1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato with PPTP and SNMP support

Discussion in 'Tomato Firmware' started by jyavenard, Aug 19, 2008.

  1. jyavenard

    jyavenard LI Guru Member

    Thought this deserved its own thread.

    I have modified the original Tomato firmware to include a PPTP client (PPTP server included but not active, can be compiled) and a SNMP server.

    Been running that firmware for many months and just upgraded it to be in sync with the latest tomato version: 1.21

    It's available there:
    http://www.avenard.org/wrt54-tomato/tomato-121-vpn.zip

    For sources and documentation:
    http://www.avenard.org/wrt54-tomato/

    Note that for the sources, you need to install 1.18 sources then apply the 118-121 patch...
    Much easier for me to release it as patches against 1.18 rather than the full sources.

    Jean-Yves
  2. jyavenard

    jyavenard LI Guru Member

    Documentation

    I haven't changed the web interface.
    The following nvram values are used:

    SNMP:
    "snmpd_run" - if 1 will start the snmp daemon. Can't change the settings for snmp (stored in /etc/snmpd.conf)

    Log to the WRT54 using either ssh or telnet and at the prompt type:
    # nvram set snmpd_run=1

    Now you need to save the nvram:

    # nvram commit

    Then reboot the WRT54.

    Check that the WRT54 responds to snmp command:
    if you have a mac or a unix/linux machine
    % snmpwalk -v2c -c public 192.168.10.1

    (assuming the IP address of the WRT54 is 192.168.10.1).

    ---
    PPTP Client:
    "pptp_client_enable" : start the vpn if set to 1
    "pptp_client_peerdns" : if not defined or 0, automatically retrieve the DNS settings from the VPN server
    "pptp_client_mtu : set the mtu value, default is 1450
    "pptp_client_mru : set the mru value, default is 1450
    "pptp_client_nat" : allows to share the VPN connection over NAT
    "pptp_client_srvip : IP / hostname of the PPTP VPN server
    "pptp_client_srvsub" : Subnet of the VPN network like 192.168.0.0
    "pptp_client_srvsubmsk" : Mask of the VPN network like 255.255.254.0
    "pptp_client_username" : username
    "pptp_client_passwd" : password

    Set additional pppd / mppe settings:
    "pptp_client_mppeopt"
    Like "require-mppe" (check man pppd to see the available option)

    The crypto / mppe kernel modules are extracted from kernel 2.4.35 in dd-wrt 2.23 sp2, back ported to the 2.4.20 tomato kernel
    pppd, pptp_client etc is extracted from dd-wrt v24 and http://pptpclient.sourceforge.net/ and http://sourceforge.net/projects/poptop

    It also includes the code to make it a VPN server, not linked in though

    The script to start and stop the vpn is also from dd-wrt, modified for tomato

    I've only tested it on my WRT54GS v1.1 (with 32MB of RAM/Flash), I believe it will fit without problem in the WRT54GL as it's still smaller than dd-wrt. snmpd is rather memory hungry though

    I'd like to know what toolchain dd-wrt is using, cause they manage much shorter binaries than what I compiled (though I didn't try to optimise)

    Been running this firmware for 3 days straight, it's been rock solid.

    To configure the DNS to resolve a specific domain using the DNS server on the VPN side, in Advanced -> DHCP/DNS) the DNSMasq
    add something like:
    server=/private.hydrix.com/192.168.0.1

    All domain finishing by private.hydrix.com will resolve using the DNS 192.168.0.1

    ----

    How to compile:
    Create the tomato source code following the original instructions
    then:
    %cd tomato/release/src
    Remove the linux and router directory
    %rm -rf linux router

    Extract the source
    %tar jxvf /path/tomato-118.vpn.tar.bz2

    Build the linux.
    %cd linux/linux

    the original .config is also saved as config.vpn

    %make menuconfig
    quit and save when asked
    make depend
    %cd ../.. (to go back in src)
    %make
  3. mstombs

    mstombs Network Guru Member

    I suggest you look at OpenWRT compilers (dd-wrt kernel forked from a version of OpenWRT), gcc 4.x has potential to make smaller binaries than the old Linksys one. Its a dark art building a toolchain though, for Tomato you'd have to check all the kernel headers and pre-compiled binaries...
  4. jyavenard

    jyavenard LI Guru Member

    Thanks ... I'll have a look.

    I've built many toolchains in the past :)
  5. jyavenard

    jyavenard LI Guru Member

    Looking at openwrt right now ; the toolchain that comes with it is based on gcc 3.4.6 ; not gcc 4.x

    Is that what you meant when you mentioned 4.x ? 3.4 ?

