lock noauth refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate require-mppe-128
pty "pptp connect.swissvpn.net --nolaunchpppd" name swissvpntest remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam swissvpn
# Secrets for authentication using CHAP # client server secret IP addresses swissvpntest PPTP swissvpntest *
[...] Using interface ppp0 Connect: ppp0 -- /dev/pts/2 [...] local IP address 80.254.78.184 remote IP address 80.254.79.59 Script /etc/ppp/ip-up started (pid 5334) Script /etc/ppp/ip-up finished (pid 5334), status = 0x0
If it does not work, take a look at /var/log/messages. You'll see if the ppp connection got disconncted, and maybe some errors.
The more interesting and useful thing is using tcpdump to look at the pakets. Use
tcpdump -n host connect.swissvpn.net
to
take a look at the pakets that are going in and out.
If you see something like this, it usually means that you're having a problem on your router, you see GRE pakets going out from your machine to swissvpn, but none coming back. With a correct pptp passthrough this should not happen.
20:59:04.834513 IP 192.168.0.102 > 80.254.79.61: GREv1, call 50472, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22 20:59:07.745917 IP 192.168.0.102 > 80.254.79.61: GREv1, call 50472, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22 20:59:10.746916 IP 192.168.0.102 > 80.254.79.61: GREv1, call 50472, seq 3, length 36: LCP, Conf-Request (0x01), id 1, length 22 20:59:13.747932 IP 192.168.0.102 > 80.254.79.61: GREv1, call 50472, seq 4, length 36: LCP, Conf-Request (0x01), id 1, length 22
On an OpenWRT box, adding the following iptables rules helps to get the GRE pakets to the pptp router.
iptables -t nat -A prerouting_wan -p gre -j DNAT --to 192.168.0.2 iptables -A forwarding_wan -p gre -j ACCEPT