Howto: Point to Point VPN with PPTP

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
moullas40
DD-WRT Novice


Joined: 17 Jul 2006
Posts: 19

PostPosted: Mon Jul 17, 2006 18:52    Post subject: Howto: Point to Point VPN with PPTP Reply with quote
Hi there
This is a guide for creating a point to point VPN using the PPTP client and server, for people unable / bored etc... using the OpenVPN Client

I've made this small code because DD-WRT does not allow you to save a route running on a VPN tunnel on PPTP (or at least i haven't found another way), so there is no route going back from the server network to the client network.

Basically, the guide in the Wiki is fine for creating a VPN using the PPTP server and client parts of DD-WRT. I will not repeat those instructions, since they are fine. Just follow them to setup a PPTP VPN for the following locations. However, with this example only 1 site needs a PPTP server and the other PPTP client.


So, lets say we have 2 locations , LocationA and LocationB
Net details are as follows:
LocationA
Network: 192.168.1.0/24
Router IP: 192.168.1.254

LocationB
Network: 192.168.2.0/24
Router IP: 192.168.2.254

You setup the PPTP Server on LocationA and the PPTP Client on LocationB

However, while all pc's on B will be able to access any pc on A, the other is not possible (yet), because there isn't a route from A to go back to B.

To do this, log on the CLI of DD-WRT, and type the following command:
Code:

nvram set routes='route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.254'
nvram commit


This saves the variable "routes" with a route-add entry
However, we still need to apply this route AFTER the VPN Tunnel is up. To do this, we do the following:

(Again to save)

Code:
nvram set rc_startup='
nvram get routes > /tmp/routes
cat /tmp/pptpd/ip-up /tmp/routes > /tmp/pptpd/ip-temp
mv /tmp/pptpd/ip-temp /tmp/pptpd/ip-up
chmod 700 /tmp/pptpd/ip-up
'
nvram commit

This basically runs on every startup, saves the route from the nvram variable to a file, and then adds that line to the last line of the ip-up script that runs when the PPTP server establishes the connection.

After you've done this, VPN works both ways, and is pretty much easier to setup than OpenVPN

Any other implementations for this welcome Smile


Last edited by moullas40 on Wed Oct 25, 2006 12:25; edited 2 times in total
Sponsor
sufrano63
DD-WRT User


Joined: 06 Jun 2006
Posts: 488

PostPosted: Mon Jul 17, 2006 20:04    Post subject: Reply with quote
wiki is your friend... Razz

http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

_________________
блог путешественника
moullas40
DD-WRT Novice


Joined: 17 Jul 2006
Posts: 19

PostPosted: Mon Jul 17, 2006 21:21    Post subject: Reply with quote
The wiki does not have the information posted here.. Smile god knows i've read the page you've linked more than a dozen times

If someone with access can add the info i put here it would be nice though, may save some poor soul some time
isaac_golding
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 13

PostPosted: Sat Sep 23, 2006 15:05    Post subject: Reply with quote
moullas40 wrote:
The wiki does not have the information posted here.. Smile god knows i've read the page you've linked more than a dozen times

If someone with access can add the info i put here it would be nice though, may save some poor soul some time


Its now September 23 2006 and I'm looking at the Wiki and it looks like the directions now have both routers acting as pptp client and server.

So my question is this. By the directions on the wiki at the loc: http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

Are the directions complete or do I need to take the additional steps as mentioned in your thread for adding routes that you talk about?
Coperton
DD-WRT Novice


Joined: 26 Aug 2006
Posts: 9

PostPosted: Sat Sep 23, 2006 17:32    Post subject: Reply with quote
the wiki directions always have both routers acting as pptp client and server.

directions are complete and you don´t need to take additional steps, at the finish of the wiki document say "Another way to make VPN tunnel" pointing to this post

one comment, the wiki instrucctions page not work with firmware v23 SP2 final relase, I do not know about the instrucctions posted here
isaac_golding
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 13

PostPosted: Sat Sep 23, 2006 20:28    Post subject: Reply with quote
Coperton wrote:
the wiki directions always have both routers acting as pptp client and server.

directions are complete and you don´t need to take additional steps, at the finish of the wiki document say "Another way to make VPN tunnel" pointing to this post

one comment, the wiki instrucctions page not work with firmware v23 SP2 final relase, I do not know about the instrucctions posted here



They are working with SP2 final release. I just got the setup going about 20 min ago....
Smile
Coperton
DD-WRT Novice


Joined: 26 Aug 2006
Posts: 9

PostPosted: Sat Sep 23, 2006 20:38    Post subject: Reply with quote
isaac_golding wrote:

They are working with SP2 final release. I just got the setup going about 20 min ago....
Smile


you set up Point to Point VPN tunnel or only you can conect to vpn server?
isaac_golding
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 13

PostPosted: Sat Sep 23, 2006 21:05    Post subject: Reply with quote
Coperton wrote:
isaac_golding wrote:

They are working with SP2 final release. I just got the setup going about 20 min ago....
Smile


you set up Point to Point VPN tunnel or only you can conect to vpn server?



I have both subnets talking to eachother via WRT PPTP.
Coperton
DD-WRT Novice


Joined: 26 Aug 2006
Posts: 9

PostPosted: Sat Sep 23, 2006 21:28    Post subject: Reply with quote
isaac_golding wrote:

I have both subnets talking to eachother via WRT PPTP.


that sound good, and I have some questions?

what variation of firmware v23sp2 you use? (standart, voip, vpn...)
you configuration is like the wiki guide (pptp tunnel)?
or you have made some special configurations?

the information that you can post will be very helpfull to correct my conection, so I can say thank's for the information

the configuration that didn't work for me I used 2 linksys harware version 2.2 and firmware v23 sp2 standart
isaac_golding
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 13

PostPosted: Sun Sep 24, 2006 18:55    Post subject: Reply with quote
isaac_golding wrote:
I have both subnets talking to eachother via WRT PPTP.



I stand corrected.

I have network B connecting to Network A


However Network A is getting and error when connecting to network B
When I watch the logs of the router trying to dial (client) I get the following...

Sep 24 14:47:05 router daemon.notice pptp[27495]: anon log[main:pptp.c:267]: The synchronous pptp option is NOT activated
Sep 24 14:47:05 router daemon.warn pptp[27497]: anon warn[open_inetsock:pptp_callmgr.c:326]: connect: Connection refused
Sep 24 14:47:05 router daemon.crit pptp[27497]: anon fatal[callmgr_main:pptp_callmgr.c:124]: Could not open control connection to XXX.XXX.XXX.XXX (ip changed for security reasons)
Sep 24 14:47:05 router daemon.crit pptp[27496]: anon fatal[open_callmgr:pptp.c:426]: Call manager exited with error 256
Sep 24 14:47:05 router daemon.crit pptp[27495]: anon fatal[main:pptp.c:310]: Child process died

The server side shows NO activity on the logs....


So just for the fun of it I took the 2 linux boxes I had (on in each subnet) and did a dialup client from network A to network B.

Network B's router was set to forward port 1723 to the linux box in its subnet.

After setting this up and a bit of fussing over the settings I was able to get network A's linux box to connect to Network B's linux box through the routers.

So I have established that:

Network B can talk to Network A from linksys to Linksys
Network A can talk to Network B from linux to linux using pptp passthrough and port forwarding.

Network A can NOT talk to Network B from linksys to linksys regardless of the connection from network B to network A.


I have attempted connections from Network A linksys to Network B linksys with the network Blinksys firewall turned off. I've verified that I have no port forwards enabled in network B's linksys that might be messing things off.

I have verified passwords & usernames.
Both linksys are wrt54g v4 both running DD-WRT v23 SP2 (09/15/06) std

Both ISPs are NOT filtering pptp or port 1723 (as verified by the linux to linux tests.

Both linksys have identical settings from page to page except for the values of their subnets & ISP connction info. (I compared them side by side)


I'm clueless as how to continue to diagnose the problem as the pptp Server on network B does not produce any traffic reports in /var/log/messages about failed pptp attempts.
isaac_golding
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 13

PostPosted: Sun Sep 24, 2006 20:09    Post subject: UPDATE to problem. Reply with quote
After a break for a bit to let my head clear from all the data I went back and using an xp client from INSIDE Network B I created a pptp client connection.

The PPTP client connection from host 192.168.2.10 was able to connect to the router at 192.168.2.1. Of course this is on the inside of the Network B subnet but I can rule out password mis-configuration or broken pptp server.



I'm still open to suggestions on how to debug this issue though.

:-)
Coperton
DD-WRT Novice


Joined: 26 Aug 2006
Posts: 9

PostPosted: Sun Sep 24, 2006 21:22    Post subject: Reply with quote
I already reported the issue, so the bugtracker ID is 0001811
moullas40
DD-WRT Novice


Joined: 17 Jul 2006
Posts: 19

PostPosted: Mon Sep 25, 2006 11:44    Post subject: Reply with quote
What's the routing table at each side ?

Try and view them.

That's the problem i had and had to create this solution.. Net A could connect to B, but net B could not connect to A.

See if by adding a routing entry after the tunnel is established fixes your problem
wcarlson40
DD-WRT Novice


Joined: 09 Jun 2006
Posts: 39

PostPosted: Mon Sep 25, 2006 15:44    Post subject: Re: Howto: Point to Point VPN with PPTP Reply with quote
moullas40 wrote:

To do this, log on the CLI of DD-WRT, and type the following command:
Code:

nvram set routes = 'route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.254'
nvram commit


This saves the variable "routes" with a route-add entry
However, we still need to apply this route AFTER the VPN Tunnel is up. To do this, we do the following:

(Again to save)

Code:
nvram set rc_startup='
nvram get routes > /tmp/routes
cat /tmp/pptpd/ip-up /tmp/routes > /tmp/pptpd/ip-temp
mv /tmp/pptpd/ip-temp /tmp/pptpd/ip-up
chmod 700 /tmp/pptpd/ip-up
'
nvram commit



moullas40, I assume you enter these commands on the Server router (location A in your example)? Thanks!
moullas40
DD-WRT Novice


Joined: 17 Jul 2006
Posts: 19

PostPosted: Mon Sep 25, 2006 16:13    Post subject: Reply with quote
yep, that's correct, on the server side.

The problem with DD-WRT is that it doesn't create default routes on the server side going back to the client network

BTW, i also think (not sure) that this implementation is better than setting both locations as both client & servers, since it will ease up some traffic and load on the routers

If brainslayer could only add it as a standard feature of dd-wrt ... Smile
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum