1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

yet another VPN MOD with PPTP plus OpenVPN

Discussion in 'Tomato Firmware' started by kenyloveg, Aug 20, 2010.

  1. kenyloveg

    kenyloveg LI Guru Member

    Hi, guys
    I'm currently moving from SGT's OpenVPN mod to this
    http://www.avenard.org/wrt54-tomato/
    The main reason is I've confirmed with MikroTik that Router OS does not support static.key/ta.key authentication which was required by SGT's MOD(and most ovpn client on other platform)
    check out here
    http://forum.mikrotik.com/viewtopic.php?f=2&t=44241
    So i moved to Jean-Yves/Hydrix's MOD.
    Did anybody use it? It had a great GUI for setting up PPTP.
    Thank you Jean-Yves/Hydrix's, for providing the alternative MOD.

    But please allow me to raise one question regarding connection logs
    Code:
    Aug 20 17:08:41 ? daemon.notice pptp[3005]: pptp-client log[main:pptp.c:267]: The synchronous pptp option is NOT activated
    Aug 20 17:08:41 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
    Aug 20 17:08:41 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection Reply
    Aug 20 17:08:41 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
    Aug 20 17:08:42 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
    Aug 20 17:08:42 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
    Aug 20 17:08:42 ? daemon.notice pptp[3007]: pptp-client log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 26).
    Aug 20 17:09:21 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 66 (expecting 64, lost or reordered)
    Aug 20 17:09:35 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 83 (expecting 82, lost or reordered)
    Aug 20 17:09:42 ? daemon.notice pptp[3007]: pptp-client log[logecho:pptp_ctrl.c:676]: Echo Reply received.
    Aug 20 17:09:59 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 114 (expecting 113, lost or reordered)
    Aug 20 17:10:42 ? daemon.notice pptp[3007]: pptp-client log[logecho:pptp_ctrl.c:676]: Echo Reply received.
    Aug 20 17:10:53 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 195 (expecting 194, lost or reordered)
    Aug 20 17:10:57 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 199 (expecting 198, lost or reordered)
    Aug 20 17:11:31 ? daemon.notice pptp[3005]: pptp-client log[decaps_gre:pptp_gre.c:407]: buffering packet 246 (expecting 245, lost or reordered)
    Aug 20 17:11:42 ? daemon.notice pptp[3007]: pptp-client log[logecho:pptp_ctrl.c:676]: Echo Reply received.
    
    what
    Code:
    The synchronous pptp option is NOT activated
    and
    Code:
    decaps_gre:pptp_gre.c:407
    means? How to fix that?
     
  2. kenyloveg

    kenyloveg LI Guru Member

    After changing MTU/MRU on client side to match ROS side, the ping latency significantly reduced from 1xx ms to x ms, and these "decaps_gre:pptp_gre.c:407" errors doesn't happen so many than it used to be.
    also I found out that encryption in this MOD is broken, only "Auto" works (only MSCHAP V2 on ROS)!
     
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    As a clarification, this statement is not at all true. TomatoVPN prominently supports TLS mode (with or without tls-auth) or static key mode (the only two modes in OpenVPN). In fact, the default is TLS, not Static Key which you say is required.

    I just went to the RouterOS website, and it looks like they use a pretty standard TLS configuration that would be supported just fine by TomatoVPN. The only bit not currently in the GUI (should be in the next version) is the user/pass bit, but there are several threads on how to do that pretty easily from the init script.
     

Share This Page