PPTP Client - incorrect route

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
evidence
DD-WRT Novice


Joined: 14 Jul 2006
Posts: 3

PostPosted: Fri Jul 14, 2006 21:09    Post subject: PPTP Client - incorrect route Reply with quote
My PPTP client connects succesfully and adds this entry to the routing table:

201.48.140.22 * 255.255.255.255 UH 0 0 0 ppp0

Problem is shouldn't this be going out vlan1 instead of ppp0? I am not able to ping across the VPN or access any resources until I drop in

route add -host 201.48.140.22 gw 70.162.78.1 dev vlan1

at that point I remove the route out over the ppp0

route del -host 201.48.140.22 dev ppp0

and all works fine. I'm also wondering why if I just remove the new route over ppp0 it doesnt have the same effect? In theory it should just be following the 0.0.0.0 route that would match the one I added... Is this a bug or is somethin b0rked with my setup?

Also would it be possible to add the option for multiple remote networks for the pptp client? Would make it more fun than adding all the routes manually on a lost link/reboot Very Happy


Last edited by evidence on Fri Jul 14, 2006 21:31; edited 2 times in total
Sponsor
evidence
DD-WRT Novice


Joined: 14 Jul 2006
Posts: 3

PostPosted: Fri Jul 14, 2006 21:18    Post subject: Reply with quote
Not working default:

/tmp/pptpd_client # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
201.48.140.22 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
201.48.140.0 * 255.255.255.0 U 0 0 0 ppp0
70.162.76.0 * 255.255.252.0 U 0 0 0 vlan1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default ip70-162-76-1.p 0.0.0.0 UG 0 0 0 vlan1


Also not working:

/tmp/pptpd_client # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
201.48.140.0 * 255.255.255.0 U 0 0 0 ppp0
70.162.76.0 * 255.255.252.0 U 0 0 0 vlan1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default ip70-162-76-1.p 0.0.0.0 UG 0 0 0 vlan1


Working:

/tmp/pptpd_client # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
201.48.140.22 ip70-162-78-1.p 255.255.255.255 UGH 0 0 0 vlan1
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
201.48.140.0 * 255.255.255.0 U 0 0 0 ppp0
70.162.76.0 * 255.255.252.0 U 0 0 0 vlan1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default ip70-162-76-1.p 0.0.0.0 UG 0 0 0 vlan1
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sat Jul 15, 2006 5:13    Post subject: Reply with quote
i had the same problem, I added the following to my ip-up script....also modified the source to include this and recompiled, so I can use the pptp-client in the web gui, or stand-alone.

added line 4,5,8,9

#!/bin/sh
REMOTESUB=$(/usr/sbin/nvram get pptpd_client_srvsub)
REMOTENET=$(/usr/sbin/nvram get pptpd_client_srvsubmsk)
PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip)
PPTPGWY=$(/usr/sbin/nvram get wan_gateway)
case "$6" in
kelokepptpd)
/sbin/route add -host $PPTPSERVER gw $PPTPGWY dev vlan1
/sbin/route del default gw $PPTPGWY dev vlan1
/sbin/route add -net $REMOTESUB netmask $REMOTENET dev $1

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
pixeljuice
DD-WRT Novice


Joined: 21 Sep 2006
Posts: 14

PostPosted: Sun Sep 24, 2006 23:09    Post subject: choppy pptp connection Reply with quote
Thanks Tornado, I modified (manually at this stage) my ip-up script in similar way. I didn't delete the default gateway, because I wanted traffic to go on my internet connection and only pptp traffic to go through the 'vpn'.

However, I experienced a very choppy connection to the vpn. I could ping hosts but connection over SSH or VNC was extremely slow and seemed to hang most of the time - basically unworkable. When connecting directly from my PC it worked just fine.

I have no idea what's wrong...
m_elk
DD-WRT Novice


Joined: 19 Oct 2006
Posts: 9

PostPosted: Fri Oct 20, 2006 14:15    Post subject: Reply with quote
Hi

I am having a problem that seems to resemble what is discussed above and I would greatly appreciate any help:

I'm trying to get Internet Access using PPTP with my ISP.

