Toastman PPTP client vs PPTP WAN?

Discussion in 'Tomato Firmware' started by gfunkdave, Jan 9, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    I understand (or think I do) that the PPTP option in Basic -> Network is to create a PPTP tunnel and use that as the WAN connection, tunneling all LAN-to-WAN traffic through PPTP.

    But how does the "PPTP Client" under "VPN Tunneling" work? I tried setting it up to connect to my work VPN. It says it connects, but nothing seems to change in, say, the IP that sees.
  2. Monk E. Boy

    Monk E. Boy Network Guru Member

    I don't recall Basic -> Network (using vanilla TomatoUSB @ my workplace), but PPTP Client should simply allow you to connect to a remote network, not necessarily tunnel all traffic through it. In other words, once you established a connection to your workplace, you could then talk to systems on their network.

    Tunneling all internet traffic through the connection typically requires some configuration on their end, since most workplaces don't want everyone's P2P traffic, etc. come flying out their public IP address.
  3. Dr Strangelove

    Dr Strangelove LI Guru Member

    At it's simplest, PPTP is just IP protocol 47(GRE) with a TCP port 1723.
    PPTP is placed inside the IP packet and transported over a PPP frame.

    Anything between the PPTP client/server is just IP to the Internet.

    To you it just looks like your LAN, with 'their' PPTP Server resources on it.

    For example, this allows you to connect to private IP address over a public IP network as if it was a local server on a LAN on your network.

    Tomato firmware provides a PPTP client allowing you to connect to remote PPTP servers and the resources it provides.

    What Tomato firmware offers is the ability to configure that connection which may include NAT, encryption and security settings that the PPTP server requires/allows. That's where the fun starts.

    I've not setup a PPTP client on my Tomato firmware router, that's why I'm being a bit vague on the details.

    I have however set up a PPTP server on a Tomato firmware Linksys E4200 to allow my Android phone(not rooted) access to my home NAS and it was almost more than my dicky ticker could stand. BUT it does work very well and even though the security in PPTP is not that great, it's OK for a home network where known IP addresses are the only ones allowed as added security.

    I set up a Win7 notebook as a PPTP client and used it to test the PPTP server. It may be easier to setup up a PC to connect to your desired PPTP server and then once you have it working transfer the 'settings' to the Tomato router and then start from there.

    Remember IP protocol 47(GRE) when tunneling IP though your firewall/router(s).

    I'm sure someone here has a good working example of a Tomato firmware PPTP client setup and any pit falls.

    I hate simple questions as they're always the hardest to answer. :D
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    The biggest security problem with PPTP I'm aware of is username & password authentication. You MUST use a complex password for accounts, and preferably use account names that aren't inherently guessable (don't use your first or last name as the account name, try not to use dictionary words either). Most VPNs can be configured to use individual certificates, which is more secure, but systems that rely on username & password are roughly as secure as PPTP. Unless there's no encryption on the PPTP session of course (then PPTP would be much worse).
  5. gfunkdave

    gfunkdave LI Guru Member

    Thanks all. My PPTP *is* working but the PPTP server isn't pushing the appropriate routes to my router. My company network is on several subnets in 172.x.x.x and 10.10.x.x, and the router only creates a route for the particular subnet that it gets an IP in from the PPTP server. I was able to ping our company DNS server, which is on that same subnet.

    Question: How would I create a route for a different subnet? I don't quite understand how it works, and I'm pretty sure I am entering it wrong. The router gets an IP in 172.30.0.x with a subnet mask of If I want to connect to a file server in, what route do I set? What interface is it, WAN or MAN?

    Thanks for any light you can shed, or links that might be useful.
  6. anotherone

    anotherone Connected Client Member

    so is there an example how we route the traffic from a second ssid or a ethernet port to the vpn?
    if not can we do the opposite maybe?
    to use router with pptp vpn wan normal and after to create a second wan and route the home internet through an ethernet port and the second ssid?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice