Hmm.. don't believe its suitable for the TPLINK routers. I think I stay with the brainslayer FW.
The VPN is not stable with the automatic import of the iptable. I would like to know where the daemon is on the filesystem so I can test with it (stop en start).
When you reboot you router now, the settings are saved. The "stopservice pptpd && startservice pptpd" has to execute before the adding of the iptables though. Because if you do afterwards, the entry is gone again
You would think that is will do nothing then when it is restarted first, but is seems it does...
What I don't understand about all of this, is that this line is already in /tmp/pptpd/ip-up;
Probably because you're using a more recent build that has fixed it, but of course you didn't mention anything about your build or hardware.
The reason that there is two similar rules is because the firmware creates one by default to clamp all TCP connections, but the ip-up script has to insert an ACCEPT rule above that. An ACCEPT rule short circuits the chain (no further rules are processed) so the default clamp rule wouldn't be matched. Therefore an additional rule to clamp TCP connection for the tunnel is placed above the rule to ACCEPT traffic for the tunnel.
It could be cleaned up by using more chains, but the most important thing is that it works. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Probably because you're using a more recent build that has fixed it, but of course you didn't mention anything about your build or hardware.
I'm using DD-WRT v24-sp2(03/17/11) std (build 16454) on a netgear wndr3700v2, and it's not fixed. I'm still having this issue and needing to run this iptables rule to get certain websites to load over a pptp vpn connection.
Where are these ACCEPT rules coming from, have I made some configuration via the web gui that I shouldn't have?
No you haven't made any mistake, the firmware creates the ACCEPT rule because traffic for the tunnel has to be accepted or else it will be dropped by the firewall. If you want to understand any more then read the iptables documentation. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
same problem here. I have a Buffalo WHR-HP-54 working as AP, router and PPTP VPN server for years now. Few days ago a friend bought Linksys WRT54 for same thing and asked me to help - so we flashed fw following this thread http://www.dd-wrt.com/phpBB2/viewtopic.php?t=52043 and in process I was thinking that my Buffalo with old v23 SP2 should be upgraded.
Well, have to say that it doesn't work properly on both of them. Connection is ok, some pages load nice and fast, some do after some time (but never complete) and some don't at all. Like wikipedia, or facebook. Reverted back to prehistoric version simply because it works
Tried MTU trick, tried commands. Nope. So, V24 has a bug which will be corrected at some point or?
I had same problem with MTU. Then I added command @ startup:
echo -n 'iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu' >> /tmp/pptpd/ip-up
All works fine. I can open all pages when have vpn connection to 1st roter
But when I another ddwrt router placed at remote site and made vpn connection from my laptop to 1st router, this MTU problem appears again. When i connect without that router all works fine again.
My laptop > 2nd router >INTERNET >1st router and pptp server
2nd router :
Dlink-DIR615 rev d
DD-WRT v24-sp2 (11/21/10) std - build 15778
This may help someone else...so I figured I'd post it.
I came across this same problem today where I couldn't get all webpages to load over my Windows 7 PPTP connection to my DDWRT at home. After some searching around I came across this site:
Going through this process, I ended up changing the MTU on my Windows 7 "VPN Connection" down to 1372. Everything seems to be working now over PPTP. I was having problems with drudge and usaa.com. They are working now.
Posted: Tue May 15, 2012 15:34 Post subject: What worked for me
Thanks everyone for all the suggestions.
What worked for me:
This command: echo -n 'iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu' >> /tmp/pptpd/ip-up
AND
I had to set my MTU on the ppp0 port in the router to 1372. You may be able to use a higher settings, but after hours, i tried changing the MTU and it worked nicely.
So I added to the startup script the following:
ifconfig ppp0 mtu 1372
That was the key for me.
This forces devices that connect to the VPN to use that MTU setting, which works better for me than configuring the MTU on every device that connects independently.
)