The setup is this

My router WHR-HP-54 (Firmware: DD-WRT v23 SP2 (09/13/06) special, pre-flashed from DD-WRT shop) gets a DHCP assigned addres from the ISP (e.g. 10.0.114.232 / 255.255.255.0, gateway 10.0.114.1)
It should contact a PPTP server on 10.1.1.1 to get access to the Internet.

I have set up PPTP client in Administration -> Services.
Server IP: 10.1.1.1
Remote subnet: 130.228.36.0 (I'm not going to use that remote subnet, but it is required in the setup..)
Remote subnet mask: 255.255.255.0
Mppe encryption: (none)
MRU: 1450
MTU: 1450
NAT: Enable
Username and password....

Options:
Code:
/tmp/pptpd_client # cat /tmp/pptpd_client/options.vpn
defaultroute
lock
noauth
nodetach
refuse-eap
lcp-echo-failure 3
lcp-echo-interval 2
persist
usepeerdns
idle 0
ip-up-script /tmp/pptpd_client/ip-up
ip-down-script /tmp/pptpd_client/ip-down
ipparam kelokepptpd
mtu 1450
mru 1450


Log for ./vpn debug:
Code:
PID file created
Attempting initial connect
using channel 2
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <magic 0x11e3ca77> <pcomp> <accomp>]
rcvd [proto=0x506c] 75 67 69 6e 20 63 68 65 63 6b 75 73 65 72 2e 73 6f 20 6c 6f 61 64 65 64 2e 0d 0a 63 68 65 63 6b ...
Discarded non-LCP packet when LCP not open
rcvd [LCP ConfReq id=0x1 <mru 1000> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4c2ffef1> <pcomp> <accomp> <mrru 1000> <endpoint 13
09 03 00 02 55 b7 fd 49>]
sent [LCP ConfRej id=0x1 <mrru 1000>]
rcvd [LCP ConfAck id=0x1 <mru 1450> <asyncmap 0x0> <magic 0x11e3ca77> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <mru 1000> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4c2ffef1> <pcomp> <accomp> <endpoint 13 09 03 00 02
55 b7 fd 49>]
sent [LCP ConfAck id=0x2 <mru 1000> <asyncmap 0x0> <auth chap MS-v2> <magic 0x4c2ffef1> <pcomp> <accomp> <endpoint 13 09 03 00 02
55 b7 fd 49>]
sent [LCP EchoReq id=0x0 magic=0x11e3ca77]
rcvd [LCP EchoReq id=0x0 magic=0x4c2ffef1]
sent [LCP EchoRep id=0x0 magic=0x11e3ca77]
rcvd [CHAP Challenge id=0xdc <8b42d1aaf269b51b3ca950d89c3b4803>, name = "nesa.jay.net"]
sent [CHAP Response id=0xdc <653293ef7c5a9d816af78f12fb91cb5b00000000000100003d4c34be5c007f94b42cde615584a38c62af617960ea8c1a00>,
name = "xxxxxxxxxxx"]
rcvd [LCP EchoRep id=0x0 magic=0x4c2ffef1]
rcvd [CHAP Success id=0xdc "S=AA54ACA9CF0631486CDE14FA44B45D151FC3E109 M=Access granted"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C> <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.1.1> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfAck id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 81.19.236.186> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
sent [IPCP ConfRej id=0x1 <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
rcvd [CCP ConfRej id=0x1 <mppe -H -M -S -L -D +C>]
sent [CCP ConfReq id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
rcvd [IPCP ConfNak id=0x1 <addr 81.7.179.128> <ms-dns1 81.19.224.67> <ms-dns3 81.19.224.134>]
sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 81.7.179.128> <ms-dns1 81.19.224.67> <ms-dns3 81.19.224.134>]
rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 81.19.236.186>]
sent [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 81.19.236.186>]
rcvd [CCP ConfAck id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 81.7.179.128> <ms-dns1 81.19.224.67> <ms-dns3 81.19.224.134>]
local  IP address 81.7.179.128
remote IP address 81.19.236.186
primary   DNS address 81.19.224.67
secondary DNS address 81.19.224.134
Script /tmp/pptpd_client/ip-up started (pid 1866)
Script /tmp/pptpd_client/ip-up finished (pid 1866), status = 0x0
Script ?? finished (pid 1860), status = 0x0
sent [CCP ConfReq id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
rcvd [CCP ConfReq id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfAck id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
rcvd [CCP ConfAck id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2 <deflate 15> <deflate(old#) 15> <bsd v1 15>]


So contact seems to be made.