    JY
  6. mstombs

    mstombs Network Guru Member

    No I do mean gcc 4, I have some linux 2.4 AR7 mipsel binaries that were compiled with a patched OpenWRT gcc 4.1.2, which work even though the kernel was compiled with gcc2.95

    Looks like all these are possible:-

    root/trunk/toolchain/gcc/Config.version

    Code:
    	config GCC_VERSION
    2	        string
    3	        default "3.4.6"     if GCC_VERSION_3_4_6
    4	        default "4.1.2"     if GCC_VERSION_4_1_2
    5	        default "4.2.0"     if GCC_VERSION_4_2_0
    6	        default "4.2.1"     if GCC_VERSION_4_2_1
    7	        default "4.2.2"     if GCC_VERSION_4_2_2
    8	        default "4.2.3"     if GCC_VERSION_4_2_3
    9	        default "4.2.4"     if GCC_VERSION_4_2_4
    10	        default "4.1.2"
    11	
    12	if !TOOLCHAINOPTS
    13	        config GCC_VERSION_3_4_6
    14	                default y if LINUX_2_4
    15	
    16	        config GCC_VERSION_4_2_0
    17	                default y if TARGET_magicbox
    18	
    19	        config GCC_VERSION_4_2_3
    20	                default y if TARGET_avr32
    21	endif
    so 3.4.6 is default for Linux 2.4
  7. jyavenard

    jyavenard LI Guru Member

    Unfortunately, it's no trivial task to switch compiler to build Tomato. Tomato provides its own uclibc (came with Linksys original source code) so the toolchain compiled for openwrt is conflicting when used with tomato...

    well, I will give this a rest for the time being , this pptp+snmp firmware runs very well on both my WRT54 ...
  8. ffbadkill

    ffbadkill Addicted to LI Member

    Can the patch apply to ND version source?
  9. jyavenard

    jyavenard LI Guru Member

    Hi

    I haven't tried as the ND version never worked on my wrt54 (even with official tomato binaries) ...
    The ND version only adds new drivers which my patch has nothing to do with.
    So I see no reason why the patch wouldn't work with the ND version.
  10. jyavenard

    jyavenard LI Guru Member

    PPTP server now compiled in

    Hi

    Following various demands, I have compiled the pptp server in.
    Available there:
    http://www.avenard.org/wrt54-tomato/tomato-121-vpn-server.zip

    Mind you, this isn't tested and the server won't be started automatically.

    You need to log on the router, write the configuration by hand and start the daemon manually too.

    If someone got it to work properly, I would appreciate if you could send me an example then I can write the various hooks to have the server starting automatically and make the configuration more automatic.

    Cheers
    Jean-Yves
  11. 123456

    123456 LI Guru Member

    hi,Could you add usb?
    I think it is very useful
  12. jackiee

    jackiee Addicted to LI Member

    could you advice me how to config & start daemon ?
    I'm such a newbie in command line :frown:
  13. jyavenard

    jyavenard LI Guru Member

    I think you best bet would be to ask on the ppptp distribution list. The main developer is very active on this list.

    Personally, I have no use for a PPTP server on my router so I haven't spent the time investigating on how to actually run it
  14. clesch

    clesch Guest

    Thanks a lot for this firmware, Tomato with a PPTP client was exactly what I’m looking for.

    I have a question however: is it possible to only route one single IP or MAC behind the router through the PPTP client and have all other clients use the “pure†WAN as usual?

    I ask this because I’d like to have a stable/constant connection to my work VPN (all data from that computer should be tunneled through PPTP and not through the normal WAN at all) without granting my family access to it.

    Thanks!
  15. jyavenard

    jyavenard LI Guru Member

    Updated mods for Tomato 1.22

    Hi

    I have updated my mods (pptp client/server and snmp) for Tomato 1.22

    This wasn't a simple effort unfortunately as a lot of things have been changed in 1.22..

    Luckily, the mods and now even cleaner and much easier to compile should you want to...
    available at the usual place:
    http://www.avenard.org/wrt54-tomato/
  16. jyavenard

    jyavenard LI Guru Member

    Don't set the default rules to be through the VPN tunnel ; only for the network behind the VPN
    Then set a firewall rule to only allow traffic from your IP address to the VPN subnet
  17. jyavenard

    jyavenard LI Guru Member

  18. kenyloveg

    kenyloveg Networkin' Nut Member

    Hi, jyavenard
    I'm so impressed with the feature introduced by your MOD. It took me a long time to search a universal (for various client, Windows Mobile, Symbian, even OS default VPN client) VPN server. Now here it is, without OpenVPN client...
    Thank you!:biggrin:
  19. jyavenard

    jyavenard LI Guru Member

    Thanks for the kind comments.

    Would appreciate if you post your configurations so I can add it to the documentation..

    Cheers
    JY
  20. kenyloveg

    kenyloveg Networkin' Nut Member

  21. jyavenard

    jyavenard LI Guru Member

    Hi

    Yes it is.

    All my builds now include the pptp server. Main reason being I can't be bothered maintaining more than one version ...

