PPTP Server with Windows clients

gogusrl · September 18, 2012, 7:05pm

I want to setup a pptp server so my friends can connect and play games in lan.

I have 2 WAN connections. One gets routed to 192.168.88.0/25 the other one to 192.168.88.128/25. Both are pppoe connections (rds/rtlc) going through rds-gateway / rtlc-gateway interfaces (port 0 and 1).

I enabled the pptp-server service, created a secret and modified the default profile to use the bridge I had setup(wifi&lan), and the ip pool on the remote address.

The connection gets established, his internet gets routed through my internet but he gets a 255.255.255.255 mask and 0.0.0.0 gateway. He can ping the router but not me or I him.

ip pool

add name=dhcp_pool1 ranges=192.168.88.128-192.168.88.254
add name=vpn-pool ranges=192.168.88.10-192.168.88.20

ppp profile

 1 * name="default-encryption" local-address=192.168.88.1 remote-address=vpn-pool use-mpls=default use-compression=default use-vj-compression=default use-encryption=yes only-one=default change-tcp-mss=yes

secret

name=test password=test profile=default-encryption service=pptp

Mangle

add action=mark-connection chain=input comment="in rds,out rds" in-interface=rds new-connection-mark=rds_conn
add action=mark-routing chain=output comment="in rds,out rds" connection-mark=rds_conn new-routing-mark=rds_traffic passthrough=no
add action=mark-connection chain=forward comment="pfw rds, out rds" connection-state=new in-interface=rds new-connection-mark=rds_pfw passthrough=no
add action=mark-routing chain=prerouting comment="pfw rds, out rds" connection-mark=rds_pfw in-interface=bridge1 new-routing-mark=rds_traffic passthrough=no
add action=mark-connection chain=input comment="in rtlc,out rtlc" in-interface=rtlc new-connection-mark=rtlc_conn
add action=mark-routing chain=output comment="in rtlc,out rtlc" connection-mark=rtlc_conn new-routing-mark=rtlc_traffic passthrough=no
add action=mark-connection chain=forward comment="pfw rtlc, out rtlc" connection-state=new in-interface=rtlc new-connection-mark=rtlc_pfw passthrough=no
add action=mark-routing chain=prerouting comment="pfw rtlc, out rtlc" connection-mark=rtlc_pfw in-interface=bridge1 new-routing-mark=rtlc_traffic passthrough=no
add action=mark-routing chain=prerouting new-routing-mark="Fast net" src-address=192.168.88.0/25
add action=mark-routing chain=prerouting new-routing-mark="Slow Net" src-address=192.168.88.128/25

NAT

add action=masquerade chain=srcnat out-interface=rtlc src-address=192.168.88.128/25
add action=masquerade chain=srcnat out-interface=rds src-address=192.168.88.0/25

routes

 0 A S  dst-address=0.0.0.0/0 gateway=rds gateway-status=rds reachable distance=1 scope=30 target-scope=10 routing-mark=rds_traffic

 1 A S  dst-address=0.0.0.0/0 gateway=rtlc gateway-status=rtlc reachable distance=1 scope=30 target-scope=10 routing-mark=rtlc_traffic

 2 A S  dst-address=0.0.0.0/0 gateway=rds gateway-status=rds reachable distance=1 scope=30 target-scope=10 routing-mark=Fast net

 3 A S  dst-address=0.0.0.0/0 gateway=rtlc gateway-status=rtlc reachable distance=1 scope=30 target-scope=10 routing-mark=Slow Net

 4 ADS  dst-address=0.0.0.0/0 gateway=89.121.166.254 gateway-status=89.121.166.254 reachable via  rtlc distance=1 scope=30 target-scope=10

 5  DS  dst-address=0.0.0.0/0 gateway=10.0.0.1 gateway-status=10.0.0.1 reachable via  rds distance=1 scope=30 target-scope=10

 6 ADC  dst-address=10.0.0.1/32 pref-src=79.118.209.191 gateway=rds gateway-status=rds reachable distance=0 scope=10

 7 ADC  dst-address=89.121.166.254/32 pref-src=89.120.162.76 gateway=rtlc gateway-status=rtlc reachable distance=0 scope=10

 8 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge1 gateway-status=bridge1 reachable distance=0 scope=10

9 ADC  dst-address=192.168.88.10/32 pref-src=192.168.88.1 gateway=pptp-in1 gateway-status=pptp-in1 reachable distance=0 scope=10

Filter rules have a lot of crap but I tested with everything disabled and I don’t think the problem is there.

log output :

21:37:44 pptp,info TCP connection established from 188.212.xx.xx
21:37:44 pptp,ppp,info <pptp-0>: waiting for call...
21:37:44 pptp,ppp,info pptp-in1: authenticated
21:37:45 pptp,ppp,info pptp-in1: connected
21:37:45 pptp,ppp,info,account test logged in, 192.168.88.10
21:37:45 pptp,ppp,info pptp-in1: using encoding - MPPE128 stateless

Hope this is all the info required.

edit : proxy-arp is enabled on lan and bridge1.

gsloop · September 20, 2012, 12:16am

I don’t have the patience at the moment to grok your mangle and routing rules.

How about making it a lot simpler and just using a single WAN link. Once you’ve got that working, then add stuff back in.

I’m just not sure where the PPTP connection is coming from and how traffic is routing. Since it’s somewhat messy, I’m wondering if the problem is “in there” somewhere. [Yeah, I’m being lazy. ]

Try simplifying and seeing what happens.

Also, PPTP is really broken, insecure broken. Only use PPTP if security means nothing.

-Greg