4100 OpenWRT as a PPTP-router - Telecomix Crypto Munitions Bureau

OpenWRT as a PPTP-router

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

[edit] Setting up OpenWRT 8.09.2 ("Kamikaze") to route everything through IPREDATOR (-- GUIDE IS UNFINISHED--)

(This is a separate guide from the one above)

This is a walkthrough, not an explanation. Most of the procedure was notoriously stolen from The OpenWRT Wiki (and then slightly adapted).
You can copy-paste each step and paste all of it at once (the comments are shell-friendly and will be ignored when the commands are run).

  • This guide is UNFINISHED
  • You need to be logged in as the root user in for this to make any sense. Verify this by typing "id".
  • Run these commands on your router (it took some time when I did this, so be prepared to wait ~15m): 
opkg update              # update list of packages
opkg install pptp        # learn kung-fu (or pptp)
opkg install kmod-mppe   # we need this for compression
  • Define the username you use for IPREDATOR: 
export ipreduser="entermyusernamehere"
export ipredpassword="enteryourpasswordhere"
  • Make the /etc/ppp/peers file for ipredator (the configuration file specific for your connection to ipredator) 
mkdir -p /etc/ppp/peers
cd /etc/ppp/peers
touch ipredator
chmod 600 ipredator
  • Add some contents to it: 
echo pty \"pptp vpn.ipredator.se –nolaunchpppd\">>ipredator #Here we instruct pppd to launch pptp to communicate with the VPN server.
echo mppe required,stateless                  >>ipredator #Require that the connection be encrypted, using stateless encryption.
echo name $ipreduser                          >>ipredator
# ^-- Define the username for the VPN-connection (the password is stored in chap-secrets, see below).
echo remotename ipredator                     >>ipredator #Add this to properly specify the account and password in chap-secrets (see below).
echo file /etc/ppp/options.pptp               >>ipredator #Instruct pppd to load the generic options provided by the pptp package.
echo ipparam ipredator                        >>ipredator
# ^-- This is used as a parameter to the ip-up and ip-down script executed upon connection and tear down of the link.
  • The three lines below will make your router disconnect from IPREDATOR after 1200 seconds (20m) and reconnect when needed (next time a connection is made).

They're 100% optional and it is up to you whether or not you want them. I do (because wasting bandwidth on my neighbor's wlan is really bad style) :-) 

echo persist      >>ipredator
echo demand       >>ipredator
echo idle 1200    >>ipredator

[edit] /etc/ppp/chap-secrets

The /etc/ppp/chap-secrets file contains a list of usernames and passwords for use by pppd. /!\ For the bin and pptp builds of OpenWrt, the file will start out being a symbolic link to a template in /rom, so remove the link, copy the template, and make sure it is chmod 600. Add the following to the /etc/ppp/chap-secrets file: 

echo "$ipreduser ipredator \"$ipredpassword\" *">>/etc/ppp/chap-secrets

This way it gets not route to the VPN server (loop) and breaks the connection in some minutes. To prevent this, you have to delete this route upon the connection (see ip-up). If your VPN-server lies behind your default gateway (not in your subnet), you also MUST add additional route to VPN-server. This case quite common and very few routers have an ability to define a route to VPN-server. So for this mentioned to work, you need to add following lines to your /etc/ppp/ip-up: 

DG=10.188.0.17 
#this is your default gateway 

/sbin/route del -host $5 dev ppp0 
#we delete "stupid" pppd route 

/sbin/route add -host $5 gw $DG dev vlan1 
#we add route to vpn-server in case you need it
[edit] Testing a Tunnel

The pppd command is used to start a tunnel. The syntax is pppd call peername, where peername is one of the peer files in /etc/ppp/peers: 

 
pppd call peername updetach
Retrieved from "https://cryptoanarchy.org/wiki/OpenWRT_as_a_PPTP-router"
Personal tools
0