Automatically add routes when PPTP client connects

Average: 3.3 (917 votes)
  • Share
  • Add new comment

Recently i faced the problem of connecting two LANs using PPTP and an intermediate PPTP server. I had to use this approach  because the network setup was such that none of the LAN routers (DD-WRT) could contact the other but both could contact an intermediate server.

In order to achieve this PPTP clients must be always assigned the same IP and when connected, routes to each LAN must be added to the routing table of the intermediate server.

Network setup

Network name IP range
LAN 1 172.16.3.64/26
LAN 2 172.16.3.128/26
PPTP Server network 172.16.4.0/24

 

PPTP Clients and server

I installed a PPTP server on a CentOS server using this HOWTO and i assigned static IPs for the two routers. To assign static IPs on PPTP clients you must enter the desired IP in the chap-secrets file.

chap-secrets file on the intermediate server:

# Secrets for authentication using CHAP
# client server secret IP addresses

LAN1 *   LAN1pass 172.16.4.200
LAN2 *   LAN2pass 172.16.4.201

This way each client (router) gets always the same IP. Make sure that these static IPs are not in the PPTP client IP range.

Then setup DD-WRT PPTP clients to connect to the intermediate server:

Server IP or DNS Name

intermediate.example.com

Remote Subnet

172.16.4.0

Remote Subnet Mask

255.255.255.0

MPPE Encryption

mppe required,no40,no56,stateless

 

The final step is to add a route to each router's LAN when it connects.
There is a file for running commands when PPP goes up or down. On CentOS it is located at /etc/ppp/ip-up.local or /etc/ppp/ip-up

Adding the following lines does the trick:

#!/bin/bash

case "$5" in
        172.16.4.200)
                /sbin/route add -net 172.16.3.64/26 gw 172.16.4.200
                ;;
        172.16.4.201)
                /sbin/route add -net 172.16.3.128/26 gw 172.16.4.201
                ;;
        *)
esac

Make the script executable: chmod 755 ip-up.local

Arguments available in ip-up and ip-up.local scripts

Argument Description
$1 the interface name used by pppd (e.g. ppp3)
$2 the tty device name
$3 the tty device speed
$4 the local IP address for the interface
$5 the remote IP address
$6 the current IP address before connecting to the VPN

 

Submitted 11 years 11 months ago by drid.
Category: 
Tags: 

Comments

Submitted by StarrateIT on Wed, 05/06/2013 - 15:58

Hi There,
We have done this and it works but if the VPN drops and then comes back up the old route stays inplace on the interface that was first assigned eg : ppp0 and the route no longer works unless I run /etc/init.d/pptpd restart-kill and then run /etc/init.d/pptpd start.
Which then kills all the users VPN's.
I can look for the processes and kill the ones from the Source public IP manually. (ps ax |grep ppp) There will be two showing in the processes, the one that dropped and the one that now reconnected.

Submitted by drid on Wed, 19/06/2013 - 00:53

Try copying ip-up.local to ip-down.local and then replace route add with route del in ip-down.local.

I will test it when i have the time.

Add new comment

More information about text formats

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Donate CPU

Loading...

Search form

glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587stf04