After this I get

Code:
~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
81.19.236.186   *               255.255.255.255 UH    0      0        0 ppp0
130.228.36.0    *               255.255.255.0   U     0      0        0 ppp0
10.0.114.0      *               255.255.255.0   U     0      0        0 vlan1
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.114.1      0.0.0.0         UG    0      0        0 vlan1


But ping 81.19.236.186 does NOT give any result.

Removing the host as discussed makes ping work:

Code:
~ # route del -host 81.19.236.186 dev ppp0
~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
130.228.36.0    *               255.255.255.0   U     0      0        0 ppp0
10.0.114.0      *               255.255.255.0   U     0      0        0 vlan1
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.114.1      0.0.0.0         UG    0      0        0 vlan1
~ # ping 81.19.236.186
PING 81.19.236.186 (81.19.236.186): 56 data bytes
64 bytes from 81.19.236.186: icmp_seq=0 ttl=52 time=2.4 ms


But I can not ping anything beyond.

I have also tried:

Code:
~ # route del default gw 10.0.114.1 dev vlan1
~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.1.1        10.0.114.1      255.255.255.255 UGH   0      0        0 vlan1
130.228.36.0    *               255.255.255.0   U     0      0        0 ppp0
10.0.114.0      *               255.255.255.0   U     0      0        0 vlan1
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo

~ # route add -host 81.19.236.186 gw 10.0.114.1 dev vlan1
~ # ping 81.19.236.186
PING 81.19.236.186 (81.19.236.186): 56 data bytes
64 bytes from 81.19.236.186: icmp_seq=0 ttl=52 time=1.9 ms


- but still no ping to anything outside.

I tried

Code:
route add default gw 81.19.236.186


but that did not give any new route entries.

Can anyone telle me what I am missing here?

PS. If I attach a PC running XP instead of the router, uses DHCP and fire up PPTP with server 10.1.1.1 it works and gives access to all of the Internet.... So it is a problem with the routers configuration.

_________________
Buffalo WHR-HP-G54
DD-WRT v23 SP2 (09/15/06) std
m_elk
DD-WRT Novice


Joined: 19 Oct 2006
Posts: 9

PostPosted: Sat Oct 21, 2006 23:45    Post subject: Reply with quote
Hi again

I have made it work now in v23SP2.

1) It seems that one SHOULD be able to ping the remote end of the ppp0 interface
The reason I could not ping it was that the pptp interface seemed too be up but was not transmitting any packages. My ISPs pptp implementation does not use mppe and it was important to set nomppe to make it work. Also, mru and mtu were important to set right. Finally, loopback should be disabled (as the various refs say already). Apart from that it's just a plain generic v23Sp2 with no other changes (ecept I changed the LAN DHCP pool for other reasons). Remember also to check NAT in the GUI pptp client setup, otherwise you won't be able to route from the LAN to the PPTP provided WAN.

Here is my options.vpn
Code:
~ # cat /tmp/pptpd_client/options.vpn
defaultroute
lock
noauth
nodetach
refuse-eap
lcp-echo-failure 3
lcp-echo-interval 2
persist
usepeerdns
idle 0
ip-up-script /tmp/pptpd_client/ip-up
ip-down-script /tmp/pptpd_client/ip-down
ipparam kelokepptpd
nomppe
mtu 1000
mru 1000
name xxxxxxxxxxxx
password xxxxxxxxx


Routing: I want to use this PPTP connection as the default gateway for all of the Internet. So the relevant network / netmask is 0.0.0.0 / 0.0.0.0. That can be set in the GUI. BUT that will conflict with the route to the PPTP server and the default route already set. So some routing has to be added.

