PPTP VPN client problems with GL-MIFI 3.022


#1

I’m having trouble accessing a Windows PPTP VPN server through the GL-MINI router running version 3.022 of the firmware.

At first, I could not connect any passthrough PPTP clients through the GL-MIFI.

Then, I tried adding the missing kmod-ipt-raw package, as suggested by
https://openwrt.org/docs/guide-user/services/vpn/pptp/client

Now PPTP clients (pppd) are connecting successfully to the RRAS Windows server beyond the cellular network.

But there is still a major problem - it’s unreliable.

Each session made back through the PPTP tunnel “locks up” soon after it starts.

For example, ssh sessions to the client from the PPTP server will establish themselves just fine.

But, if I do anything that outputs more than a few lines to the console, the ssh session will “lock up”, for example freezing in the middle of displaying a directory listing with ‘ls’ or in the output of ‘ifconfig’.

This behavior is not unique to ssh. Trying to access a web page on the PPTP client machine will also only begin to load, then never finish.

I only have these symptoms when using the GL-MIFI. If I use the same client connected through my normal Internet provider on another branded router, these lockups do not occur.

Something is causing a problem on the GL-MIFI v3.022 with these PPTP VPN packets (GRE involved, too?).

What log files on the GL-MIFI should I look at to see what might be causing this?

Is there anything else I need to do to help PPTP traffic pass through the GL-MINI reliably?

Thanks


#2

Did you also add the iptables rule to /etc/firewall.user?

iptables -t raw -A OUTPUT -p tcp -m tcp --dport 1723 -j CT --helper pptp

#3

Thanks for your reply

Yes, this iptables command was already present in the firewall.user file.

Again, I can connect to the PPTP VPN with kmod_ipt_raw.
But the connection is unreliable and locks up - a timeout somewhere in the stack?


#4

Maybe you try to tweak the MTU value?


#5

Thanks for the idea.

I tweaked the MTU setting for ppp0 on my VPN client from 1396 to 1300.
The tunnel is now reliable through the GL-MIFI.

Thank you again for this suggestion!

(The kmod_ipt_raw package was still necessary for PPTP VPN passthrough through the GL-MIFI.)