PPTP Server Configuration

From DD-WRT Wiki

Revision as of 21:03, 22 August 2006 by AlReece45 (Talk | contribs)
Jump to: navigation, search

This is a configuration guide to get a "PPTP Server" working on WRT54G/GS DD-WRT V2.3

A PPTP Server lets us get connected securely from our home to the Office LAN, so you can use the services provided in your office at the confort of your home. It should noted that PPTP is broken and depreciated. PPTP Security For alternative, see OpenVPN


Setting up PPTP

Tested using version DD-WRT 2.3 "VOIP" on WRT54GS router

  1. Make sure you have flashed the "RIGHT" firmware to your router.
  2. Goto the Web Administration and goto the "ADMINISTRATION" Tab, and the "SERVICES" sub-tab.
  3. Go down and you will see "PPTP Server". This option is disabled by default, so to setup PPTP, you click "ENABLE".
  4. (In newer versions, this step may be skipped because the options are automatically shown when you click.) Click enable and then click "Save Settings"). After you see the message "Settings Are Successful" click "Continue"
  5. While still in the "SERVICES" sub-tab, complete the options you need. Descriptions of options can be found below.
  6. Finally, go down, Save Settings, and then click on "REBOOT ROUTER", this step is very important, no mather what you have configured, if you dont reboot router, settings will not work.
  7. Once you have completed the data input go down an click on "Save Settings" to save changes, now on the page "Settings Are Succesfull" click on "Continue" and again on "SERVICES" tab, where you doublecheck the values of your PPTP server.

NOTE: After you have done this, only computers the Windows Operating System will be able to connect through the WAN port of the router. Many other operating systems will not work and trying to connect from a LAN port will not work.

Any questions can be posted on the forums or emailed to: m_semino@hotmail.com

Setting up for Mac OS X

If you are using MacOSX, you may experience problems while connecting to the DD-WRT PPTP server, the console should display:

   Sat Jun 10 02:43:15 2006 : Refusing MPPE stateful mode offered by peer
   Sat Jun 10 02:43:15 2006 : MPPE required but peer negotiation failed

To setup the PPTP server for MacOS X, see the

So in order to setup the PPTP server for MacOS X, you have to modify the folowing:

In the DD-WRT Web Interface, goto Administration > Diagnostics. Past the following script in the commands area.


   echo 'lock' > /tmp/pptpd/options.pptpd
   echo 'name *' >> /tmp/pptpd/options.pptpd
   echo 'proxyarp' >> /tmp/pptpd/options.pptpd
   echo 'ipcp-accept-local' >> /tmp/pptpd/options.pptpd
   echo 'ipcp-accept-remote' >> /tmp/pptpd/options.pptpd
   echo 'lcp-echo-failure 3' >> /tmp/pptpd/options.pptpd
   echo 'lcp-echo-interval 5' >> /tmp/pptpd/options.pptpd
   echo 'deflate 0' >> /tmp/pptpd/options.pptpd
   echo 'auth' >> /tmp/pptpd/options.pptpd
   echo '-chap' >> /tmp/pptpd/options.pptpd
   echo '-mschap' >> /tmp/pptpd/options.pptpd
   echo '+mschap-v2' >> /tmp/pptpd/options.pptpd
   echo 'mppe required' >> /tmp/pptpd/options.pptpd                     #this line forces encryption and fixes OS X
   echo 'mppe stateless' >> /tmp/pptpd/options.pptpd
   echo 'mppc' >> /tmp/pptpd/options.pptpd
   echo 'ms-ignore-domain' >> /tmp/pptpd/options.pptpd
   echo 'chap-secrets /tmp/pptpd/chap-secrets' >> /tmp/pptpd/options.pptpd
   echo 'ip-up-script /tmp/pptpd/ip-up' >> /tmp/pptpd/options.pptpd
   echo 'ip-down-script /tmp/pptpd/ip-down' >> /tmp/pptpd/options.pptpd
   echo 'ms-dns'   >> /tmp/pptpd/options.pptpd              #enter your router's ip here
   echo 'mtu 1450' >> /tmp/pptpd/options.pptpd
   echo 'mru 1450' >> /tmp/pptpd/options.pptpd

Be sure to replace "" with the LAN IP Address of your router if it's different. Now, Submit the form by clicking "Save Startup". The router is now configured you can test the connection.

