StrongVPN PPTP on DD-WRT – Source based routing (improved)

Hi there -

Myself and others have had a problem using the solution that I posted here. It works for a couple of hours, but then stops and requires a reboot to get it running again. I finally took some time to try and figure it out, and found that I needed to modify the IP-UP script to reestablish a couple of things. Here is an update to the original post:

I’m a StrongVPN customer and just today I had a use case that required that I was able to setup the VPN tunnel from my router and only route a specific host down the VPN.

Here is how I did it using these:

• Router running DD-WRT v24-sp2 (08/07/10) std
• StrongVPN account (PPTP)

Do the following on your router:

Services->VPN

• PPTP Client Options: Enable
• Server IP or DNS name: <this is the IP of the VPN server, hostnames DON’T work>
• Remote Subnet: <This is the IP that the YOU receive from the VPN server, to get this first connect on Mac/Win and check what IP you get)
• Remote Subnet Mask: 255.255.255.0
• MPPE Encryption: mppe required,stateless
• MTU: 1450
• MRU: 1450
• NAT: Enable
• Username: <This is your StrongVPN user ID>
• Password: <This is your StrongVPN password>

Setup -> Basic Setup

Under: Network Address Server Settings (DHCP)

• Static DNS 1: 216.131.94.5
• Static DNS 2: 216.131.95.20

Administration -> Commands

• EDIT the INT and SOURCETOROUTE and interface (e.g ppp0) to suit and paste the following to the end of the STARTUP script, then click ‘save startup’. The IP specified in SOURCETOROUTE is the source IP that will be routed via the VPN.

  # Customize PPTPD client
sleep 50
mkdir /tmp/etc/config
echo "#!/bin/sh" > /tmp/pptpd_client/ip-up;
echo "SOURCETOROUTE=192.168.1.119" >> /tmp/pptpd_client/ip-up;
echo "REMOTEIP=\$(ifconfig ppp0 | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')" >> /tmp/pptpd_client/ip-up;
#echo "ip rule add from \$SOURCETOROUTE table 200" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/ip route add default via \$REMOTEIP dev ppp0 table 200" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/ip route flush cache" >> /tmp/pptpd_client/ip-up;
echo "touch /tmp/execute-debug" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 --jump MASQUERADE" >> /tmp/pptpd_client/ip-up;
echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" >> /tmp/pptpd_client/ip-up;
#echo "echo "/tmp/pptpd_client/ip-up - $(date)" >> /tmp/dbvpndebug" >> /tmp/pptpd_client/ip-up;
chmod 777 /tmp/pptpd_client/ip-up;

  Then in the same area, add the following to the FIREWALL script, and once again modify the SOURCETOROUTE and interface as necessary:

  INT=ppp0
  SOURCETOROUTE=192.168.1.119
  echo "sleep 40" > /tmp/firewall_script.sh
  echo "/usr/sbin/iptables --table nat --append POSTROUTING --out-interface $INT --jump MASQUERADE" >> /tmp/firewall_script.sh ;
  echo "/usr/sbin/iptables --insert FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu" >> /tmp/firewall_script.sh ;
  echo "ip rule add from $SOURCETOROUTE table 200" >> /tmp/firewall_script.sh ;
  echo "REMOTEIP=\$(ifconfig ppp0 | sed -n 's/.*inet *addr:\([0-9\.]*\).*/\1/p')" >> /tmp/firewall_script.sh ;
  echo "/usr/sbin/ip route add default via \$REMOTEIP dev ppp0 table 200" >> /tmp/firewall_script.sh ;
  #echo "echo "/tmp/firewall_script.sh - $(date)" >> /tmp/dbvpndebug" >> /tmp/firewall_script.sh ;
  sh /tmp/firewall_script.sh &
  

  Enjoy.

  Advertisement