TomatoUSB

Hey guys, so I was trying to get openvpn to work but then I noticed there's a pptp guide here which is awesome because the clients are already built into windows.

Followed it through exactly as described, everything starts up on the router as it should (i think) with the pptpd listening on br0

Configured for 10 ips 192.168.0.160-169 and seems like the iptables rules are being added.

However when I connect nothing happens, I don't see any entries in the log in debug mode.

here's what my iptables looks like:
root@?:/tmp/home/root# iptables —list
Chain INPUT (policy DROP)
target prot opt source destination
DROP all — anywhere anywhere state INVALID
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT udp — anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp — anywhere 192.168.0.1 tcp dpt:ssh
ACCEPT igmp — anywhere anywhere
ACCEPT gre — anywhere anywhere
ACCEPT tcp — anywhere anywhere tcp dpt:1723
ACCEPT all — anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all — anywhere anywhere
DROP all — anywhere anywhere state INVALID
TCPMSS tcp — anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
wanin all — anywhere anywhere
wanout all — anywhere anywhere
ACCEPT all — anywhere anywhere
upnp all — anywhere anywhere
ACCEPT all — anywhere anywhere
ACCEPT all — anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain upnp (1 references)
target prot opt source destination

Chain wanin (1 references)
target prot opt source destination
ACCEPT udp — anywhere base-address.mcast.net/4 udp
ACCEPT udp — anywhere fios_stb_pvr_1 udp dpt:63145
ACCEPT tcp — anywhere server tcp dpt:ftp
ACCEPT tcp — anywhere server tcp dpt:www
ACCEPT tcp — anywhere server tcp dpt:ssh
ACCEPT tcp — anywhere server tcp dpt:5902

In the guide it says something about the ppp+ interfaces but I don't see any of that in iptables after running the commands, but I guess that might just not be shown.

Here are my config files:
root@?:/tmp/home/root# cat /opt/etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
nomppe-stateful
ms-dns 192.168.0.1
proxyarp
lock
nobsdcomp
debug

root@?:/tmp/home/root# cat /opt/etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.160-169

If you don't see anything in the logs, it means the connection does not come through. Are you positive your ISP doesn't filter PPTP?

I just figured out my issue, I'm storing my optware on /cifs1/opt which is then mounted to /opt.

I had a timing issue where optware was starting up before the router was up or something like that.

By fixing up my mount timing in scripts it started.

Though now that it's working it sucks, the router isn't fast enough really as I have 35/35mbps fios and the most the router gives me is 10/11 while at nearly 100% cpu (I'm using an E2000 cisco)

I just configured pptpd on my linux server behind the router and seems like that's working WAY better, I get 25/25 at like 3% cpu.

Anyhow, sorry for the false alarm, the guide worked perfectly.

Yes this has somthing todo with the power of the cpu of the router and there is a work around.

When the poptop deamon starts it also starts bcrelay which is causing the high cpu load.

So i've made the following adjustment to the tutorial in the vpn.wanup script.

#!/bin/sh
if [ ! -f /tmp/ppp/chap-secrets ]; then
   mkdir -p /tmp/ppp
   ln -s /opt/etc/ppp/chap-secrets /tmp/ppp
fi
/opt/etc/init.d/S20poptop restart
sleep 5
killall bcrelay

Then you should be fine.

This will stop the broadcasting traffic which i don't use anyway.