Hi to all members. Is there a project involvind a gui for pptp ? A have troubles configuring an optware pptp server, nothing seems to work. I use shibby's mod because of the transmission gui that works great with the optware path. Is there anyone interested to implementing this feature ? I think there are alot of newcommers who would like to link their androids and iphones to the home.network without the hassle of the openvpn config. What do you think ?
I have an Optware PPTP server installed on a Linksys E4200 using optware and Toastman build. I followed the info provided to the letter. The only change I made was to place the PPTP server listener on the WAN interface. See the following post: PPTP Optware sever on Linksys E4200
I would like this feature too, but remember that the Tomato developers are doing most of the work on the Tomato Firmware in their spare time. If we really wan't this feature i suggest we ask the developers how much we should donate before they would implement it?
I guess I will make a donation but who is willing to do it ? I think this type of server must be implemented as native , the optware option is not as stable nor not as easy to install as we would like to be...
I would donate to. It would be nice to hear some feedback from the developers? Anyone of them willing to implement a PPTP server with GUI ???
How about we add asterisk gui too and make a statement of what you are willing to pay for that . This should work in conjuction with the standard optware install. Involving money should wake some interest from some developers. I think that a gui is easyer to make , all you have to do is to rewrite the cfg files and restart service. Well , I don't know that much programming to do that yet. Any help ?
Teaman has actually just made a version with experimental PPTP Server GUI. Take a look at http://code.google.com/p/tomato-sdhc-vlan/ I tried it but I couldn't get it to work but will try again later.
Give it another try. So far pretty much everyone who has tried it has found it to work very well indeed. It's included in my latest RT & RT-N VPN builds also.
Great that you have included it in your builds also. You guys rock Is it necessary to configure anything in the NAT or Firewall section in Tomato to make PPTP VPN work?
I have tried the PPTP server again. It works perfectly when i use my iPhone as a client (no need to configure any firewall settings or NAT in Tomato) The trouble starts when i try using Mac OS X 10.7.3 as a client. I have tried both encrypted (MPPE-128) and none encrypted. The log in Mac OS X says: 31/03/12 13.32.26,953 pppd: MS-CHAP authentication failed: Access denied 31/03/12 13.32.27,130 pppd: PPTP error when reading socket : EOF 31/03/12 13.32.27,130 pppd: PPTP error when reading header : read -1, expected 12 bytes 31/03/12 13.32.27,131 pppd: Connection terminated. 31/03/12 13.32.27,140 pppd: PPTP disconnecting... 31/03/12 13.32.27,140 pppd: PPTP disconnected Log in Tomato says: Peer "MYUSERNAME" failed CHAP authentication Any ideas, anyone?
Works with the Mac OS X 10.6.8 I have here... I wonder what might be different or have changed between those two versions... EDIT: I remember reading somewhere that for /some/ devices out there it is actually required to use/have/set a 'public-reachable' DNS server on your PPTP server settings, otherwise clients might be instructed to refuse connecting at all (although, I do realize the error messages you've posted do /not/ seem to be about this precise point, but then I thought... /what if?/). Best of luck!
Hi teaman, I tried adding my 'public-reachable' DNS server in the PPTP server settings and now VPN access from Mac OS X 10.7.3 works like a charm. THANK YOU VERY MUCH...
public VPN trick... closely related but also sometimes related to openvpn also. no idea why. learned to just use OpenDNS addresses on the router all the time.
It could be ISPs only accept DNS traffic from IPs within their range, and reject all other else. http://www.grc.com/dns/benchmark.htm Running this test I've noticed some IPs DNS will actively drop your queries.
Hi teaman, i am trying to connect with an ipad 2 from the inside of my network and get the following error-message: Apr 6 18:03:50 RT-N16 daemon.info pptpd[1603]: CTRL: Client 10.xx.xx.xx control connection started Apr 6 18:03:50 RT-N16 daemon.info pptpd[1603]: CTRL: Starting call (launching pppd, opening GRE) Apr 6 18:03:50 RT-N16 daemon.info pppd[1604]: Plugin rp-pppoe.so loaded. Apr 6 18:03:50 RT-N16 daemon.info pppd[1604]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5 Apr 6 18:03:50 RT-N16 daemon.err pppd[1604]: unrecognized option 'local' Apr 6 18:03:50 RT-N16 daemon.err pptpd[1603]: GRE: read(fd=6,buffer=4218bc,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Apr 6 18:03:50 RT-N16 daemon.err pptpd[1603]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Apr 6 18:03:50 RT-N16 daemon.debug pptpd[1603]: CTRL: Reaping child PPP[1604] Apr 6 18:03:50 RT-N16 daemon.info pptpd[1603]: CTRL: Client 10.10.10.76 control connection finished I also cannot connect from the outside. Any ideas?
Not sure what might be causing M_ars' problem, but I have a DNS issue going on that I'd appreciate advice on. My iPhone and laptop can connect just fine to the PPTP server remotely, but they can't access any DNS services from the router. I've tried leaving the DNS fields blank in the PPTP config. I've tried typing the router's LAN IP into one field. I've tried typing Google's DNS servers into the fields. I know I have connectivity because I can type the LAN IP of my Linux fileserver into Safari and I get its base Apache web page. But connections time out if I try to visit amazon.com or cnn.com. Does anyone have an idea of what might be going on? Thanks!
Does this have something to do with PPPOE? I found something on google and also here http://tomatousb.org/forum/t-357798#post-1162403 Tomato with PPTP and PPPoE I just wanted to setup my Tomato-Firmware to provide a PPTP-based VPN. Naturally I used the HOWTO, but sadly I ran into a problem where Google couldn't help. The log only showedpppd[8449]: unrecognized option 'local'But my config did not contain "local"! After I'd already given up and tried without PPTP, I stumbled over a post that made the problem obvious, although it did not offer a solution. The problem seems to be, that my router has to use PPPoE and therefore already has a config in /tmp/ppp which is then used for the VPN-connects. No wonder that didn't work.It seems that the path is hardwired into the pppd-binary. So the only solution I came up with, was to copy and modify the binary. Dirty of course, but at least working :-/ Found here http://dd9e.blogspot.de/2011/07/tomato-with-pptp.html
Does your connection use PPPoE (most DSL connections use PPPoE)? Seems like you might have found the problem, though apparently it requires a rewrite of some code to fix.
Unfortunately - no idea. Are you sure you guys are using a Teaman-RT or Teaman-ND firmware image to do this? And... did you guys erasing nvram before trying to reconfigure it, just to rule this out? I mean... I just did some quick testing and here's an E3000 running WAN with pppd (3G modem) and handling another pair of PPTP clients online simultaneously - that's 3 distinct pppd instances running, each with their own config path/files/settings/routes/rules Code: root@vader:/tmp/pptpd# ps | grep pp 2329 root 1560 S pppd file /tmp/ppp/wanoptions 2797 root 756 S pptpd -c /tmp/pptpd/pptpd.conf -o /tmp/pptpd/options.pptpd -C 6 2798 root 764 R /usr/sbin/bcrelay -i br0 -o ppp[4-9].* -n 2799 root 764 R /usr/sbin/bcrelay -i ppp[4-9].* -o br0 -n 3422 root 868 S pptpd [187.xx.xxx.86:72B9 - 0280] 3423 root 1556 S /usr/sbin/pppd local file /tmp/pptpd/options.pptpd 115200 192.168.xxx.xx2:192.168.xxx.81 ipparam 187.xx.xxx.86 3427 root 868 S pptpd [189.xx.xxx.76:C017 - 0300] 3428 root 1556 S /usr/sbin/pppd local file /tmp/pptpd/options.pptpd 115200 192.168.xxx.xx2:192.168.xxx.82 ipparam 189.xx.xxx.76 3528 root 1708 S grep pp root@vader:/tmp/pptpd# root@vader:/tmp/pptpd# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.xx.xx.xx 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.xxx.82 0.0.0.0 255.255.255.255 UH 0 0 0 ppp5 192.168.xxx.81 0.0.0.0 255.255.255.255 UH 0 0 0 ppp4 192.168.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 172.xx.xx.0 0.0.0.0 255.255.255.0 U 0 0 0 br1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.xx.xx.xx 0.0.0.0 UG 0 0 0 ppp0 root@vader:/tmp/pptpd# root@vader:/tmp/pptpd# ifconfig | egrep -i 'link|inet' br0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:86 inet addr:192.168.xxx.xx2 Bcast:192.168.xxx.255 Mask:255.255.255.0 br1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:86 inet addr:172.xx.xx.xx2 Bcast:172.xx.xx.255 Mask:255.255.255.0 eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:86 eth1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:88 eth2 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:89 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host ppp0 Link encap:Point-to-Point Protocol inet addr:189.xx.xxx.102 P-t-P:10.xx.xx.xx Mask:255.255.255.255 ppp4 Link encap:Point-to-Point Protocol inet addr:192.168.xxx.xx2 P-t-P:192.168.xxx.81 Mask:255.255.255.255 ppp5 Link encap:Point-to-Point Protocol inet addr:192.168.xxx.xx2 P-t-P:192.168.xxx.82 Mask:255.255.255.255 vlan1 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:86 vlan2 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:87 vlan3 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:86 root@vader:/tmp/pptpd# Unfortunately, I have no ADSL service here - so that's the closest I could get. Best of luck!
@M_ars: Have you tried adding "nopcomp" and "noaccomp" in options.pptpd? They are specific to iPhone and iPad. I was able to connect and get an ip address after adding them. PPTP server works perfectly for Windows clients but I cant get it to work with WebOS. I get a "No response to 10 echo-requests" error and "0 bytes sent 0 bytes recieved" and then I get disconnected. I have manually forwarded port 47, 1723, 1792 to 192.168.1.1 (PPTP server) but haven't had any luck so far. Also, try unchecking GRE/PPTP option under Conntrack/Netfilter. See if that helps. Oh and you may have to use a similar IP range as your LAN for PPTP client if you don't want to use the default. I had problem getting proxyarp to work with anything else. @gfunkdave: Have you tried connecting to PPTP server with a DynDNS? I am trying to recover a bricked WRT54G so I havent had the time to play with PPTP feature but I am so looking forward to it!
I have searched with goggle about the error,i found this! The solution is disabled Encryption It's possible intregate a protocols L2TP/IPSec PSK?
Thanks for the great work Teaman! This is what I had to do to make it work on a RT-N66U using an iPhone: Advanced > Conntrack / Netfilter > Enable GRE / PPTP VPN Tunneling > PPTP Server > DNS Servers: 8.8.8.8 8.8.4.4 Administration > Scripts > Firewall : Code: #!/bin/sh iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p gre -j ACCEPT iptables -A INPUT -i ppp+ -j ACCEPT iptables -A FORWARD -i ppp+ -j ACCEPT iptables -A FORWARD -o ppp+ -j ACCEPT iptables -t nat -I PREROUTING -p tcp --dport 1723 -j ACCEPT iptables -I INPUT -p tcp --dport 1723 -j ACCEPT iptables -I INPUT -i ppp+ -j ACCEPT iptables -I FORWARD -i ppp+ -j ACCEPT #Restrict number of TCP connections per user #iptables -t nat -I PREROUTING -p tcp --syn -m iprange --src-range 192.168.1.50-192.168.1.250 -m connlimit --connlimit-above 100 -j DROP #Restrict number of non-TCP connections per user #iptables -t nat -I PREROUTING -p ! tcp -m iprange --src-range 192.168.1.50-192.168.1.250 -m connlimit --connlimit-above 50 -j DROP #Restrict number of simltaneous SMTP connections (from mailer viruses) #iptables -t nat -I PREROUTING -p tcp --dport 25 -m connlimit --connlimit-above 5 -j DROP When connected to the LAN without VPN: local IP resolving works local hostname resolving works (hostname and hostname.domain) internet works When connected to the VPN from outside the LAN: local IP resolving works local hostname resolving doesn't work internet works Hope this helps.
Hi Teaman, my ADSL-Connection uses PPPoE. If i turn off PPPoE i CAN connect with my ipad to the PPTP-Server and everything works perfect. As soon as i turn on PPPoE, the PPTP-Server is broken again. Can you fix this bug please - thank you very much @maple.chick: no i havent tried it. PPPoE is causing the problem Seems like i am not the only one... and he also has a solution Tomato with PPTP and PPPoE I just wanted to setup my Tomato-Firmware to provide a PPTP-based VPN. Naturally I used the HOWTO, but sadly I ran into a problem where Google couldn't help. The log only showedpppd[8449]: unrecognized option 'local'But my config did not contain "local"! After I'd already given up and tried without PPTP, I stumbled over a post that made the problem obvious, although it did not offer a solution. The problem seems to be, that my router has to use PPPoE and therefore already has a config in /tmp/ppp which is then used for the VPN-connects. No wonder that didn't work.It seems that the path is hardwired into the pppd-binary. So the only solution I came up with, was to copy and modify the binary. Dirty of course, but at least working :-/So here is what I did:cp /usr/sbin/pppd /opt/sbin/# be careful: the replacement has to be exactly 3 chars!sed -i -e 's#/tmp/ppp/#/tmp/xxx/#' /opt/sbin/pppd cat > /opt/etc/config/vpn.wanup <<EOF#!/bin/shif [ ! -f /tmp/xxx/chap-secrets ]; then mkdir -p /tmp/xxx ln -s /opt/etc/ppp/chap-secrets /tmp/xxxfi/opt/etc/init.d/S20poptop restartEOF/opt/etc/config/vpn.wanup# now edit /opt/etc/pptpd.conf# and set "ppp /opt/sbin/pppd"/opt/etc/init.d/S20poptop restart Source: http://dd9e.blogspot.de/2011/07/tomato-with-pptp.html
Hi quietsy, does not work for me :-( My ipad is not able to connect and i get the following error-message: Apr 6 18:03:50 RT-N16 daemon.info pppd[1604]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5 Apr 6 18:03:50 RT-N16 daemon.err pppd[1604]: unrecognized option 'local' Apr 6 18:03:50 RT-N16 daemon.err pptpd[1603]: GRE: read(fd=6,buffer=4218bc,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Apr 6 18:03:50 RT-N16 daemon.err pptpd[1603]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
teaman/Toastman congrats for this new PPTP server GUI! All Tomato users sure thank both of you for releasing that good work! If I can suggest next steps: get some inspiration on the chinese Tomato DualWan and add now a PPTP client GUI + selective routing GUI (route pptp or plain based on source/destination url/ip/port/mac). Chinese Tomato DualWan is a bad guy, but it does have some good implementations that can inspire good true open source initiatives.
Yes, Teaman, thanks! Quietsy - I'm not sure why you need to add all these firewall scripts. Activating the PPTP server just works fine without them. So, I figured out a bit more. Connecting to VPN from outside my LAN works fine on my laptop (Windows 7), but I can still access other hosts on the LAN I'm connecting from. Shouldn't I not be able to do this when using VPN? Connecting to VPN from my iPhone does not work. The iPhone connects to VPN but I can't browse to cnn.com in Safari. I know I have connectivity to the VPN, because if I type my Linux server's IP into Safari I get the Apache "It works!" page. Any ideas? Thanks all.
Ideas? Yeah... In fact, two things have been hovering in my mind, but since my remarks/questions (above) seem to have been simply 'ignored', posting again: The reasons I'm insisting on asking those 'silly' questions are in fact... quite simple: If you are not using a Teaman-ND or Teaman-RT build (but some other mod), it might be possible these issues with PPPoE could have been introduced when this code was merged into some other branch, making it somewhat harder to track down (specially since I don't use any of those other mods ). Why I'm insisting on that? Well - there's been some posts with fragments of logs... but those seem to be running on devices like the Asus RT-N66U and RT-N16 (and I've only built MIPSr2/Teaman-RT images for the Cisco/Linksys eX000 series, which require devices with 60k of NVRAM). Please keep in mind that when the idea of erasing NVRAM and (re)configuring the whole thing from scratch is suggested... it is not supposed to be a 'just becase' thing - such thing usually helps quite a bit (devs/modders/users) on tracking down any problems - that is, if those are in fact... reproducible (not to mention there's actually a good chance of actually fixing things in the process - my point is: this needs to be done/checked/ruled out at some point...) One idea/possibility/thingie just crossed my mind: please check if, by any chance, there's more than one pppd binary available anywhere on your router (i.e. provided by optware? some other custom/older binary anywhere? i.e. perhaps try/run 'find / -name pppd' via telnet/SSH?). Anyways - as posted above, I think I've tried quite hard/done my best trying to find out if something could be possibly off and/or... plain wrong with the code... Therefore, with all that being said... please do believe me when I write to all you folks: I don't mean to sound rude or anything, but on this particular thingie (which seems to be related to something specific to multiple PPPd instances), we couldn't even properly 'confirm' there is, in fact, a real problem with the code/build just yet @quietsy - while it might be technically 'just fine' to use those iptables rules mentioned on your post, there might be some possibly-unforeseen 'implications' due to that '+' symbol (as it's treated as a regexp): Code: iptables -A XXX -i ppp+ -j XXX What I mean is: there's chance this kind of rule could be matching packets/connections on... all of your pppX connections, not just the ones handling PPTP connections In fact, this is sorta the 'main reason' relating to the existence of this particular config/directive on options.pptpd: Code: minunit 4 This is mostly about trying to prevent conflicts between regular/standard/WAN/VPN features and PPP sessions by created via PPTP (i.e. 'reserving' interfaces ppp0~3 for 'existing' features). Hint: have a look at the bcrelay cmdline with 'ps'... not sure if that syntax will actually work, but it's a start. In any case - I do hear you and realize... there still might be something lurking deep inside the PPPoE shared lib/plugin... so I guess I'll have to take a look at that code. Cheers! EDIT: @maple.chick - the next/upcoming version of Tomato/PPTP server will feature an 'advanced/custom config' box, so users can easily set/enter some extra/additional/specific config settings that might be needed... EDIT2: I might have found a possible culprit on Teaman-ND/K24 builds due to the fact this particular commit has not been merged into that particular branch: http://repo.or.cz/w/tomato.git/commit/82d98a546c763224b4b2b3da72ea4d29a2af9479 Still: branch Teaman-RT does have it, so this should not be a problem on any other branches that eventually got this code merged/included into... (still looking).
