OpenWRT: Allowing PPTP clients to connect

If the worst outcome of trying to upgrade the router firmware is that you might brick it, surely the second worst is when your wife is unable to connect to her VPN when a work emergency demands it.

Late on Monday night, Aish sat down to get some work done for a presentation she had the next day and the VPN just wouldn’t connect. DNS lookups for the VPN host name would succeed, but any attempt to ping it would not. I tried to ping the VPN server through a web service instead to verify that it wasn’t actually down; the ping did not respond. My wife noted that there weren’t any other folks complaining on the mailing lists so it was probably a loose bolt on our end.

To confirm that the host indeed was up, I just ran a quick port scan on the host. The scan reported that the VPN server did have the PPTP port 1723 open. A bit of Duck-Duck-Go ‘ing turned up that OpenWRT does not allow PPTP clients on the LAN to connect to WAN addresses by default. Since PPTP is a pure IP protocol, the router’s NAT cannot track such connections. This limitation is readily resolved by installing 2 packages on OpenWRT CHAOS CALMER (15.05, r46767):

opkg update
opkg install kmod-nf-nathelper-extra
opkg install pptp

And voila! Thats the secret to a happy married life 😉

Leave a Reply

Your email address will not be published. Required fields are marked *