PPTP Server Configuration

From DD-WRT Wiki

Revision as of 11:43, 22 August 2006 by Prune (Talk | contribs)
Jump to: navigation, search

This is a configuration guide to get a "PPTP Server" working on WRT54G/GS DD-WRT V2.3

A Little Brief : A PPTP Server lets us get connected securely from our home to the Office LAN, so you can use the services provided in your office at the confort of your home.

I'm using version DD-WRT 2.3 "VOIP" on WRT54GS router

  1. The first step in the configuration is to have flashed our WRT54G/GS with the "RIGHT" fimware, once you be sure about firmware , you have to go to the WEB Administration Page (http://ip_of_router), log on and go to the "ADMINISTRATION" tab, once you get there, do a click on "SERVICES" tab.
  2. Go down and you will see "PPTP Server" by default is "Disabled" you must "ENABLE" and go to the botton of the page and click on "Save Settings"
  3. The next thing you will see, is the message "Settings Are Successful" click on "Continue".
  4. Again in the tab "Services", go down , and you will see a few options under PPTP Server...

you have to complete the options in order to get PPTP server working,

Complete the options as follows:

PPTP Server = Enabled (this runs the service)

Server IP = here you have to write your LAN IP Address. Example: Server IP =

Client IP(s)= here you have to write the "clients" ip addresses range, this is used to give the clients, who are trying to connect, a valid ip address on the LAN segment of the network

 Example: (21 clients allowed)

CHAP-Secrets = Here you have to write the "Usernames" and "Passwords" that you want to assign to clients. Pay close attention to the use of spaces and asterisks between usernames and passwords, authentication will not work without them.

General Syntax:

Username * Password *
username_to_use,blank space,asterisk,blank space,password_to_use,blank space,asterisk 


fernando * bissio *
marcelo * semino *
eduardo * crea *

Do NOT forget the spaces between asterisk and usernames/passwords. If you omit them it will not work.

Once you have completed the data input go down an click on "Save Settings" to save changes, now on the page "Settings Are Succesfull" click on "Continue" and again on "SERVICES" tab, where you doublecheck the values of your PPTP server.

5) Finally, go down, and click on "REBOOT ROUTER", this step is very important, no mather what you have configured, if you dont reboot router, settings will not work.

Now you only have to get a Windows BOX in the internet, create a new VPN connection and try to connect to the linksys as the "PPTP Server", be carefully , test must be done FROM the internet to hit the WAN port of the router, if you try to connect from the inside of your LAN, it will not work.

If you have any questions do not hesitate to contact me m_semino@hotmail.com

Important Advice: I DO NOT have any relation with DD-WRT, I love their work, but at this moment i'm a user, just like you...

If using the VPN connection software built into Windows XP, you might find that your internet connection will die once the vpn connection is established. This is a result of the default settings for Windows XP VPN connections. To fix this, do the following:

 Click Start
 Go to the Control Panel
 Go to Network Connections
 Right click your VPN connection and select properties
 Go to the networking tab and double-click TCP/IP
 Click the Advanced button on the window that opens
 Uncheck the box titled "Use the default gateway of the remote network

Hit ok on all related windows so that your changes are saved.


  • Working with MacOSX : If you are using MacOSX, you may experience problems while connecting to the DD-WRT PPTP server, the console should display :

Sat Jun 10 02:43:15 2006 : Refusing MPPE stateful mode offered by peer
Sat Jun 10 02:43:15 2006 : MPPE required but peer negotiation failed

So in order to setup the PPTP server for MacfOS X, you have to modify the folowing : (It will not break the ability to connect from Windows/Linux etc...)
Under DD-WRT, click on Administration, Diagnostics. In the Commands text area, paste the following script:

