0) Briefing
- Up until now
- OpenWrt installed, password set = ssh enable, Wifi enable, DDNS done
- 4.77MB memory left (4884B)
- What next
- Install PPTP server
- Add custom rules to firewall
- pptpd in Openwrt do not have any web interface, so be prepared.
——————————————————————————–
1) Install pptpd
- Open up your favorite terminal and login into the router
ssh [email protected]
- These commands will update database, list the software in the database and search the list:
opkg update && opkg list | grep -a pptpd
- Install pptpd and kmod-mppe:
opkg install pptpd kmod-mppe
- Enable pptpd to startup itself at boot, and start the service now:
/etc/init.d/pptpd enable /etc/init.d/pptpd start
——————————————————————————–
3) Setup pptpd
- There are 2 files to edit:
- /etc/ppp/options.pptpd
- /etc/ppp/chap-secrets
3.1) Edit options.pptpd
- options.pptpd governed how pptpd should work
- Edit the following config file
vi /etc/ppp/options.pptpd
- Here are the details:
#debug
#logfile /tmp/pptp-server.log
192.168.1.1:Your Server address, at the moment the easiest way to get it work is to set it the same as your router address
auth
name “pptp-server”If you change the server name, remember to change it at /etc/ppp/chap-secrets as well, vice versa
lcp-echo-failure 3
lcp-echo-interval 60
default-asyncmap
mtu 1482
mru 1482
nobsdcomp
nodeflate
#noproxyarp
#proxyarp
#nomppc
#mppe required,no40,no56,statelessI have disable mppe encryption connection, faster data rate, but less secure.
require-mschap-v2
refuse-chap
refuse-mschap
refuse-eap
refuse-pap
ms-dns 192.168.3.1
#plugin radius.so
#radius-config-file /etc/radius.conf
3.2) Edit chap-secrets
- chap-secrets manage all pptp client login informations
- First change the read/write right for the file
chmod 600 /etc/ppp/chap-secrets
- Edit the following config file
vi /etc/ppp/chap-secrets
- Here are the details:
#USERNAME PROVIDER PASSWORD IPADDRESS
mary pptp-server her_password 192.168.1.101
john pptp-server his_password 192.168.1.102
——————————————————————————–
4) Add custom rules to iptables
- By default iptables only allow passive connection from outside, to enable active connection from the Internet, you have to add rules to iptables and allow pptp client to connect from outside.
- By adding rules to this file, it will automatically add to the iptables at every reboot
- Edit the following file:
vim /etc/firewall.user
- Add the following lines to the file:
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
iptables -A input_wan -p tcp –dport 1723 -j ACCEPT
iptables -A input_wan -p gre -j ACCEPTiptables -A input_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT- The first 2 iptables rules allow remote client to connect from the Internet.
- The last 4 iptables rules allow connected client to contact local computer and out to the Internet.
——————————————————————————–
Really liked this post. Have been using Openvpn solution on my TP-Link WDR3600, but I have to give up on other packages because of the low memory (having some trouble mounting /overlay with latest trunk releases…).
This VPN solution seems much more lightweight and easy to set-up, as well as it’s natively supported by Android and Windows.
The only part that I would like to know is how to setup the firerwall settings using Luci… I can see that I have to open TCP port 1723, but that’s all I can undestand.
Could you please tell me what rules to add using UCI?
Thanks