Source: Blogspot


PPTP Server

Enables or Disables the Service.

Server IP

Your LAN IP Address.


Client IP(s)

The client IP range. IPs in this range are given clients trying to connect. Should be a valid IP Address on the LAN segment of the network.

Example: 192.168.100-120


Ther Username and Passwords used by to login to the PPTP server are configured here. Pay close attention to the use of spaces and asterisks between usernames and passwords, authentication will not work without them.

General Syntax:

 Username * Password *
 (username_to_use,blank space,asterisk,blank space,password_to_use,blank space,asterisk)


marcelo * semino *
eduardo * crea *

The above will create two accounts: 'marcelo' and '"eduardo"' with the passwords '"semino"' and '"crea"' respectively.

WARNING: Do NOT forget the spaces between asterisk and usernames/passwords. If you omit them it will not work.


Windows XP & Internet Connection

If using the VPN connection software built into Windows XP, you might find that your internet connection will die once the vpn connection is established. This is a result of the default settings for Windows XP VPN connections. To fix this, do the following:

 Click Start
 Go to the Control Panel
 Go to Network Connections
 Right click your VPN connection and select properties
 Go to the networking tab and double-click TCP/IP
 Click the Advanced button on the window that opens
 Uncheck the box titled "Use the default gateway of the remote network

Hit ok on all related windows so that your changes are saved.


In order to get this to work it's essential to disable "loopback" otherwise it doesn't work (loopback was enabled as default in my firmware version (v.23 std)! Note: Using V23SP1-VOIP 6/5/06, PPTP Server was verified working even with "loopback" enabled (pagedude 6/25/06)

Special Characters

Check passwords (chap-secrets file) for special characters ( # - Character in password breaks pptp). The admin password of the router is inserted into chap-secrets by default! --Krikkit 12:12, 7 Mar 2006 (CET)

Outgoing PPTP Connections

Another issue in v.23 is that outgoing pptp-trafic cannot pass-through the router with pptp-server enabled. There is a fairly complicated fix for this issue in the dd-wrt forum. [edit]


DMZ must be DISABLED in order to work --ptodic 21:36, 8 Mar 2006 (CET)


If your unable to connect to the PPTP server or can occasionally but not for more than a few minutes at a time, and you use a WAN device that does PPPoE onboard (Like a SpeedStream 5100b DSL Modem) -- You may have to disable the onboard PPPoE and use the PPPoE on the WRT54G. What happens is the GRE thats needed for PPTP sometimes gets messed up by your WAN device, probably because it uses a buggy layer 3 stack that corrupts or doesn't pass the GRE packets to your WRT.

  • server ip is the router's LAN ip -eg.

Two DD-WRT Boxes

If PPTP-connection between two dd-wrt boxes fail with error message "IPCP terminated by peer (Unauthorized remote IP address)" you need "noipdefault" option at client side. You can add pptpd.conf options through WEB gui using MPPE Encryption field. In this case set "MPPE Encryption" as "noipdefault mppe required". --Veekoo 12:51, 15 Aug 2006 (CEST)

==- DNS Issues ==-

Your client may not get the correct DNS setting. To correct this do the following.

To permanently set the WINS/DNS values for the PPTP server that assigned to the client, you can set/commit the following nvram params:


  nvram set pptpd_dns1=ip-address-of-first-dns-server 
  nvram set pptpd_dns2=ip-address-of-second-dns-server 
  nvram set pptpd_wins1=ip-address-of-first-wins-server 
  nvram set pptpd_wins2=ip-address-of-second-wins-server 


To have the PPTP server give out a wins/netBios address of "", you would type the following in a SSH/telnet session into the router:


  nvram set pptpd_wins1= 
  nvram commit 


To have the PPTP server give out a DNS address of "", you would type the following in a SSH/telnet session into the router:


  nvram set pptpd_dns1= 
  nvram commit