Teaman, i am using shibby latest 090V build with an RT-N16. I did nvram erase before and after the upgrad and did all configs from the scratch. I am also not using optware. I think i am gonna try a different build from you or toastman and re-check again. Thx for you help and tips
thx for info. I runned PPTP with PPPoE WAN using this solution. @Teaman: problem with PPTP + PPPoE is rp-ppoep.so plugin. pppd doesn`t know "local" option. My /tmp/ppp/options file: this is why PPTPD wont works if we have PPPoE wan type. Now when i do: cp /usr/sbin/pppd /tmp/pppd sed -i -e 's#/tmp/ppp/#/tmp/xxx/#' /tmp/pppd mkdir /tmp/xxx cp /tmp/ppp/options /tmp/xxx/options and remove "plugin rp-pppoe.so" from /tmp/xxx/options, my /tmp/pppd recognize "local" option and i am able to run PPTP. In file pptpctrl.c in line 736 http://repo.or.cz/w/tomato.git/blob...5cbfe3c0:/release/src/router/pptpd/pptpctrl.c we have: pppd_argv[an++] = "local"; maybe we can just remove this line? What do you think? Best Regards
Quite complex, but let's try this anyways As per quoted 'pieces', from top to bottom: a) 'local' option: I don't think that would be the actual/underlying problem... but the 'absence' of some commits originated from javenard (branch tomato-RT-jyavenard, sorta of a 'byproduct' of his work on the PPTP client). b) 'this is why PPTPD wont work...': since Toastman-RT had that commit merged and Teaman-RT had pretty much the whole thing merged 'back' later on, this kind of problem shouldn't be happening on Teaman-RT builds, as mentioned above . It's probably safe-ish to assume Toastman-RT builds should be also fine since I'm somewhat under the impression those PPTPD patches/code from Teaman-RT got merged back a few weeks ago - anyone out there could perhaps confirm if this whole 'PPTPD' + 'PPPx on WAN' thingie is working fine on Toastman-RT/K26 builds just like it should be on Teaman-RT/K26 builds? Thanks in advance if anyone out there is able to test/validate/confirm those test/cases!). Anyways - I took a brief look at the git log/history on branch tomato-shibby and did see it got a whole bunch of stuff on commit 469447ef26b3f002ef673112f7f9cdb15cbfe3c0 , but there might be some code possibly 'missing'. Why's that? Well... 'just because' of 'something' I realized: this commit seems to be some kind of cherry-pick, not exactly a 'canonical' merge (if there *is* indeed such thing! ). What I'm thinking is: just realized those two lines are slightly different (see that commit from javenard, above)... http://repo.or.cz/w/tomato.git/blob/tomato-shibby:/release/src/router/rc/wan.c#l46 http://repo.or.cz/w/tomato.git/blob/Teaman-RT:/release/src/router/rc/wan.c#l46 c and d) 'and remove plugin rp-pppoe...': I don't think that's the best course of action Let me explain: I'm currently involved in some deep digging regarding possible ways of mapping/using VLAN IDs above 15 for both K24/MIPSr1 (i.e. WRT54GL) and K26/MIPSr2 (i.e. E3000) kinds of builds... as soon as I get the chance to look at this whole thing in some sort of 'proper' perspective (if there *is* such thing!?), I'll get right on that - afterall, I do want to get this whole PPTPD thingie to be 'working' on not just on my WRT54GL... but on as many devices as we can See also: http://code.google.com/p/tomato-sdhc-vlan/issues/detail?id=17 Cheers!
nice Teaman. You have merged javenard`s branch and i haven`t. This is why we have different ppp_option in wan.c file http://repo.or.cz/w/tomato.git/commit/82d98a546c763224b4b2b3da72ea4d29a2af9479 I will add this commit to mine branch and should be good. thx one more time
First of all I would like to express my gratitude towards Teaman and Toastman and all other Tomato developers for their valuable efforts, especially in providing a GUI for PPTP VPN Server which I have longed for years. It works quite well with my iPhone, only with a minor problem that I would appreciate for your help. I am using a Linksys E3000 converted from WRT610N v2 running Toastman's Tomato firmware "tomato-E3000USB-NVRAM60K-1.28.7497.1MIPSR2-Toastman-RT-VPN.bin". I have set up the PPTP VPN server as below - Local IP Address/Netmask 192.168.1.1 / 255.255.255.0 Remote IP Address Range 172.19.0.1 - 172.19.0.6 Encryption MPPE-128 MTU 1450 MRU 1450 I left the DNS server field as default 0.0.0.0. When I use my iPhone to connect to the VPN server, connection establishes successfully, but the iPhone can only access to LAN devices (router, IPCAM) but not to internet. I then put 192.168.1.1 in the DNS server field, but the same problem remains. Only when I put a public DNS such as 8.8.8.8 or my ISP's DNS server IP, the iPhone can access internet as expected. I wonder why the internal DNS server does not work. I am sure it works for the LAN devices such as my PC. It seems that the internal DNS server does not want to serve VPN clients. Is it normal or just a bug to be fixed?
I remember reading somewhere that iOS requires DNS server to have a public IP address for VPN connections. I couldn't find any official information but if you search in Google, you will find many complaints about the issue for other VPN servers too. So this is not a Tomato bug but rather an iOS "feature".
I doubt if it is an iOS problem because I also tested with my PC at work. When it is connected to E3000 at home with DNS server setting blank or 192.168.1.1, the NSLOOKUP command will timeout. So the problem seems not only apply to devices running iOS.
Yes and yes. Just checked/confirmed your report. Thanks for bringing this up - a fix will be released soon. The 'problem' is the way we set up dnsmasq when we want it to be running on just a few interfaces. On VLAN-GUI-enabled builds, it needs to be 'told' which interfaces it should serve DHCP and/or the ones we want it to serve just DNS. Problem is... ppp4~9 is not on the list (even if you've set up your PPTP server to use addresses that would be within your LAN address range, any DNS queries would be actually coming from... a pppX interface, which is not on the 'valid interfaces to respond' list). In the meantime, there is a work-around Add these to the 'Custom configuration' textbox on the Advanced -> DHCP/DNS page: Code: no-dhcp-interface=ppp4 no-dhcp-interface=ppp5 no-dhcp-interface=ppp... And that should take care of things for now (this version supports up to 6 simultaneous connections, interfaces should be ppp4~9, add one line per simultaneous client/interface, as required). Anyways - Anserk's comment is also possibly relevant (in some other cases). See this post: http://www.linksysinfo.org/index.php?threads/the-pptp-server-gui-thread.36779/#post-181269 Cheers!
I flashed my RT-N16 with the latest Toastman build and can confirm the issue. First of all, I would like to thank you Teaman and everyone else who made PPTP possible (and GUI!). On older builds I had PPTP server installed from Optware, but could never get it to work with PPPoE enabled. And now thanks to your efforts it is working like a charm - and GUI makes it much easier too. However, DNS resolution doesn't work. I did add the ppp interface to dnsmasq configuration but it didn't help. Nslookup from my laptop to the router are timing out. Connectivity is there and port 53 is reachable. I enabled log-queries temporarily and don't even see queries coming from the VPN client. I'm not sure if there a way to turn on verbose logging for dnsmasq. Any ideas?
I figured it out myself. You actually need two lines in custom section for Dnsmasq for each interface: interface=ppp4 no-dhcp-interface=ppp4 ... etc. One line to enable Dnsmasq for that interface, the second to disable DHCP services on that interface. It's not very clear in Dnsmasq man page, but this example gives more details: http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq.conf.example P.S. I tested it also with my iPhone - works perfectly. Built-in PPTP server was the only option I was missing in Tomato when I switched to it from DD-WRT long time ago.
hi, my rt-n16 running tomato 092 is configured as AP only (+ some services like BT) and the routing is done by an openwrt tl-wr1043nd. I've configured the pptp server and after connection i can only connect to the AP-pptp server (rt-n16 ip 10.1.1.2) but no other hosts like the gateway or my nas. iptables was configured on openwrt to allow pptp and seems to work. Do i need to configure some static routing on tomato/openwrt?
Can also confirm that issue/problem - Leaving everything at default for DNS-Servers (0.0.0.0 or router-ip) the ipad can only access the local network but i am not able to surf the internet. The only workaround right now is to enter an public DNS, then everything works perfect. with shibbys build (using an RT-N16) 092V PPPoE and PPTP server is now working as expected - thx a lot
I suspect routing is disabled when you select AP only mode. Run cat /proc/sys/net/ipv4/ip_forward and see if you get 0 or 1. Zero means IP forwarding is disabled.
nope - still enabled: Code: root@Mau-s:/tmp/home/root# cat /proc/sys/net/ipv4/ip_forward 1 in the advanced -> routing is configured as router not as gateway Anyway - i've configured my openwrt as PPTP server as a workaround
Thanks. By adding "interface=ppp4" on the dnsmasq custom configuration box, my iPhone VPN client connecting to Tomato VPN server with 0.0.0.0 as DNS server finally can access internet! Thanks Anserk and Teaman. Just curious to know if I have to add the "no-dhcp-interface=ppp4". Will there be any adverse effect if I just omit it? P.S. With a few experiments, I found that I can add one line only "interface=ppp4,ppp5,ppp6,ppp7,ppp8,ppp9" for all six PPTP VPN clients.
It seems that "interface=xxxx" means dnsmasq should listen for requests on that interface whereas "no-dhcp-interface=xxxx" means it won't be serving DHCP (just DNS) on that interface. Since we don't really care about DHCP on our PPTP/pppX interfaces, it should be fine either way... I'll get that fixed soon. Thanks for your notes!
The latest version (build 092) has support for PPTP Client, I don't recall if the server feature was also included
Regarding the DNS problem, it seems it does not only affect PPTP clients, but also other clients linked indirectly to the router. Apart from the E3000 running on "tomato-E3000USB-NVRAM60K-1.28.7497.1MIPSR2-Toastman-RT-VPN.bin", I have a WRT54G running DD-WRT as a client bridge connecting E3000 wirelessly. The WRT54G then connects my set-top box via LAN cable. Just yesterday I realised that the set-top box cannot access to some online services with error in resolving hostname. I checked the setting which is okay (DNS server set to 192.168.1.1 which is also my PPTP server). I changed the DNS server manually to 8.8.8.8 but it still doesn't work. (Unlike PPTP server if I set 8.8.8.8 as DNS server for PPTP client it will work). It seems tomato has blocked DNS traffic from the WRT54G. To make sure my set-top box is not faulty I change the WRT54G from client bridge to repeater bridge so that my iphone can connect to WRT54G wirelessly and check if traffic via WRT54G (DD-WRT) to E3000 (Tomato). The result is what I expect - the iphone can not access anything with hostnames but only my local devices via ip address. But to my surprise, the iphone cannot access to 192.168.1.1 as well. This DNS problem may be related to my problem previously, maybe not, but I hope Toastman / Teaman may have a look into it. I am pretty sure it is related to the tomato firmware since before my E3000 changed from DD-WRT to Tomato there is no such problem. P.S. I just changed the WRT54G from Client Bridge mode back to AP and use WDS mode instead. Everything works now. Maybe WDS is a better way for me than use Client bridge / Repeater bridge.
after i watched this youtube video about how easy is to hack a PPTP VPN I don't want to use this feature anymore:
The connection is insecure if you are on a same network with the one who tries to get to you. But you can get a workaround (beeing on a 3g network for example). This is a solution for connecting your mobile to your home network and acces the local resources (email, other server wich are also password protected). You also have the choice to land an a different subnet and a hacker should be unable to access sensitive data. I also think that l2tp ipsec is a more secure choice for mobile users, time will tell whel tomato will get it. The hard work from the developers gives us a choice . You now have a very complete and useful box that is you router.
I'm running tomato-E3000USB-NVRAM60K-1.28.7498.1MIPSR2-Toastman-RT-VPN.bin which has the PPTP server GUI in it and while it works, there's a few issues with it: 1. If I leave the default remote IP address range (172.19.0.1 to 172.19.0.6), I'm able to access IP addresses on my LAN (192.168.1.1/255.255.255.0) as if I'm on that LAN even though I have an IP address of 172.19.0.x. Since 172.19.0.x should be on a different sub-net that shouldn't be possible and actually goes counter to what this page describes. According to that link if I want to access my LAN remotely, I should need to specify a remote IP address range within my LAN, but that's not the case. According to some routing info, the gateway IP is always the same (192.168.1.1) regardless of what sub-net I use. I do notice that the localip in /tmp/pptpd/pptpd.conf is always 192.168.1.1. 2. Broadcast relay doesn't appear to work as far as I can tell, at least not with my testing from my iPad/iPhone. I have an app that's supposed to be using Bonjour (UDP 5353 Multicast DNS) to discover devices on the LAN and it's not finding any. I did try using an ip address in my LAN (192.168.1.1/255.255.255.0). I'll need to run some more tests though since I tried over 3G, not WiFi and Apple may block Bonjour over 3G.
Potentially stupid question, but I'll ask anyway. I presume that for the PPTP server to work properly I should first have a DDNS service or static IP from my ISP. Is this correct? I've never used a VPN or PPTP server before but have some extended travel coming up so I'm thinking it could come in handy.
I pretty much answered my own question. Setup the DDNS, then the PPTP server, and it worked on the 2nd try (after I corrected a conflict between the local and remote IPs) Excellent work Teaman and Toastman!
Hello, i have the same problem with a ppoe connection and ppptp server with my WRT54GL. Does somebody know a tomato firmware for my wrt54GL with a ppptp server that works.?
They above posts did fix one of my problems. Just put in the box for Dnsmasq the following: interface=ppp4,ppp5,ppp6,ppp7,ppp8,ppp9 Then the vpn over ppoe will work! I spend several hours before I stumbled upon this forum! Thanks for the fix. The problem I am having may be related to the same thing. My vpn works now, however I use an app from Control4 that uses TAP-Win32 Adapter to VPN into a project on a device and I can NOT get it to connect. It works if I VPN and access it as if I was local. Also works if I use a stock firmware on an e4200 but when using the TAP-Win32 adapter it does not connect. Little background info on the Control4 remote director app. Control4 uses openvpn to connect back to control 4 and they probably use a reverse ssh tunnel
I tried it, but it does not work. I copied "interface=ppp4,ppp5,ppp6,ppp7,ppp8,ppp9" in the dnsmasq box in "Advanced->DHCP/DNS" and nothing happens. In the log file i see following output
hi, im a complete noob here and just recently started trying to set up a PPTP VPN server using the gui that was built-in. im running tomoto 1.28 Toastman-VLAN-RT K26 USB VPN-NOCAT. i've managed to get the pptp vpn server up and running and am able to connect to the VPN with my android phone as well as a laptop running win7, but my ipad2 cannot connect. i attached a screenshot of the settings i put into Tomato PPTP VPN. I've read that the "options.pptpd" file has to edited to include "nomppe-stateful" or "nopcomp" for iOS devices to connect but how do i edit the "options.pptpd" file? could someone please help me and provide me some instructions? thanks in advance
Ok guys, can't figure this out. I'm using toastman's latest build. (7500) and am having multiple problems with my iOS device. When the iPhone is on the local network, I can attempt to connect to the server (this fails, but not the problem for now...) pptpd logs show the connection attempts but authentication problems. sent [LCP TermReq id=0x3 "peer refused to authenticate"] rcvd [LCP TermReq id=0x2 "MPPE required but not available"] But the bigger problem at the moment, is I can't even reach the server when I'm connecting from outside the network. The Packets are dropped: DROP IN=vlan2 OUT= SRC=PHONEIP DST=MYWANIPADDRESS LEN=44 TTL=50 ID=39609 PROTO=TCP SPT=63110 DPT=1723 So, If I setup a port forward to forward connections to port 1723 to the router's IP, I still get dropped packets. DROP IN=vlan2 OUT=SRC=PHONEIP DST=192.168.1.1 LEN=44 TTL=50 ID=39609 PROTO=TCP SPT=63110 DPT=1723 Any clue what's happening here? I am otherwise running a pretty standard configuration. No custom IPTABLES entries anywhere... Thanks for any insight. If one thinks this is related to Toastman integration, and you think I should post over in his thread, please let me know. - Mike
Hi, I have a weird problem - after enabling PPTP, two rules are added into the iptables INPUT chain: Code: ACCEPT tcp -- any any anywhere anywhere tcp dpt:1723 ACCEPT gre -- any any anywhere anywhere Resulting INPUT comes up as: Code: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- br0 any anywhere wan-ip.XXXXX.com 0 0 DROP all -- any any anywhere anywhere state INVALID 109 20491 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo any anywhere anywhere 72 5115 ACCEPT all -- br0 any anywhere anywhere 0 0 logaccept icmp -- any any anywhere anywhere limit: avg 1/sec burst 5 11 352 logaccept udp -- any any anywhere anywhere udp dpts:33434:33534 limit: avg 5/sec burst 5 7 2422 logdrop all -- any any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1723 0 0 ACCEPT gre -- any any anywhere anywhere and all PPTP connections are dropped by a "logdrop" rule. I have to manually (via firewall script) insert TCP port 1723 and GRE rules in the beginning of the chain to make it work. Running "tomato-WRT54G_WRT54GL-1.28.0025Teaman-VLAN-SNMP-PPTPD-Std" on WRT54GL. Any ideas?
Having same exact issue with Tomato Firmware v1.28.0025 Teaman-VLAN-SNMP-PPTPD ND VPN on WRT54GL v1.1.
Hi, I got problems to get pptp to work as well. I use Tomato Firmware v1.28.0500 MIPSR2Toastman-RT-N K26 USB VPN. If I add the TCP port 1723 and GRE rules in the beginning of the INPUT chain as mentioned above it gets further but it won't authenticate. I've unticked the NAT helpers for GRE/PPTP and it doesn't matter if I leave it checked. any tips how to get it working? note: the pptp works fine if I'm already connected to the wifi/lan. the messages log says: daemon.debug pppd[14032]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x74c6d184> <pcomp> <accomp>] user.warn kernel: ACCEPT IN=br0 OUT=vlan2 SRC=192.168.1.100 DST=98.231.132.143 LEN=58 TOS=0x00 PREC=0x00 TTL=127 ID=30658 PROTO=UDP SPT=35719 DPT=54447 LEN=38 user.warn kernel: DROP IN=vlan2 OUT= MACSRC=78:d6:f0:af:31:12 MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0800 SRC=85.233.247.213 DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57621 DPT=57621 LEN=48 user.warn kernel: DROP IN=vlan2 OUT= MACSRC=58:b2:32:41:42:4f MACDST=ff:ff:ff:ff:ff:ff MACPROTO=0800 SRC=85.233.247.213 DST=85.229.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=14128 PROTO=UDP SPT=57621 DPT=57621 LEN=52 daemon.debug pppd[14032]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x74c6d184> <pcomp> <accomp>] daemon.warn pppd[14032]: LCP: timeout sending Config-Requests daemon.notice pppd[14032]: Connection terminated. daemon.notice pppd[14032]: Modem hangup daemon.info pppd[14032]: Exit. daemon.err pptpd[14031]: GRE: read(fd=6,buffer=4218bc,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs daemon.err pptpd[14031]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) daemon.debug pptpd[14031]: CTRL: Reaping child PPP[14032] daemon.info pptpd[14031]: CTRL: Client 95.13.23.142 control connection finished and the pptp log says: using channel 24 Using interface ppp4 Connect: ppp4 <--> /dev/pts/1 sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x806ac0e9> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x806ac0e9> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x806ac0e9> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x806ac0e9> <pcomp> <accomp>] Hangup (SIGHUP) Modem hangup Connection terminated. iptables: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0 19 852 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 153 12576 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 36 2183 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 logaccept udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 116 10762 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 3256 1117K all -- * * 0.0.0.0/0 0.0.0.0/0 account: network/netmask: 192.168.1.0/255.255.255.0 name: lan 0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0 4 218 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 236 12168 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 3080 1108K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0 172 9114 wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0 172 9114 logaccept all -- br0 * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 9 packets, 5448 bytes) pkts bytes target prot opt in out source destination Chain logaccept (12 references) pkts bytes target prot opt in out source destination 153 8082 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 1/sec burst 5 LOG flags 39 level 4 prefix `ACCEPT ' 172 9114 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (1 references) pkts bytes target prot opt in out source destination 116 10762 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 1/sec burst 5 LOG flags 39 level 4 prefix `DROP ' 116 10762 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 39 level 4 prefix `REJECT ' 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset Chain wanout (1 references) pkts bytes target prot opt in out source destination
I solved my dropped packet problem (toastman's 7500) by adding the following to the firewall script: iptables -t filter -I INPUT 1 -p tcp --dport 1723 -j ACCEPT Should this be built into the firmware? How are others making connections from outside the LAN without something like this in their IPTABLES? Still can't solve my iPhone connection problems, but at least the two are reaching each other.
Excellent! Can you return the favor? I still can't connect with my iPhone... Can you tell me all of your PPTP settings? (except user/pass, of course!) Especially those custom settings.. I still can't authenticate with my iPhone. Appreciate any help you can provide.
Sure here's my settings: Local ip/netmask: 192.168.1.1 255.255.255.0 Remote ip range: 192.168.1.210 - 192.168.1.125 Broadcast relay mode: disable Encryption: mppe-128 Everythng Else is default which is no dns servers set, mtu/mru at 1450 Note that i've disabled Tracking / NAT Helpers for gre/pptp
Still not working for me... You have nothing in the custom configuration box? (the dreaded MPPE Required but not available...) Any other ideas? From the log... Code: Jul 15 11:02:46 router daemon.info pptpd[2939]: CTRL: Client [SNIP] control connection started *.info pptpd[2939]: CTRL: Starting call (launching pppd, opening GRE) *.notice pppd[2940]: pppd 2.4.5 started by root, uid 0 *.debug pppd[2940]: using channel 4 *.info pppd[2940]: Using interface ppp4 *.notice pppd[2940]: Connect: ppp4 <--> /dev/pts/0 *.debug pppd[2940]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8fea0fde> <pcomp> <accomp>] *.debug pppd[2940]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0x8fea0fde> <pcomp> <accomp>] *.debug pppd[2940]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5c40560d> <pcomp> <accomp>] *.debug pppd[2940]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5c40560d> <pcomp> <accomp>] *.debug pppd[2940]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5c40560d> <pcomp> <accomp>] *.debug pppd[2940]: sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5c40560d> <pcomp> <accomp>] *.debug pppd[2940]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>] *.debug pppd[2940]: sent [LCP ConfReq id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8fea0fde> <pcomp> <accomp>] *.debug pppd[2940]: rcvd [LCP ConfAck id=0x2 <mru 1450> <asyncmap 0x0> <magic 0x8fea0fde> <pcomp> <accomp>] *.debug pppd[2940]: sent [LCP EchoReq id=0x0 magic=0x8fea0fde] *.warn pppd[2940]: peer refused to authenticate: terminating link *.debug pppd[2940]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] *.debug pppd[2940]: rcvd [LCP EchoReq id=0x0 magic=0x5c40560d] *.debug pppd[2940]: rcvd [LCP TermReq id=0x2 "MPPE required but not available"] *.debug pppd[2940]: sent [LCP TermAck id=0x2] *.err pptpd[2939]: CTRL: EOF or bad error reading ctrl packet length. *.err pptpd[2939]: CTRL: couldn't read packet header (exit) *.err pptpd[2939]: CTRL: CTRL read failed *.debug pptpd[2939]: CTRL: Reaping child PPP[2940] *.info pppd[2940]: Hangup (SIGHUP) *.notice pppd[2940]: Modem hangup *.notice pppd[2940]: Connection terminated. *.info pppd[2940]: Exit. *.info pptpd[2939]: CTRL: Client [SNIP] control connection finished
Nope nothing extra. If you have anything extra in forms of scripts/funtions running. Try to disable it and run vanilla. I noticed some problems running the adblock-script with pixlserver and I had do remove it.
I can VPN into my router over 3G from my iPhone and iPad without any problems, but when I try to do so from my workplace's WiFi I get the following error in the log. I'm not sure what it means. Code: Jul 19 10:48:21 unknown daemon.debug pppd[26902]: sent [LCP ConfReq id=0x1 <mru 1450> <asyncmap 0x0> <auth chap MS-v2> <magic 0xff63854e> <pcomp> <accomp>] Jul 19 10:48:21 unknown daemon.err pptpd[26901]: GRE: read(fd=7,buffer=419854,len=8260) from network failed: status = -1 error = No route to host Jul 19 10:48:21 unknown daemon.err pptpd[26901]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6) Edit: Searching the net, the above apparently has something to do with going through a proxy server (my company uses a "paywall" proxy server to force an accept page). Not sure why that would block VPN once network access is granted.
Out of interest did you have any joy in the end. I am also having the same problems with peer refusal to authenticate and MPPE not being available when attempting to connect with iPhone to PPTP Server (GUI) running on Shibby 1.28 MIPSR2-100 K26. Many thanks in advance.
No joy. Tried lots of different combinations of stuff including disabling some of the scripts I have going. Never could get past this. I eventually gave up. Maybe if the guys can get IPSec going (seems there's an effort ongoing) I'll give that a shot. Mike
Just on the off chance you are still interested in getting PPTP server to work, I eventually succeeded although to be honest I can not be certain how I achieved it. As you may well agree it would appear from the log that something was either missing or broken. As such I changed from Shibby to DD-WRT by doing this I was forced to do a hard reset (30-30-30 reset). From there it was very straight forward to get the iPhone talking to the PPTP server. Unfortunately DD-WRT firmware is missing a couple of key features that I've grown accustom to, as such I then re-flashed back to Shibby (100 Big VPN), again I needed to do a hard reset following the flash. I re-enetered all the relevant data and I'm up and running with either direct ip or DYNDNS. If you choice to try again and have any trouble drop me a line. Best of luck.
Hi just played a bit with the pptp server and noticed, that my android 4.03 phone can connect to the router without encryption? How is that possible? I checked the option-file but it looks ok? --> mppe-128 is required... Code: logfile /var/log/pptpd-pppd.log debug lock name * proxyarp minunit 4 nobsdcomp lcp-echo-failure 10 lcp-echo-interval 5 refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 nomppe-stateful ms-ignore-domain chap-secrets /tmp/pptpd/chap-secrets ip-up-script /tmp/pptpd/ip-up ip-down-script /tmp/pptpd/ip-down mtu 1450 mru 1450 Does anyone else have the same problem? The router log file looks like this - but i still have access to my local files and so on.. Code: Oct 6 12:50:49 RT-N16 daemon.err pppd[1623]: Received bad configure-rej: 12 06 01 00 00 40 Oct 6 12:50:51 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfReq id=0x3] Oct 6 12:50:51 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfAck id=0x3] Oct 6 12:50:52 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfReq id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:52 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfRej id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:52 RT-N16 daemon.err pppd[1623]: Received bad configure-rej: 12 06 01 00 00 40 Oct 6 12:50:54 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfReq id=0x3] Oct 6 12:50:54 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfAck id=0x3] Oct 6 12:50:55 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfReq id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:55 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfRej id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:55 RT-N16 daemon.err pppd[1623]: Received bad configure-rej: 12 06 01 00 00 40 Oct 6 12:50:57 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfReq id=0x3] Oct 6 12:50:57 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfAck id=0x3] Oct 6 12:50:58 RT-N16 daemon.debug pppd[1623]: sent [CCP ConfReq id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:58 RT-N16 daemon.debug pppd[1623]: rcvd [CCP ConfRej id=0xc <mppe +H -M +S -L -D -C>] Oct 6 12:50:58 RT-N16 daemon.err pppd[1623]: Received bad configure-rej: 12 06 01 00 00 40
