Hi,
i invested now some days actually to get not OpenVPN up and running, but at least PPTP on my Omnia Turris Router. Something is wrong (probably a forward or a route), but i don’t know how to proceed. Changed my VPN provider from VPN unlimited to Perfect-Privacy, VPN via PPTP is working on my old Asus router, but not on the Turris. So, any help is highly appreciated! Maybe someone can review my settings, that would be a huge help.
The Problem: I can get the PPTP to my VPN provider running, but no data is visible and my IP is still the local ISP IP. Somehow i can’t manage to route the traffic from all clients via the new VPN Interface to Internet.
root@turris:/# cat /etc/config/network
config interface 'loopback’
option ifname 'lo’
option proto 'static’
option ipaddr '127.0.0.1’
option netmask ‘255.0.0.0’
config globals 'globals’
option ula_prefix ‘fd33:49fd:25ae::/48’
config interface 'lan’
option ifname 'eth0 eth2’
option force_link '1’
option type 'bridge’
option proto 'static’
option ipaddr '192.168.1.1’
option netmask '255.255.255.0’
option ip6assign ‘60’
config interface 'wan’
option ifname 'eth1’
option proto ‘dhcp’
config interface 'wan6’
option ifname '@wan’
option proto ‘dhcpv6’
config switch
option name 'switch0’
option reset '1’
option enable_vlan ‘1’
config switch_vlan
option device 'switch0’
option vlan '1’
option ports ‘0 1 2 3 5’
config switch_vlan
option device 'switch0’
option vlan '2’
option ports ‘4 6’
config interface 'VPN_PPTP_PP’
option proto 'pptp’
option server 'hamburg.perfect-privacy.com’
option password 'my-password’
option username 'my-username’
option peerdns '0’
option dns '208.67.222.222 208.67.220.220’
option metric ‘10’
config defaults
option syn_flood '1’
option input 'ACCEPT’
option output 'ACCEPT’
option forward ‘REJECT’
config zone
option name 'lan’
option input 'ACCEPT’
option output 'ACCEPT’
option forward 'ACCEPT’
option network ‘lan’
config zone
option name 'wan’
option output 'ACCEPT’
option masq '1’
option mtu_fix '1’
option input 'ACCEPT’
option forward 'ACCEPT’
option network ‘VPN_PPTP_PP’
config rule
option name 'Allow-DHCP-Renew’
option src 'wan’
option proto 'udp’
option dest_port '68’
option target 'ACCEPT’
option family ‘ipv4’
config rule
option name 'Allow-Ping’
option src 'wan’
option proto 'icmp’
option icmp_type 'echo-request’
option family 'ipv4’
option target ‘ACCEPT’
config rule
option name 'Allow-IGMP’
option src 'wan’
option proto 'igmp’
option family 'ipv4’
option target ‘ACCEPT’
config rule
option name 'Allow-DHCPv6’
option src 'wan’
option proto 'udp’
option src_ip 'fe80::/10’
option src_port '547’
option dest_ip 'fe80::/10’
option dest_port '546’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-MLD’
option src 'wan’
option proto 'icmp’
option src_ip 'fe80::/10’
list icmp_type '130/0’
list icmp_type '131/0’
list icmp_type '132/0’
list icmp_type '143/0’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-ICMPv6-Input’
option src 'wan’
option proto 'icmp’
list icmp_type 'echo-request’
list icmp_type 'echo-reply’
list icmp_type 'destination-unreachable’
list icmp_type 'packet-too-big’
list icmp_type 'time-exceeded’
list icmp_type 'bad-header’
list icmp_type 'unknown-header-type’
list icmp_type 'router-solicitation’
list icmp_type 'neighbour-solicitation’
list icmp_type 'router-advertisement’
list icmp_type 'neighbour-advertisement’
option limit '1000/sec’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-ICMPv6-Forward’
option src 'wan’
option dest '*'
option proto 'icmp’
list icmp_type 'echo-request’
list icmp_type 'echo-reply’
list icmp_type 'destination-unreachable’
list icmp_type 'packet-too-big’
list icmp_type 'time-exceeded’
list icmp_type 'bad-header’
list icmp_type 'unknown-header-type’
option limit '1000/sec’
option family 'ipv6’
option target ‘ACCEPT’
config include
option path ‘/etc/firewall.user’
config include
option path '/usr/share/firewall/turris’
option reload ‘1’
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh’
option reload ‘1’
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh’
option reload ‘0’
config rule
option src 'wan’
option dest 'lan’
option proto 'esp’
option target ‘ACCEPT’
config rule
option src 'wan’
option dest 'lan’
option dest_port '500’
option proto 'udp’
option target ‘ACCEPT’
config include 'miniupnpd’
option type 'script’
option path '/usr/share/miniupnpd/firewall.include’
option family 'any’
option reload ‘1’
config forwarding
option dest 'wan’
option src ‘lan’
root@turris:/etc# ifconfig
br-lan Link encap:Ethernet HWaddr D8:58:D7:00:21:E4
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::da58:d7ff:fe00:21e4/64 Scope:Link
inet6 addr: fd33:49fd:25ae::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1859 errors:0 dropped:0 overruns:0 frame:0
TX packets:1284 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:175763 (171.6 KiB) TX bytes:609736 (595.4 KiB)
eth0 Link encap:Ethernet HWaddr D8:58:D7:00:21:E4
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:97 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:19533 (19.0 KiB)
Interrupt:37
eth1 Link encap:Ethernet HWaddr D8:58:D7:00:21:E5
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:38
eth2 Link encap:Ethernet HWaddr D8:58:D7:00:21:E6
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:97 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:19533 (19.0 KiB)
Interrupt:40
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1142 errors:0 dropped:0 overruns:0 frame:0
TX packets:1142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:90214 (88.0 KiB) TX bytes:90214 (88.0 KiB)
wlan0 Link encap:Ethernet HWaddr 04:F0:21:24:15:55
inet6 addr: fe80::6f0:21ff:fe24:1555/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1889 errors:0 dropped:0 overruns:0 frame:0
TX packets:1524 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:208947 (204.0 KiB) TX bytes:668183 (652.5 KiB)