Setup PPTP server using OpenWRT

Apr 262013
 
 April 26, 2013  Posted by at 12:45 pm Tutorial, vpn Tagged with: , , ,  Add comments

DON”T USE PPTP ITS INSECURE!! USE OPENVPN INSTEAD. HERE IS A TUTORIAL -> http://jasonschaefer.com/openvpn-on-the-openwrt

That said, if you want to setup pptp on the openwrt here is a guide.
The router is Backfire 10.03.1 at address 192.168.11.1/24. This configuration will setup the PPtP VPN server and it should be pointed out that its not a very secure VPN. Basically, it requires that someone capture the authentication handshake of a pptp connection. Then extract the keys and crack the hashes or bruteforce. There is a service that was released last year that will crack these keys and produce the authentication hash, that can auth as the password. This was done to encourage people to stop using this lame technology. Here is a great write up that will answer all questions https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

With the above insecurity disclaimer and a note that this really shouldn’t be used for anything requiring real security. I proceed..

opkg install pptpd kmod-mppe

== /etc/pptpd.conf ==

#debug
option /etc/ppp/options.pptpd
speed 115200
stimeout 10
localip 192.168.11.1
remoteip 192.168.11.40-49

== /etc/ppp/options.pptpd ==

debug
logfile /tmp/pptp-server.log
192.168.11.1:
auth
name "pptp-server"
lcp-echo-failure 3
lcp-echo-interval 60
default-asyncmap
mtu 1482
mru 1482
nobsdcomp
nodeflate
proxyarp #required to be able to connect to the lan subnet without being directly connected.
#noproxyarp
#nomppc
mppe required,no40,no56,stateless
require-mschap-v2
refuse-chap
refuse-mschap
refuse-eap
refuse-pap
ms-dns 192.168.11.1

== /etc/ppp/chap-secrets ==

#USERNAME PROVIDER PASSWORD IPADDRESS
jason * testypass *

== /etc/firewall.user ==

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Allow all traffic in and out of the ppp interface. No reason to specify nets.
iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT
# This rule will allow traffic towards internet
iptables -A forwarding_rule -i ppp+ -j ACCEPT

== /etc/config/firewall ==

config 'rule'
option 'target' 'ACCEPT'
option '_name' 'pptpd'
option 'src' 'wan'
option 'proto' 'tcpudp'
option 'dest_port' '1723'

  2 Responses to “Setup PPTP server using OpenWRT”

  1. moussa says:
    November 20, 2016 at 12:00 pm

    its not working with me,
    i followed all the steps,
    i hope you can help me

  2. jason says:
    December 9, 2016 at 10:10 pm

    moussa
    Its been so long since I used pptp and am very little help now. Pptp is dead and this tutorial is old (openwrt 10.03). I know you probably have your reasons and don’t care about security but you should not use pptp! Openvpn is where you should spend your precious time. life is too short to use pptp.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

CAPTCHA

*