes the method for setting up [[wp>Point-to-Point_Tunneling_Protocol|PPTP]] server on OpenWrt.
-  * Follow [[docs:guide-user:services:vpn:pptp:client|PPTP client]] to set up PPTP server and [[docs:guide-user:services:vpn:pptp:extras|PPTP extras]] for additional tuning+  * Follow [[docs:guide-user:services:vpn:pptp:client|PPTP client]] for client setup and [[docs:guide-user:services:vpn:pptp:extras|PPTP extras]] for additional tuning.
-  * Follow [[docs:guide-user:services:rng|Random generator]] to overcome low entropy issues.+
  
 ===== Goals ===== ===== Goals =====
-{{section>docs:guide-user:services:vpn:openvpn:server#goals&noheader&nofooter&noeditbutton}}+{{section>docs:guide-user:services:vpn:wireguard:server#goals&noheader&nofooter&noeditbutton}}
  
-===== Instructions =====+===== Command-line instructions =====
 ==== 1. Preparation ==== ==== 1. Preparation ====
-Set up [[docs:guide-user:services:ddns:client|DDNS client]] if required. +Install the required packages
-Install the packages and specify the VPN server configuration parameters.+Specify the VPN server configuration parameters.
  
 <code bash> <code bash>
Line 21: Line 20:
  
 # Configuration parameters # Configuration parameters
-PPTP_USER="PPTP_USERNAME+VPN_POOL="192.168.6.128-254
-PPTP_PASS="PPTP_PASSWORD+VPN_USER="USERNAME
-PPTP_POOL="192.168.7.2-255"+VPN_PASS="PASSWORD"
 </code> </code>
  
 ==== 2. Firewall ==== ==== 2. Firewall ====
-Consider VPN network as private and assign VPN interface to LAN zone to minimize firewall setup.+Enable conntrack helper to allow related GRE traffic. 
 +Consider VPN network as private
 +Assign VPN interface to LAN zone to minimize firewall setup.
 Allow access to VPN server from WAN zone. Allow access to VPN server from WAN zone.
  
 <code bash> <code bash>
 +# Configure kernel parameters
 +cat << EOF >> /etc/sysctl.conf
 +net.netfilter.nf_conntrack_helper=1
 +EOF
 +/etc/init.d/sysctl restart
 +
 # Configure firewall # Configure firewall
 uci rename firewall.@zone[0]="lan" uci rename firewall.@zone[0]="lan"
 uci rename firewall.@zone[1]="wan" uci rename firewall.@zone[1]="wan"
-uci rename firewall.@forwarding[0]="lan_wan" 
 uci del_list firewall.lan.device="ppp+" uci del_list firewall.lan.device="ppp+"
 uci add_list firewall.lan.device="ppp+" uci add_list firewall.lan.device="ppp+"
Line 44: Line 50:
 uci set firewall.pptp.proto="tcp" uci set firewall.pptp.proto="tcp"
 uci set firewall.pptp.target="ACCEPT" uci set firewall.pptp.target="ACCEPT"
-uci -q delete firewall.gre 
-uci set firewall.gre="rule" 
-uci set firewall.gre.name="Allow-GRE" 
-uci set firewall.gre.src="wan" 
-uci set firewall.gre.proto="47" 
-uci set firewall.gre.target="ACCEPT" 
 uci commit firewall uci commit firewall
 /etc/init.d/firewall restart /etc/init.d/firewall restart
 </code> </code>
  
-==== VPN service ====+==== 3. VPN service ====
 Configure VPN service. Configure VPN service.
  
 <code bash> <code bash>
 # Configure VPN service # Configure VPN service
 +uci set pptpd.pptpd.enabled="1"
 uci set pptpd.pptpd.logwtmp="0" uci set pptpd.pptpd.logwtmp="0"
-uci set pptpd.pptpd.localip="${PPTP_POOL%.*}.1" +uci set pptpd.pptpd.localip="${VPN_POOL%.*}.1" 
-uci set pptpd.pptpd.remoteip="${PPTP_POOL}" +uci set pptpd.pptpd.remoteip="${VPN_POOL}" 
-uci rename pptpd.@login[0]="login" +uci -q delete pptpd.@login[0] 
-uci set pptpd.login.username="${PPTP_USER}" +uci set pptpd.client="login" 
-uci set pptpd.login.password="${PPTP_PASS}"+uci set pptpd.client.username="${VPN_USER}" 
 +uci set pptpd.client.password="${VPN_PASS}"
 uci commit pptpd uci commit pptpd
 /etc/init.d/pptpd restart /etc/init.d/pptpd restart
Line 70: Line 72:
  
 ===== Testing ===== ===== Testing =====
-{{section>docs:guide-user:services:vpn:openvpn:server#testing&noheader&nofooter&noeditbutton}}+{{section>docs:guide-user:services:vpn:wireguard:server#testing&noheader&nofooter&noeditbutton}}
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 85: Line 87:
 pgrep -f -a pptpd pgrep -f -a pptpd
 ip address show; ip route show table all ip address show; ip route show table all
-ip rule show; ip -6 rule show; iptables-save; ip6tables-save+ip rule show; ip -6 rule show; nft list ruleset 
 +sysctl net.netfilter.nf_conntrack_helper
  
 # Persistent configuration # Persistent configuration
 uci show network; uci show firewall; uci show pptpd uci show network; uci show firewall; uci show pptpd
-sysctl net.netfilter.nf_conntrack_helper+grep -v -e "^#" -e "^$" /etc/sysctl.conf
 </code> </code>
  
  • Last modified: 2023/10/29 01:14
  • by vgaetera