Posted: Mon Jul 17, 2006 18:52 Post subject: Howto: Point to Point VPN with PPTP
This is a guide for creating a point to point VPN using the PPTP client and server, for people unable / bored etc... using the OpenVPN Client
I've made this small code because DD-WRT does not allow you to save a route running on a VPN tunnel on PPTP (or at least i haven't found another way), so there is no route going back from the server network to the client network.
Basically, the guide in the Wiki is fine for creating a VPN using the PPTP server and client parts of DD-WRT. I will not repeat those instructions, since they are fine. Just follow them to setup a PPTP VPN for the following locations. However, with this example only 1 site needs a PPTP server and the other PPTP client.
So, lets say we have 2 locations , LocationA and LocationB
Net details are as follows:
Router IP: 192.168.1.254
This basically runs on every startup, saves the route from the nvram variable to a file, and then adds that line to the last line of the ip-up script that runs when the PPTP server establishes the connection.
After you've done this, VPN works both ways, and is pretty much easier to setup than OpenVPN
Any other implementations for this welcome
Last edited by moullas40 on Wed Oct 25, 2006 12:25; edited 2 times in total
I have both subnets talking to eachother via WRT PPTP.
I stand corrected.
I have network B connecting to Network A
However Network A is getting and error when connecting to network B
When I watch the logs of the router trying to dial (client) I get the following...
Sep 24 14:47:05 router daemon.notice pptp: anon log[main:pptp.c:267]: The synchronous pptp option is NOT activated
Sep 24 14:47:05 router daemon.warn pptp: anon warn[open_inetsock:pptp_callmgr.c:326]: connect: Connection refused
Sep 24 14:47:05 router daemon.crit pptp: anon fatal[callmgr_main:pptp_callmgr.c:124]: Could not open control connection to XXX.XXX.XXX.XXX (ip changed for security reasons)
Sep 24 14:47:05 router daemon.crit pptp: anon fatal[open_callmgr:pptp.c:426]: Call manager exited with error 256
Sep 24 14:47:05 router daemon.crit pptp: anon fatal[main:pptp.c:310]: Child process died
The server side shows NO activity on the logs....
So just for the fun of it I took the 2 linux boxes I had (on in each subnet) and did a dialup client from network A to network B.
Network B's router was set to forward port 1723 to the linux box in its subnet.
After setting this up and a bit of fussing over the settings I was able to get network A's linux box to connect to Network B's linux box through the routers.
So I have established that:
Network B can talk to Network A from linksys to Linksys
Network A can talk to Network B from linux to linux using pptp passthrough and port forwarding.
Network A can NOT talk to Network B from linksys to linksys regardless of the connection from network B to network A.
I have attempted connections from Network A linksys to Network B linksys with the network Blinksys firewall turned off. I've verified that I have no port forwards enabled in network B's linksys that might be messing things off.
I have verified passwords & usernames.
Both linksys are wrt54g v4 both running DD-WRT v23 SP2 (09/15/06) std
Both ISPs are NOT filtering pptp or port 1723 (as verified by the linux to linux tests.
Both linksys have identical settings from page to page except for the values of their subnets & ISP connction info. (I compared them side by side)
I'm clueless as how to continue to diagnose the problem as the pptp Server on network B does not produce any traffic reports in /var/log/messages about failed pptp attempts.
Posted: Sun Sep 24, 2006 20:09 Post subject: UPDATE to problem.
After a break for a bit to let my head clear from all the data I went back and using an xp client from INSIDE Network B I created a pptp client connection.
The PPTP client connection from host 192.168.2.10 was able to connect to the router at 192.168.2.1. Of course this is on the inside of the Network B subnet but I can rule out password mis-configuration or broken pptp server.
I'm still open to suggestions on how to debug this issue though.