Before launching pptp, the route table is
Code:
~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.114.0      *               255.255.255.0   U     0      0        0 vlan1
10.100.0.0     *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         10.0.114.1      0.0.0.0         UG    0      0        0 vlan1


Before launching pptp, I want to make a specific route for the PPTP server (10.1.1.1) and drop the default route:
Code:
route add -host 10.1.1.1 gw 10.0.114.1 dev vlan1
route del default gw 10.0.114.1 dev vlan1


Launching PPTP after that makes everything work:
Code:
~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
81.19.236.186   *               255.255.255.255 UH    0      0        0 ppp0
10.1.1.1        10.0.114.1      255.255.255.255 UGH   0      0        0 vlan1
10.0.114.0      *               255.255.255.0   U     0      0        0 vlan1
10.100.0.0      *               255.255.255.0   U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         *               0.0.0.0         U     0      0        0 ppp0
~ # ping www.yahoo.com
PING www.yahoo-ht2.akadns.net (209.73.186.238): 56 data bytes
64 bytes from 209.73.186.238: icmp_seq=0 ttl=45 time=103.7 ms


Start-up script:
I want to change that route at startup so that PPTP starts with the right setup of routes automatically. That can be achieved by the following commands:
Code:
nvram set rc_startup='PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip);
PPTPGWY=$(/usr/sbin/nvram get wan_gateway);
sleep 10;
route add -host $PPTPSERVER gw $PPTPGWY dev vlan1;
route del default gw $PPTPGWY dev vlan1;
'
nvram commit


With that the router boots up and connects to the Internet automatically allowing access also from the LAN to the Internet.

I hope this might help someone.

_________________
Buffalo WHR-HP-G54
DD-WRT v23 SP2 (09/15/06) std
darkan
DD-WRT Novice


Joined: 24 Jan 2007
Posts: 5

PostPosted: Wed Jan 24, 2007 22:47    Post subject: Reply with quote
Hi m_elk!
Thank you for your post!it's help me to configure a vpn shared access Wink
but now i can't connect to any microsoft site and can't connect to msn live messenger Sad
if i disable pptp client and connet via vpn client on my pc all it's ok...
can anyone help me?
darkan
DD-WRT Novice


Joined: 24 Jan 2007
Posts: 5

PostPosted: Sat Jan 27, 2007 10:40    Post subject: Reply with quote
darkan wrote:
Hi m_elk!
Thank you for your post!it's help me to configure a vpn shared access Wink
but now i can't connect to any microsoft site and can't connect to msn live messenger Sad
if i disable pptp client and connet via vpn client on my pc all it's ok...
can anyone help me?


solved!changing the mtu/mru values... from 1500 to 1460... Smile
qubit
DD-WRT Novice


Joined: 09 Sep 2006
Posts: 19
Location: Denver, CO

PostPosted: Wed Dec 02, 2009 21:35    Post subject: Reply with quote
Over 3 years later and this is still a problem. Just spent the last 2 hours trying to find why trying to setup a pptp tunnel, it would kill itself after a couple minutes, and no traffic would go across it.
Turned out to be the bad route statement (along with bad default MTU, but that can be changed easily enough).

Overrode the route and it works fine now.

Getting this fixed would be nice. And I really dont see how this hasnt been noticed, seriously, pptp not working at all without this hack seems glaringly obvious.
zakalibit
DD-WRT Novice


Joined: 19 Oct 2006
Posts: 2

PostPosted: Wed Jul 07, 2010 1:15    Post subject: Reply with quote
Saved the following in the startup script:

Code:

#!/bin/sh
sleep 120
PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip)
PPTPGWY=$(/usr/sbin/nvram get wan_gateway)
/sbin/route add -host $PPTPSERVER gw $PPTPGWY dev vlan1
/sbin/route del default
/sbin/route add default dev ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE


and it made my internet tunneled through VPN connection
Jsahoka
DD-WRT Novice


Joined: 16 Feb 2011
Posts: 1

PostPosted: Sun Aug 11, 2013 7:27    Post subject: update Reply with quote
Its 2013 now, and I believe this bug is still in DD-WRT. Have seen numerous posts about PPTP-Client not working correct and it indeed seems to be a routing problem. (Running version 22118)

Any love for PPTP-client from the developers would be nice!
Brett Glass
DD-WRT User


Joined: 16 Jul 2010
Posts: 112

PostPosted: Thu Dec 19, 2013 3:43    Post subject: PPTP WAN client still broken after many years Reply with quote
We have not been able to use DD-WRT for many years, even though we wanted to, because PPTP connections on the WAN port are broken. We even offered to PAY to have the problems fixed; no response. We're still open to doing so.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum