OpenWrt Forum Archive

Topic: pptp the default gateway and nating doesn't seem to work anymore

The content of this topic has been archived on 1 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
t0ksik
23 Nov 2005, 18:08

I am trying to program the linksys box so that it connects to the vpn and directs all traffing through the vpn.  I got the VPN part of this down.  I have a short script in my /etc/init.d/ named S80pptp that looks like this

route add X.Y.Z.26 gw `{my current gateway}`
route del default gw `{my current gateway}`

pppd call mikrotik

btw, my mikrotik config looks like this:

pty "pptp X.Y.Z.26 --nolaunchpppd"
name ppp1
remotename PPTP
file /etc/ppp/options.pptp
ipparam mikrotik

and my /etc/ppp/options.pptp looks like this

defaultroute
lock
noauth
nobsdcomp
nodeflate
idle 0

So when I run netstat -rn after running the script to remove routes and start my pptp session.  I get the following - which is good, I think

X.Y.Z.26     {old gateway}     255.255.255.255 UGH       0 0          0 vlan1
1.1.1.1         0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 vlan1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 br0
0.0.0.0         1.1.1.1         0.0.0.0         UG        0 0          0 ppp0

Little explanation as to why I did that.  I had to add a route for my pptp server (X.Y.Z.26) using my original gateway.  Otherwise, once I made the connection to the PPTP server and replaced my default gateway with 1.1.1.1, the router wouldn't know how to make the first physical hop to the VPN (even though the VPN acts like one hop, you are still traversing multiple hops to get to the actual gateway server).

My OpenWRT itself can get to the internet fine, but my clients cannot (the 192.168.1.X people who are behind my OpenWRT).  I have no firm idea, but I do have a couple of ideas as to what may be the cause.  I think when I am changing the default gateway, I am somehow breaking the bridge (br0) that was setup.  Maybe I need to rework br0 to link ppp0 and eth0 instead of vlan1 and eth0 (or whatever it was set to before).  It could also be a simple nating issue.  I know in the past, on system I am just slightly more familiar with, I was able to add a source nat where the source address was the internal network and the to address was the public address of my router.

I tried adding a SNAT in iptables, but I either added it wrong, or that wasn't my problem.

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.100

I tried to work that out from http://iptables-tutorial.frozentux.net/ … SNATTARGET.  It didn't work =Þ

Any advice you can give me would be greatly appreciated.  If it seems like I was condiscending in my explanations, that is not directed towards the people who are able to answer my questions, but rather the people who are searching this forum later.  I often get aggrivated when people post what they have done so far, but don't explain how they reached that point.  I am trying not be that person and explain my logic, not just post the point I am at.  That said, if you are looking at this post way after I solved my problem, please email me with questions.  I will be more than happy to explain in further detail why I did what I did.

Post #2
t0ksik
23 Nov 2005, 21:37

On further reading, I see that the bridge is in fact between the wireless and wired lan.  And has nothing to do with the wan, so does anyone know what I can do with a nat?

The discussion might have continued from here.