    echo 'lock' > /tmp/pptpd/options.pptpd
    echo 'name *' >> /tmp/pptpd/options.pptpd
    echo 'proxyarp' >> /tmp/pptpd/options.pptpd
    echo 'ipcp-accept-local' >> /tmp/pptpd/options.pptpd
    echo 'ipcp-accept-remote' >> /tmp/pptpd/options.pptpd
    echo 'lcp-echo-failure 3' >> /tmp/pptpd/options.pptpd
    echo 'lcp-echo-interval 5' >> /tmp/pptpd/options.pptpd
    echo 'deflate 0' >> /tmp/pptpd/options.pptpd
    echo 'auth' >> /tmp/pptpd/options.pptpd
    echo '-chap' >> /tmp/pptpd/options.pptpd
    echo '-mschap' >> /tmp/pptpd/options.pptpd
    echo '+mschap-v2' >> /tmp/pptpd/options.pptpd
    echo 'mppe required' >> /tmp/pptpd/options.pptpd                     #this line forces encryption and fixes OS X
    echo 'mppe stateless' >> /tmp/pptpd/options.pptpd
    echo 'mppc' >> /tmp/pptpd/options.pptpd
    echo 'ms-ignore-domain' >> /tmp/pptpd/options.pptpd
    echo 'chap-secrets /tmp/pptpd/chap-secrets' >> /tmp/pptpd/options.pptpd
    echo 'ip-up-script /tmp/pptpd/ip-up' >> /tmp/pptpd/options.pptpd
    echo 'ip-down-script /tmp/pptpd/ip-down' >> /tmp/pptpd/options.pptpd
    echo 'ms-dns'   >> /tmp/pptpd/options.pptpd              #enter your router's ip here
    echo 'mtu 1450' >> /tmp/pptpd/options.pptpd
    echo 'mru 1450' >> /tmp/pptpd/options.pptpd

Make sure to replace "" with the LAN IP of your router, if it's different. Click the Save Startup button. The router is configured you can test the connection.
This tip was taken from the website : http://office20.blogspot.com/2006/06/vpn-howto-linksys-dd-wrt-pptp-mac-os-x.html (thanks to 'Office 2.0')
--Prune 13:34, 22 Aug 2006 (CEST)

  • In order to get this to work it's essential to disable "loopback" otherwise it doesn't work (loopback was enabled as default in my firmware version (v.23 std)! Note: Using V23SP1-VOIP 6/5/06, PPTP Server was verified working even with "loopback" enabled (pagedude 6/25/06)
  • check passwords (chap-secrets file) for special characters ( # - Character in password breaks pptp) ...the admin password of the router is inserted into chap-secrets by default! --Krikkit 12:12, 7 Mar 2006 (CET)
  • Another issue in v.23 is that outgoing pptp-trafic cannot pass-through the router with pptp-server enabled. There is a fairly complicated fix for this issue in the dd-wrt forum. [edit]
  • DMZ must be DISABLED in order to work --ptodic 21:36, 8 Mar 2006 (CET)
  • If your unable to connect to the PPTP server or can occasionally but not for more than a few minutes at a time, and you use a WAN device that does PPPoE onboard (Like a SpeedStream 5100b DSL Modem) -- You may have to disable the onboard PPPoE and use the PPPoE on the WRT54G. What happens is the GRE thats needed for PPTP sometimes gets messed up by your WAN device, probably because it uses a buggy layer 3 stack that corrupts or doesn't pass the GRE packets to your WRT.
  • server ip is the router's LAN ip -eg.
  • If PPTP-connection between two dd-wrt boxes fail with error message "IPCP terminated by peer (Unauthorized remote IP address)" you need "noipdefault" option at client side. You can add pptpd.conf options through WEB gui using MPPE Encryption field. In this case set "MPPE Encryption" as "noipdefault mppe required". --Veekoo 12:51, 15 Aug 2006 (CEST)

PPTP security

Since PPTP is broken and deprecated should it not be noted on the PPTP related pages that users should stay away from this? article about PPTP security. For alternative, see OpenVPN.

DNS issues

Your client may not get the correct DNS setting. To correct this do the following.

To permanently set the WINS/DNS values for the PPTP server that assigned to the client, you can set/commit the following nvram params:


  nvram set pptpd_dns1=ip-address-of-first-dns-server 
  nvram set pptpd_dns2=ip-address-of-second-dns-server 
  nvram set pptpd_wins1=ip-address-of-first-wins-server 
  nvram set pptpd_wins2=ip-address-of-second-wins-server 

Example: To have the PPTP server give out a wins/netBios address of "", you would type the following in a SSH/telnet session into the router:


  nvram set pptpd_wins1= 
  nvram commit 

Example: To have the PPTP server give out a DNS address of "", you would type the following in a SSH/telnet session into the router:


  nvram set pptpd_dns1= 
  nvram commit