    Cheers
    Jean-Yves
  22. kenyloveg

    kenyloveg Networkin' Nut Member

    Hi, Jean-Yves
    I'm wondering if PPTP has enough security to be crackable, or just wait someone to get OpenSwan/FreeSwan implemented into Tomato.
    Thank you anyway.
  23. jyavenard

    jyavenard LI Guru Member

    Pptp isn't secure.

    If you have control of both the client and the server, you shouldn't use pptp as there are much better alternative like OpenVPN

    The only usefulness of pptp is that it's very common and is supported natively by most OS.
    Windows, macos even the iPhone have native client. So the use of pptp is easy.

    My work uses a windows server for VPN an it's pptp. That's why I modified tomato to support it.
  24. jackiee

    jackiee Addicted to LI Member

    can you suggest me how to start pptp server ?

    thank in advance :biggrin:
  25. jyavenard

    jyavenard LI Guru Member

    Your best bet would be to check the PPTP distribution list and ask your question there.

    I do not use the pptp server myself...

    I'd like to hear about your progress and your configuration files.
  26. kenyloveg

    kenyloveg Networkin' Nut Member

    Hi, jyavenard
    Tomato 1.23 is out now, Vegas is added now. Would you build a new PPTP server MOD and add some instructions (at least tell us where the conf files are, and the bin/sh file to start daemon)?
    Thank you in advance.
  27. jyavenard

    jyavenard LI Guru Member

    There's very little difference between tomato 1.22 with vegas patches and tomato 1.23.
    The ebtables mod have been removed. As such you could say that the 1.23 does less than my previous 1.22 mod.

    Currently compiling the new version, I will put it online when it's done.

    To start the pptp server, run pptpd which is located in /usr/sbin

    Configuration goes into /etc/pptpd.conf

    Read this poptop HOWTO:
    http://poptop.sourceforge.net/dox/debian-howto.phtml

    Again, I do not use pptpd, I only use the WRT54 as a pptp client.
  28. jyavenard

    jyavenard LI Guru Member

    I added the 1.23 modified binary (With source code). Again , the pptp server is included.

    I haven't tested those mods as I'm at work right now. But provided my patches applied without a single hitch, I'm fairly confident they will work just fine. Tomato 1.23 is fairly similar to 1.21 with vegas..

    Will test them when I get home in about 1 hour
  29. kenyloveg

    kenyloveg Networkin' Nut Member

    Hi, jyavenard
    So glad to see the new one comes so quickly.
    I'm going to take a try and see if PPTP server works fine or not.
    Thank you.
  30. jyavenard

    jyavenard LI Guru Member

    Ok.

    Following the steps describe here:
    http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

    And here:
    http://wiki.openwrt.org/PPTPDHowto

    In /etc/pptpd.conf I had:
    localip 192.168.20.1
    remoteip 192.168.20.234-238,192.168.20.245

    In /etc/ppp/chap-secrets I had:
    username pptpd password *

    To connect remotely I added:
    ### Allow PPTP control connections from WAN
    WAN=ppp0
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
    iptables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
    ### Allow GRE protocol (used by PPTP data stream)
    iptables -A output_rule -p 47 -j ACCEPT
    iptables -A input_rule -p 47 -j ACCEPT

    I connected using the MacOS X client, no using any encryption..
    My mac got an IP address just fine and could communicate.

    You may want to change the default ppp connection.
    I did this with starting pptpd with:
    pptpd -o /etc/pptpd/options.pptpd

    Fit whatever you need there.
    Cheers
    Jean-Yves
  31. kenyloveg

    kenyloveg Networkin' Nut Member

    Hi, jyavenard
    Would you provide more details?
    Here is the thing, pptpd on DD-WRT/OpenWRT/Poptop wiki pages are different, which one should i follow?
    /etc/pptpd.conf and /etc/ppp/chap-secrets are not exist on router (1.23 your VPN MOD), should i create one just by "vi"? Even the files are created, how to keep them on server after reboot. (these 2 files will lost after i restart router, need a nvram commit?)

    Would you seprate client and server configuration in thread #30?
    http://www.linksysinfo.org/forums/showpost.php?p=336714&postcount=30
    Thank you and have a good day.
  32. jyavenard

    jyavenard LI Guru Member

    I posted earlier where to put the configuration.
    You can follow either page, you don't need to worry about loading a kernel module as the MPPE is compiled in the kernel directly.

    The files will be deleted after a reboot but you can create a script that will create those entries and store that script in /jffs
  33. big_fork

    big_fork LI Guru Member

    I am having problems with the configuration of the server. Here is the error message I am getting. The poptop authors say this error points to a configuration error. The issue seems to be with pppd.

    Jan 7 17:30:48 unknown daemon.err pptpd[436]: GRE: read(fd=8,buffer=10000570,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

    Here are my configuration files. I did not make a /etc/modules.conf, because jyavenard said the mppe module is compiled directly into the kernel. I think the issue is somehow related to that and/or my options.pptpd file. I would have listed the module explicitly in the modules.conf, but I do not see the correct module when I run lsmod (I am assuming that is because it is compiled directly into the kernel).

    I am not familiar with the sylogd that Busy Box runs, and I can't figure out how to view the pppd logs without a syslog.conf. Any insight into my configuration or some help getting to the pppd logs would be much appreciated.

    contents of - /etc/pptpd.conf

    localip 10.10.0.1
    remoteip 10.10.0.2-101

    contents of /etc/ppp/options.pptpd

    name pptpd
    refuse-pap
    refuse-chap
    refuse-mschap
    require-mschap-v2
    require-mppe-128
    proxyarp
    lock
    nobsdcomp
    novj
    novjccomp
    nologfd

    contents of /etc/ppp/chap-secrets

    username pptpd password *

    iptables entries

    iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 1723 -j ACCEPT
    iptables -A INPUT -i vlan1 -p tcp --dport 1723 -j ACCEPT
    iptables -A OUTPUT -p 47 -j ACCEPT
    iptables -A INPUT -p 47 -j ACCEPT

    running the pptpd daemon with -o /etc/ppp/options.pptpd

    Thanks,
    Aaron
  34. daralla

    daralla Guest

    Pardon my ignorance, but while I'm running Tomato since 2007, I haven't messed with Telnet yet :eek:

    So could you please give some hints how _exactly_ to set / execute the above commands and then start and stop the VPN connection to the other side (manually, preferably)? Can all those settings compiled into a script that would survive a reboot?

    I'd like to connect to a Draytek Router running as PPTP server on the other side. I'm fairly fluent in setting up LAN-to-LAN VPNs between two Draytek Routers, easy stuff of course as it's all in the Web Interface.

    But at home I'm using a WRT54GL and being able to connect with this to those Drayteks would be really nice...

    Thanks!
  35. mrQQ

    mrQQ Networkin' Nut Member

    has anyone been able to solve that error? i found another thread with no solution: http://wl500g.info/showthread.php?p=136124

    i'm having same issue.. it connects 1 out of 4 times if i disable encryption, rest times throws same input output error..
  36. jyavenard

    jyavenard LI Guru Member

    All those settings are located in nvram (non-volatile) ; they will survive a reboot. No need to use a script.
    just set the settings in nvram
  37. Shades

    Shades Guest

    How do you do this in reality? Do you need to do some commandline magic?
  38. clawhammer

    clawhammer Addicted to LI Member

    Hi,
    I'm trying to make the firmware mod Tomato + VPN PPTP work with "iPredator VPN" and my WRT54GL, but I don't succeed.

    I tried to modify options.vpn, add a "chap-secrets" file ... with some options found on the net, but it does not work.

    I have constantly 2 errors :
    read returned zero, peer has closed
    or
    short read (-1): Input/output error

    My NVRAM settings are :
    pptp_client_enable=1
    pptp_client_passwd=MOTDEPASSE
    pptp_client_srvip=vpn.ipredator.se
    pptp_client_username=NOM
    pptp_get_ip=
    pptp_server_ip=

    The generated options.vpn is :
    lock
    noauth
    nodetach
    refuse-eap
    lcp-echo-failure 3
    lcp-echo-interval 2
    persist
    usepeerdns
    idle 0
    ip-up-script /etc/vpn/ip-up
    ip-down-script /etc/vpn/ip-down
    ipparam kelokepptpd
    mtu 1450
    mru 1450
    name NOM
    password MOTDEPASSE
    unit 1


    The logs are :
    Jan 1 01:01:18 unknown daemon.notice pptp[256]: pptp-client log[main:pptp.c:267]: The synchronous pptp option is NOT activated
    Jan 1 01:01:19 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
    Jan 1 01:01:19 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection Reply
    Jan 1 01:01:19 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
    Jan 1 01:01:20 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
    Jan 1 01:01:20 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
    Jan 1 01:01:20 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 53504).
    Jan 1 01:01:21 unknown daemon.notice pppd[256]: pppd 2.4.4 started by root, uid 0
    Aug 16 17:38:01 unknown daemon.notice pptp[259]: pptp-client log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed
    Aug 16 17:38:01 unknown daemon.notice pptp[259]: pptp-client log[callmgr_main:pptp_callmgr.c:255]: Closing connection (shutdown)
    Aug 16 17:38:01 unknown daemon.notice pptp[259]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
    Aug 16 17:38:01 unknown daemon.notice pptp[259]: pptp-client log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed
    Aug 16 17:38:01 unknown daemon.notice pptp[259]: pptp-client log[call_callback:pptp_callmgr.c:78]: Closing connection (call state)
    Aug 16 17:38:05 unknown daemon.info pppd[256]: Exit.
    Aug 16 17:38:05 unknown daemon.warn pptp[330]: pptp-client warn[decaps_hdlc:pptp_gre.c:197]: short read (-1): Input/output error
    Aug 16 17:38:05 unknown daemon.warn pptp[330]: pptp-client warn[decaps_hdlc:pptp_gre.c:209]: pppd may have shutdown, see pppd log
    Aug 16 17:38:11 unknown daemon.notice pptp[511]: pptp-client log[main:pptp.c:267]: The synchronous pptp option is NOT activated
    Aug 16 17:38:11 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
    Aug 16 17:38:11 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection Reply
    Aug 16 17:38:11 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
    Aug 16 17:38:12 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
    Aug 16 17:38:12 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
    Aug 16 17:38:12 unknown daemon.notice pptp[514]: pptp-client log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 31744).
    Aug 16 17:38:12 unknown daemon.notice pppd[511]: pppd 2.4.4 started by root, uid 0
    Aug 16 17:38:14 unknown daemon.notice pptp[517]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 3 (expecting 2, lost or reordered)
    Aug 16 17:38:14 unknown daemon.notice pptp[514]: pptp-client log[pptp_read_some:pptp_ctrl.c:543]: read returned zero, peer has closed
    Aug 16 17:38:14 unknown daemon.notice pptp[514]: pptp-client log[callmgr_main:pptp_callmgr.c:255]: Closing connection (shutdown)

    Thank you very much
  39. ipse

    ipse Addicted to LI Member

    I have the same issue...do you run PPPoE on the WAN interface? It looks to me that it cannot start the pppd daemon since it's already in use...so PPP negotiation cannot proceed.
    If that's the case, PPTP only works if PPP is not running already...I hope I'm wrong.
  40. jyavenard

    jyavenard LI Guru Member

    A bit of an update.

    I have updated the core code to tomato 1.27.

    I've also merged with the OpenVPN 1.25vpn3.4 image to include OpenVPN client and server.

    The image still fits within 4MB.

    The newbies:
    -Add username/password authentication support the OpenVPN
    -Clean up the openvpn client configuration page, some settings didn't make much sense (in particular the HMAC related settings)
    -Added PPTP client web configuration finally
    -Added SNMP server web configuration...
    -For the developer, I greatly reworked the makefiles...

    I'll be running the image over the next day or so and publish.
    I also need to send the mod back to the author of the Tomato's OpenVPN author as part of the distribution license..

    Version will be numbered
    1.27vpn4.0.0000
    Jean-Yves
  41. jyavenard

    jyavenard LI Guru Member

    I have been using PPPoE and the PPTP client for over a year ; with months of uptime (actually, last time I rebooted was in December 08 when I last flashed it!)
  42. jyavenard

    jyavenard LI Guru Member

    Hi there..

    For anyone willing to try...

    New version based on tomato 1.27 is available for trial.
    http://www.avenard.org/wrt54-tomato/tomato-127vpn4.0.beta.zip

    For the previous users of my previous firmware mode, the most newsworthy item is the ability to configure and control snmp and the pptp client via the web interface directly. No need to play with the nvram variables.

    It is a merge of the OpenVPN version by SGTPepperKSU and my earlier PPTP/SNMP image... So you know also get an OpenVPN client/server

    I then added:
    -PPTP client support and configuration GUI
    -PPTP server support, but this needs to be ran be hand.
    -Full rewrite of the start/stop control. Far more elegant now...
    -OpenVPN (client side only)
    * Username/Password support
    * Connect using Username/Password only (no need for private/public keys)
    * Ability to test the server certificate common name (check http://openvpn.net/index.php/open-source/documentation/howto.html#secnotes) for more info
    -wanuptime utility, returns the uptime of the wan connection in seconds (I use it for datalogging)
    -Various fixes here and there.

    Let me know how it works for you...
    Jean-Yves
  43. jyavenard

    jyavenard LI Guru Member

  44. augustynr

    augustynr LI Guru Member

    CPU load is > 5.0 when I do not use pptp client ..

    Hi,
    First I like to say thank you for the build it is exactly what I need Snmp and vpn.
    Though when I run it without the pptp client setup the cpu load on the router is very high.
    So I go to the GUI and stop it then things go down for a while and then the the client gets restarted .... and router is busy ... how do I stop that?
    Thanks in advance.
  45. jyavenard

    jyavenard LI Guru Member

    without logs I can't say
  46. occamsrazor

    occamsrazor LI Guru Member

    Hi, I have a few questions about your mod that I'm not clear on:

    1. I see it says "OpenVPN (client side only)" - does this mean it does not have the OpenVPN Server functionality of SgtPpepper's mod?

    2. Am I right in saying there is GUI only for PPTP Client, not PPTP Server?

    Many thanks....
  47. augustynr

    augustynr LI Guru Member

    This is what I have ...



    Feb 19 06:18:57 unknown daemon.notice pptp[5061]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5065]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5069]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5073]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5077]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5081]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5085]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:57 unknown daemon.notice pptp[5089]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5093]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5097]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5101]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5105]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5109]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5113]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5117]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:58 unknown daemon.notice pptp[5121]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5125]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5129]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5133]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5137]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5141]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5145]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5149]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:18:59 unknown daemon.notice pptp[5153]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5157]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5161]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5165]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5169]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5173]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5177]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5181]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5185]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:00 unknown daemon.notice pptp[5189]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:01 unknown daemon.notice pptp[5193]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:01 unknown daemon.notice pptp[5197]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:01 unknown daemon.notice pptp[5201]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:01 unknown daemon.notice pptp[5205]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:02 unknown daemon.notice pptp[5209]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:02 unknown daemon.notice pptp[5213]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:02 unknown daemon.notice pptp[5217]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:02 unknown daemon.notice pptp[5221]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:02 unknown daemon.notice pptp[5225]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:04 unknown daemon.notice pptp[5229]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:11 unknown daemon.notice pptp[5239]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:15 unknown daemon.notice pptp[5243]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:17 unknown daemon.notice pptp[5247]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:20 unknown daemon.notice pptp[5251]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:22 unknown daemon.notice pptp[5255]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:24 unknown daemon.notice pptp[5259]: pptp-client log[usage:pptp.c:94]: pptp called with wrong arguments, program not started.
    Feb 19 06:19:25 unknown daemon.info pppd[31853]: Exit.
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: started, version 2.51 cachesize 150
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: compile time options: no-IPv6 GNU-getopt no-RTC no-DBus no-I18N DHCP no-scripts no-TFTP
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: reading /etc/resolv.dnsmasq
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: using nameserver 216.58.97.20#53
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: using nameserver 216.58.97.21#53
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: read /etc/hosts - 0 addresses
    Feb 19 06:19:26 unknown daemon.info dnsmasq[5266]: read /etc/hosts.dnsmasq - 1 addresses
  48. jyavenard

    jyavenard LI Guru Member

    The client side only refers to the username/password authentication... I haven't implemented the support on the server side...

    And as for 2, yes, you are correct
  49. jyavenard

    jyavenard LI Guru Member

    It means you started the pptp client with the wrong arguments funnily enough :p

    Make sure you delete any previous settings you may have had in the nvram
  50. leppa

    leppa Serious Server Member

    How to disable PPTP Client?

    Hello,

    I've installed this mod because of SNMP, so I don't need PPTP.

    The question is, how do I completely disable PPTP Client?
    I have Start with WAN unchecked in VPN Tunneling -> PPTP Client, but on every reboot or reconnection to WAN it starts, so I get a lot of
    messages and very high CPU load.
    Code:
    # nvram get pptp_client_enable
    0
    I use v1.27vpn4.0.0003.beta.
  51. jyavenard

    jyavenard LI Guru Member

  52. leppa

    leppa Serious Server Member

  53. brianb

    brianb Guest

    First, thank you for taking the time to add PPTP server support to Tomato. I think it's great you've done this. I'd prefer not to use PPTP but I want my iPhone to get on a home VPN without setting up a dedicated server.

    I'm having the exact same problem that user Big Fork is having as described in his post. I have the same config files, same options, same everything. I even get the same error:

    Mar 21 19:01:24 ? daemon.err pptpd[507]: GRE: read(fd=8,buffer=10000570,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

    How do I confirm that the mppe module is in the kernel you've provided? I'm trying to use MPPE and and GRE and it's failing. Most folks reference the use of ip_gre but I only see ip_conntrack_proto_gre and ip_nat_proto_gre but no ip_gre.

    When I do get this figured out, do I need to use nvram settings to make what I did persistent?

    Thank you,

    Brian

  54. pw44

    pw44 Serious Server Member

    some questions about pptp on tomatovpn4

    Hia,
    i'm struggeling with a problem which i'm facing as a real challenge.
    My router hardware is a linksys wrt54gs-tm, and i installed tomato 1.27.
    After a while, i installed tomato 1.27 vpn4 mod.

    I do need pptp because i could not find an openvpn client for my symbian nokia.

    my linux box has 2 nics (eth0 and eth1) being eth1 the internal network and eth0 the external, connected my tomato linksys router (pppoe).

    After installing pptp on my linux box, i was able to use the pptp vpn with my nokia (symvpn) via wifi and with my windows xp box wired AND wifi. All works, no problems, no issues.

    The real problem is when trying to make the pptp vpn connection thru the tomato box.

    First, i "borrowed" my neighbors wifi signal and tried, from my nokia and also from my windows to make the pptp vpn connection. No luck, even after defining the iptables rules for forwarding, including the p 47.

    So i thought it could be some problem with the any of the ISP providers (mine or from my neighbor), and so i plugged my windows xp box to the tomato router. No luck. It seams that tomato drops or blocks something that i'm not being able to identify.

    Other services (http, ssh, etc) all works flawlessly on the internal network, extenal, from the internet, etc.....

    The ONLY exception is pptp.

    Is there someone who could give me a hint in how to make it work?

    THX in advance,

    Paulo
  55. pw44

    pw44 Serious Server Member

    Error by using the pptp server

    Hia,
    after creating the configuration files below, i did run the pptp server (pptpd -o /etc/pptpd/options.pptpd)

    /etc/ppp/chap-secrets
    pw44 pptpd xxxxxxxxx *

    /etc/pptpd.conf
    localip 192.168.20.1
    remoteip 192.168.20.234-238,192.168.20.245


    /etc/pptpd/options.pptpd
    lock
    noauth
    refuse-pap
    refuse-eap
    refuse-chap
    refuse-mschap
    nobsdcomp
    nodeflate
    # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
    # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
    # {{{
    # Require MPPE 128-bit encryption
    #require-mppe-128
    # }}}
    # http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
    # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
    # {{{
    # Require MPPE 128-bit encryption
    #mppe required,stateless
    # }}}

    But am getting the following error when trying to connect from my windows xp box plugged on of the tomato vpn 4 router ports.


    Could someone explain what is wrong?

    Best regards,

    Paulo
  56. mafeu

    mafeu Serious Server Member

    How to reach the snmpd via ppp0?

    Hi Jean-Yves, tomatovpn-Users,

    Thanks for extending tomato in such a great way! I'm especially interested in the inclusion of the snmp daemon. Everything works fine when probing snmp from the inside, i.e. on the local address (br0).

    But I would like to probe the snmp daemon as well from the outside. According to snmpd.conf's man page, the daemon should listen on all IPv4 devices by default. This should include ppp0, shouldn't it? However, I get no response on port 161 from the outside. Also playing with the firewall settings (a port forward from ppp0:161 to br0:161) didn't help.

    Has anyone figured this out?

    Cheers,
    Martin
  57. rjm2k1

    rjm2k1 Serious Server Member

    Hi, great work on this! As a new user I am still getting to grips with my RT-N16, currently running the latest Tomato USB, I wonder if your PPTP Server/Client will be included in the main Tomato tree, which will then also include it in Tomato USB?
  58. can_man

    can_man Serious Server Member

    Can I use this build on a Asus WL-500gP v2 ? Is there a ND version ?
    I'm currently running the VPN (ND) Tomato : Tomato Firmware v1.27vpn3.6.4b6645f6(ND)

    I'd like to try the PPTP client.
  59. twperdu

    twperdu Reformed Router Member

    Cisco E3000

    Are there any plans to add support for the Cisco E2000/E3000 routers?


  60. jyavenard

    jyavenard LI Guru Member

    Sorry for the late reply.

    As I got myself an asus rt-n16, I needed to get my code upgraded.. So I ported all those changes (and more) to the tomatoUSB-RT branch.

    Im hoping to push those changes to the original git repository, in the mean time, if someone is interested send me a message.

    Cheers
    jean-Yves
  61. moscito

    moscito Reformed Router Member

    Hello,
    i want to use the pptp vpn client. I have fill in the pptp vpn server settings in the webinface and the log says that it is conencted:

    [​IMG]

    I think the problem ist the Routing Table:

    [​IMG]

    I don't know how to configure the route to my vpn provider, i only have the data:

    Server: steinsel.perfect-privacy.com
    PPTP VPN: 10.0.60.1

    if i connect with windows pptp vpn i get the follwing data automatically from the dhcp server

    ip: 10.0.60.3
    subnet: 255.255.255.255
    gateway: 0.0.0.0
    dns: 195.24.72.6
    83.243.8.6

    I think the problem is, that tomato doesn't get the data automatically so i have to write the data myself in the routingtable.
    Can somone help me please?

    regards
  62. moscito

    moscito Reformed Router Member

    Is it possible to build the pptp vpn client into tomato version 1.28? Please help me!

    regards
  63. Toastman

    Toastman Super Moderator Staff Member Member

    It's already there :)
  64. moscito

    moscito Reformed Router Member

    Hello, do you mean one of this versions:

    http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html#dir=79263771

    because i have installed one of the vpn version 1.28 - there is a open vpn client on it but not a pptp vpn client.
    Can you send me the link to the right version, i have a wrt54gs v1.1

    Edit:
    I have installed the Version: Tomato Firmware v1.28.7628 -Toastman ND VPN
    - Linux kernel 2.4.37.11 and Broadcom Wireless Driver 4.150.10.29 updates
    - Support for additional router models, dual-band and Wireless-N mode

    But i can't see the pptp vpn client do i have to configure this by console?

    regards
  65. Mercjoe

    Mercjoe Network Guru Member

    I do believe that the NON-VPN builds have a pptp client in them. My remote router has it in the menu under VPN tunneling menu.
  66. Toastman

    Toastman Super Moderator Staff Member Member

    You have linked to a version that is almost a year old!
    moscito likes this.
  67. moscito

    moscito Reformed Router Member

    Oh sorry i didn't see that. Now i have installed the newest vpn version and the pptp client is avaiiable.
    I have only the problem, that the tunnel not work:
    The log says:
    [​IMG]
    Here are my Vpn Settings.
    [​IMG]
    The log says using interface pp1 but at the bandwith menü i cant find interface pp1 - if i use openvpn it works fine with tun11.

    What can i do?
  68. DaveD

    DaveD Network Newbie Member

    I recently installed Tomato 1.28 base on my Linksys router, and it is running without problems. But I also need SNMP support to provide data bandwidth usage directly from the router. If I read this thread correctly, I can install WRT54G_WRT54GL.bin directly from the tomato-127vpn4.0.zip package, as simply as I did with the 1.28 bin, then perhaps configure the interface through the GUI, and I’m on my way. My skills in this area are minimal.

    The environment: XP SP3; Linksys WRT54G V1.1; NetWorx app that monitors and reports non-local traffic through the Linksys (WAN traffic only). I do this today with NetWorx’s option to install on each PC and collect the data bandwidth usage and synchronize among the systems, but this doesn’t collect my Android tablet data usage. NetWorx provides an option to communicate directly with the router via SNMP, which would get it all but, of course, I need SNMP support at the router to do so.
    Questions:
    1. It looks like my WRT54G V1.1 router is supported, per the chart at http://en.wikibooks.org/wiki/Tomato_Firmware/Distributions ?
    2. Is this SNMP support going to do it for me?
    3. Am I correct about the ease of install, or is it more difficult than that?
    4. It looks like Tomato 1.28, the version I’m running, doesn’t offer much in the way of enhancements from 1.27, the version upon which this package is based, so my bandwidth data collection support within Tomato should not change.
    5. Anything else I need to know?
    Thanks, DaveD
  69. DaveD

    DaveD Network Newbie Member

    Never mind the above append. Couldn’t wait for a response so I installed it, and it works…
    But a problem. The WRT54G reboots itself several times a day. I did all of the right things, unless I’m missing something—I cleared NVRAM, wrote set wl_reg_mode=off to NVRAM (and committed it), per http://en.wikibooks.org/wiki/Tomato_Firmware/Installation_and_Configuration.
    Since reboot loses log information, I started logging to the desktop and capturing with WallWatcher.

    So here were are. It didn't take long: out of memory.
    2012/03/14 17:56:58.15 M kernel: out of memory: killed process 80 (dnsmasq).
    2012/03/14 17:57:04.68 M kernel: out of memory: killed process 46 (telnetd).
    2012/03/14 17:57:06.59 M kernel: out of memory: killed process 278 (udhcpc).
    2012/03/14 17:57:07.39 M kernel: vm: killing process udhcpc
    2012/03/14 17:57:12.78 M kernel: out of memory: killed process 550 (crond).
    2012/03/14 18:01:29.11 M kernel: klogd started: busybox v1.14.4 (2010-03-01 21:11:33 est)

    What are my options? Can I save some memory by configuring certain features on/off? Can I get a bin file with only the SNMP, not the PPTP support? Do I need to include additional log information? Is there something else going on?
    I need to get this working without failure. Please help. Dave D
  70. DaveD

    DaveD Network Newbie Member

    If anyone is watching this thread and even vaguely interested, after turning off everything I didn't need and still experiencing constant reboots, I had to back off to the non-SNMP vanilla Tomato version. Then I bought a 32MB WRT54GS V2.1 and installed the latest v1.28.7633 -Toastman-VLAN-IPT-ND ND VPN. This mod also has it's problems, but at least it has SNMP and is stable.

    I'll be posting any future questions or observations elsewhere.
  71. mbryan718

    mbryan718 New Member Member

    I want create a site-to-site PPTP VPN using Shibby Tomato. I currently have this working and can ping from site-to-site via the router itself — but the clients on either end cannot see each other.

    Is there a tutorial or documentation that gives the steps to do this? I've done everything I know to do based on my own knowledge, but I don't understand why my clients can't see each other across the tunnel? It's a routing issue between the router and it's dhcp clients I know — but why isn't the router "ROUTING" the VPN routes for the clients?

    I've googled all over for a tutorial or instructions and have come up with nothing. Any ideas?

    Thanks guys.
  72. jyavenard

    jyavenard LI Guru Member

    can you ping hosts on either side of the tunnel?

    did you put them on the same subnet?

Share This Page