About VPN-server and VPN-client configuration in openwrt.

About VPN configuration in openwrt.

To configure the VPN server based on ppdpd daemon in openwrt you need to install the packages pptpd, kmod-mppe, ppp.

The configuration of the VPN-server in openwrt is the proper preparation of the configuration file /etc/config/pptpd.

As an example the configuration file for VPN-server in openwrt looks like this:

# cat /etc/config/pptpd
config service 'pptpd'
	option 'enabled' '1'
	option 'localip' '10.10.0.100'

config 'login'
	option 'username' 'srv'
	option 'password' '1'
	option 'remoteip' '10.10.0.10'	
	
config 'login'
	option 'username' 'box01'
	option 'password' '1'
	option 'remoteip' '10.10.0.101'	
	
config 'login'
	option 'username' 'box06'
	option 'password' '1'
	option 'remoteip' '10.10.0.106'

Besides you should create additional rules for iptables of openwrt. They can be set either via the web interface or copied to the file /etc/firewall.user

iptables -A input_rule -i ppp+ -j ACCEPT 
iptables -A output_rule -o ppp+ -j ACCEPT 
# This rule will allow traffic towards internet 
iptables -A forwarding_rule -i ppp+ -j ACCEPT 
iptables -A forwarding_rule -o ppp+ -j ACCEPT

After running pptpd daemon the output of the ps command is as follows:

14206 root       740 S    {pptpctrl} pptpd [192.168.1.99:0000 - 2400]
14207 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.4 ipparam 192.168.
21383 root       728 S    {pptpctrl} pptpd [192.168.1.106:0001 - F300]
21388 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.6 ipparam 192.168.
24253 root       988 S    /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300
24284 root      1232 S    -ash
27133 root       728 S    {pptpctrl} pptpd [192.168.1.103:0079 - FA00]
27134 root       728 S    {pptpctrl} pptpd [192.168.1.102:0083 - FA80]
27135 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.3 ipparam 192.168.
27144 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.5 ipparam 192.168.
27926 root       728 S    {pptpctrl} pptpd [192.168.1.104:0001 - F380]
27927 root       728 S    {pptpctrl} pptpd [192.168.1.108:0001 - F400]
27935 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.1 ipparam 192.168.
27944 root      1340 S    /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.10.0.100:192.168.1.2 ipparam 192.168.
27959 root       728 S    {pptpctrl} pptpd [192.168.1.101:0001 - F500]
27969 root       728 S    {pptpctrl} pptpd [192.168.1.111:0001 - F600]
27972 root       728 S    {pptpctrl} pptpd [192.168.1.105:0001 - F680]
27973 root       728 S    {pptpctrl} pptpd [192.168.1.112:0001 - F700]

The pppX interface will appear after the client connecting to the server:

# ifconfig
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.10.0.100  P-t-P:10.10.0.104  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1482  Metric:1
          RX packets:8149 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8148 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:694188 (677.9 KiB)  TX bytes:693141 (676.8 KiB)

ppp1      Link encap:Point-to-Point Protocol  
          inet addr:10.10.0.100  P-t-P:10.10.0.108  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1482  Metric:1
          RX packets:8150 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8149 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:694272 (678.0 KiB)  TX bytes:693225 (676.9 KiB)

ppp10     Link encap:Point-to-Point Protocol  
          inet addr:10.10.0.100  P-t-P:10.10.0.107  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1482  Metric:1
          RX packets:8151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8150 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:694559 (678.2 KiB)  TX bytes:693435 (677.1 KiB)

Configuration of vpn-client in openwrt based on pptp-protokol is to change the file /etc/config/network. In this file we need to write a section describing the vpn connection. For example, it can be done as follows:

# cat /etc/config/network
config interface 'transport'
	option ifname 'pptp-vpn'
	option proto 'pptp'
	option username 'box06'
	option server '192.168.1.100'
	option buffering '1'
	option defaultroute '0'
	option password '1'

Aftre client connected to the vpn-server the output of the command ifconfig will show the interface:

pptp-transport Link encap:Point-to-Point Protocol  
          inet addr:10.10.0.106  P-t-P:10.10.0.100  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1482  Metric:1
          RX packets:11116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11073 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:953856 (931.5 KiB)  TX bytes:949394 (927.1 KiB)
          RX bytes:951924 (929.6 KiB)  TX bytes:947462 (925.2 KiB)

