DON”T USE PPTP ITS INSECURE!! USE OPENVPN or WIREGUARD INSTEAD. TUTORIALS ->
That said, if you want to setup pptp on the openwrt here is a guide.
The router is Backfire 10.03.1 at address 192.168.11.1/24. This configuration will setup the PPtP VPN server and it should be pointed out that its not a very secure VPN. Basically, it requires that someone capture the authentication handshake of a pptp connection. Then extract the keys and crack the hashes or bruteforce. There is a service that was released last year that will crack these keys and produce the authentication hash, that can auth as the password. This was done to encourage people to stop using this lame technology. Here is a great write up that will answer all questions https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
With the above insecurity disclaimer and a note that this really shouldn’t be used for anything requiring real security. I proceed..
opkg install pptpd kmod-mppe
== /etc/pptpd.conf ==
#debug option /etc/ppp/options.pptpd speed 115200 stimeout 10 localip 192.168.11.1 remoteip 192.168.11.40-49
== /etc/ppp/options.pptpd ==
debug logfile /tmp/pptp-server.log 192.168.11.1: auth name "pptp-server" lcp-echo-failure 3 lcp-echo-interval 60 default-asyncmap mtu 1482 mru 1482 nobsdcomp nodeflate proxyarp #required to be able to connect to the lan subnet without being directly connected. #noproxyarp #nomppc mppe required,no40,no56,stateless require-mschap-v2 refuse-chap refuse-mschap refuse-eap refuse-pap ms-dns 192.168.11.1
== /etc/ppp/chap-secrets ==
#USERNAME PROVIDER PASSWORD IPADDRESS jason * testypass *
== /etc/firewall.user ==
# This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. # Allow all traffic in and out of the ppp interface. No reason to specify nets. iptables -A input_rule -i ppp+ -j ACCEPT iptables -A output_rule -o ppp+ -j ACCEPT # This rule will allow traffic towards internet iptables -A forwarding_rule -i ppp+ -j ACCEPT
== /etc/config/firewall ==
config 'rule' option 'target' 'ACCEPT' option '_name' 'pptpd' option 'src' 'wan' option 'proto' 'tcpudp' option 'dest_port' '1723'