The authorization log on the client looks like this:

Fri Jan 15 12:56:55 2016 daemon.info pppd[10900]: Using interface pptp-service
Fri Jan 15 12:56:55 2016 daemon.notice pppd[10900]: Connect: pptp-service <--> pptp (195.19.218.44)
Fri Jan 15 12:56:55 2016 daemon.notice netifd: service (10900): Using interface pptp-service
Fri Jan 15 12:56:55 2016 daemon.notice netifd: service (10900): Connect: pptp-service <--> pptp (195.19.218.44)
Fri Jan 15 12:56:56 2016 daemon.notice pppd[10900]: CHAP authentication succeeded
Fri Jan 15 12:56:56 2016 daemon.notice netifd: service (10900): CHAP authentication succeeded
Fri Jan 15 12:56:56 2016 daemon.notice pppd[10900]: MPPE 128-bit stateless compression enabled
Fri Jan 15 12:56:56 2016 daemon.notice netifd: service (10900): MPPE 128-bit stateless compression enabled
Fri Jan 15 12:56:57 2016 daemon.notice pppd[10900]: local  IP address 10.0.0.112
Fri Jan 15 12:56:57 2016 daemon.notice netifd: service (10900): local  IP address 10.0.0.112
Fri Jan 15 12:56:57 2016 daemon.notice pppd[10900]: remote IP address 10.0.0.1
Fri Jan 15 12:56:57 2016 daemon.notice netifd: service (10900): remote IP address 10.0.0.1
Fri Jan 15 12:56:57 2016 daemon.notice pppd[10900]: primary   DNS address 10.0.0.1
Fri Jan 15 12:56:57 2016 daemon.notice netifd: service (10900): primary   DNS address 10.0.0.1
Fri Jan 15 12:56:57 2016 daemon.notice pppd[10900]: secondary DNS address 77.88.8.8
Fri Jan 15 12:56:57 2016 daemon.notice netifd: service (10900): secondary DNS address 77.88.8.8
Fri Jan 15 12:56:57 2016 daemon.notice netifd: Network device 'pptp-service' link is up
Fri Jan 15 12:56:57 2016 daemon.notice netifd: Interface 'service' is now up
Fri Jan 15 12:56:57 2016 user.notice firewall: Reloading firewall due to ifup of service (pptp-service)

The authorization log on the server looks like this:

Tue Apr 18 13:20:18 2000 daemon.info pppd[28028]: Using interface ppp9
Tue Apr 18 13:20:18 2000 daemon.notice pppd[28028]: Connect: ppp9 <--> /dev/pts/9
Tue Apr 18 13:20:18 2000 daemon.warn pppd[28028]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access
Tue Apr 18 13:20:18 2000 daemon.notice pppd[28028]: peer from calling number 192.168.1.112 authorized
Tue Apr 18 13:20:18 2000 daemon.notice pppd[28028]: MPPE 128-bit stateless compression enabled
Tue Apr 18 13:20:18 2000 daemon.info pptpd[28037]: CTRL: Client 192.168.1.109 control connection started
Tue Apr 18 13:20:18 2000 daemon.notice pppd[28028]: local  IP address 10.10.0.100
Tue Apr 18 13:20:18 2000 daemon.notice pppd[28028]: remote IP address 10.10.0.112
Tue Apr 18 13:20:19 2000 daemon.info pptpd[27997]: CTRL: Starting call (launching pppd, opening GRE)
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: pppd 2.4.7 started by root, uid 0
Tue Apr 18 13:20:19 2000 daemon.info pppd[28038]: Using interface ppp10
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: Connect: ppp10 <--> /dev/pts/10
Tue Apr 18 13:20:19 2000 daemon.warn pppd[28038]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: peer from calling number 192.168.1.107 authorized
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: MPPE 128-bit stateless compression enabled
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: local  IP address 10.10.0.100
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28038]: remote IP address 10.10.0.107
Tue Apr 18 13:20:19 2000 daemon.info pptpd[28027]: CTRL: Starting call (launching pppd, opening GRE)
Tue Apr 18 13:20:19 2000 daemon.notice pppd[28047]: pppd 2.4.7 started by root, uid 0