PPTP VPN server on FreeBSD.

[icinemagr]

I have create a Pptp vpn server on my vps at hetzner. with mpd5

Android Phone is connecting with Mobile Data On
Android Phone thru my wifi at home Error 619
Laptop windows 7 from wifi Error 619
Laptop windows server 2008 r2 from wifi Error 619
Desktop pc ( behind freebsd gateway ) error 619

i try from a server in hetzner and i connected fine to my vpn server.


here is my /etc/ppp/mpd.conf

UPDATE: I change router and everything works so the proble is the asus vg router

PPTP_SERVER:

    set ippool add pool1 10.0.1.100 10.0.1.200
    create bundle template B
    set iface enable proxy-arp
    set iface route default
    set iface enable netflow-in
    set iface enable netflow-out
    set iface enable ipacct
    set ipcp nbns 10.0.1.20
    set iface idle 1800
    set iface enable tcpmssfix
    set ipcp yes vjcomp
    set ipcp ranges  10.0.1.1/32 ippool pool1
    set ipcp dns 8.8.8.8
    set ipcp dns 8.8.4.4
    set iface enable nat
  
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless

  
    create link template L pptp
    set link action bundle B
    set link enable multilink
    set link yes acfcomp protocomp
    set link enable multilink
  
    set link enable acfcomp protocomp
    set link accept acfcomp protocomp
    set link yes acfcomp protocomp

      set link no pap eap

    set link enable chap
    set link accept chap
    set link enable chap-msv2
    set link accept chap-msv2
    set auth authname mel
    set link enable no-orig-auth
  

    set pptp self 0.0.0.0
    set link type pptp
    set link keep-alive 0 0
    set pptp disable dataseq
    set link mtu 1460
    set link enable incoming

Any one to help me?

 

[VladiBG]

pptp requres your ISP to allow protocol 47 which is not always the case as most of the routers doesn't allow PPTP Passthrough by default. That's why when you connect from some public place you can't connect using pptp vpn. It's better to use OpenVPN or some other SSL based vpn.

 

[diizzy]

PPTP is considered insecure and you should really consider using something else

 

[icinemagr]

pptp requres your ISP to allow protocol 47 which is not always the case as most of the routers doesn't allow PPTP Passthrough by default. That's why when you connect from some public place you can't connect using pptp vpn. It's better to use OpenVPN or some other SSL based vpn.

No this is not the case because i have setup also 3 vpn servers with centos 7 and works fine.

 

[icinemagr]

PPTP is considered insecure and you should really consider using something else

Security is not my point i have set ip also L2tp on same box and works fine.
I want just to get the vps external ip with minimal speed lost. so Pptp is the faster way i think.

All i want is to keep connection with server and have internal ip for communications.

 

[diizzy]

Use anything SSL-based as VladiBG suggest, it'll save you a lot of trouble. WireGuard will most likely do line speed on your devices unless you have a very old and slow hardware. It's noticable faster than OpenVPN but you have DCO support in -CURRENT if you feel adventurous.

 

[icinemagr]

Use anything SSL-based as VladiBG suggest, it'll save you a lot of trouble. WireGuard will most likely do line speed on your devices unless you have a very old and slow hardware. It's noticable faster than OpenVPN but you have DCO support in -CURRENT if you feel adventurous.

as i said i only care for speed and as i update my question problem is with my router ASUS DSL-AC87VG

 

[VladiBG]

Page 70 in your router manual

https://dlcdnets.asus.com/pub/ASUS/wireless/DSL-AC87VG/E11833_DSL_AC87VG_Manual.pdf

 

[icinemagr]

Page 70 in your router manual

https://dlcdnets.asus.com/pub/ASUS/wireless/DSL-AC87VG/E11833_DSL_AC87VG_Manual.pdf

all my nat passthough are ON. before switch them on i could not even telnet port 1723.
I search all pages in my router console no luck Thanks.

 

[zirias@]

Security is not my point

Then just forget the VPN and directly expose the services you need from "the outside"?

Seriously, if security is not the point, a VPN is moot.

 

[icinemagr]

Then just forget the VPN and directly expose the services you need from "the outside"?

Seriously, if security is not the point, a VPN is moot.

well i need a conenction with Local Ip from server to My pc
Also i need the maximum speed i can have so encryption is not the point here.
so what are the options?

 

[zirias@]

well i need a conenction with Local Ip from server to My pc

So, you need to restrict this access to yourself? Then, security is an important point.

Otherwise, just publicly expose that host (probably using NAT if on IPv4).

Edit: As already mentioned, for best VPN speed while still offering decent security, wireguard is said to work fine. Can't add my own experience, I'm still fine with OpenVPN and won't change it unless there's a real need for me…

 

[icinemagr]

So, you need to restrict this access to yourself? Then, security is an important point.

Otherwise, just publicly expose that host (probably using NAT if on IPv4).

Edit: As already mentioned, for best VPN speed while still offering decent security, wireguard is said to work fine. Can't add my own experience, I'm still fine with OpenVPN and won't change it unless there's a real need for me…

and as i said i have already setup l2tp vpn on this box and workd fine from all devices.
Open vpn is not an option

 

[zirias@]

Starts to sound like an XY-problem to me. So you have another working VPN? I'd suggest you describe the problem in depth that you think you'd solve using another VPN.

 

[icinemagr]

Starts to sound like an XY-problem to me. So you have another working VPN? I'd suggest you describe the problem in depth that you think you'd solve using another VPN.

L2tp connection (adsl speed 15 mbbs
pptp Conenction adsl speed 33 mbbs

Finally the problem was the gateway Freebsd Box in my home Router is fine.
for Unknown reason i can connect thru l2tp to my server but no thru pptp

 

[zirias@]

So, you want to replace your existing VPN? Then, again, either security is a concern (then try wireguard), or it isn't (then expose whatever services you need directly, without a VPN). PPTP is more or less useless.

 

[icinemagr]

So, you want to replace your existing VPN? Then, again, either security is a concern (then try wireguard), or it isn't (then expose whatever services you need directly, without a VPN). PPTP is more or less useless.

as you can see i have 3 options

1st Option is to Use Pptp With my router ( so all my house will be under vpn ) (works fine)
2nd is to use L2tp but asus forget to add an option for preshare key so no way to connect
3rd option is to use OpenVPN buu history has teach me to never use 3rd party apps look viber and supposed cryptography
so the only real option i have to connect is pptp and i hope this answer to all your questions about the reason i use pptp.

 

[zirias@]

3rd option is to use OpenVPN buu history has teach me to never use 3rd party apps look viber and supposed cryptography

OpenVPN is proven and secure. It just isn't as fast as it could be.

the only real option i have to connect is pptp and i hope this answer to all your questions about the reason i use pptp.

PPTP is proven to be insecure. If it's insecure, you could just as well use no VPN at all. Not really a question, it just doesn't make sense to use PPTP nowadays.

But there would be a question indeed: Why do you have to implement the VPN on your router? Can't you just either leave it out or configure it to forward packages as needed to your FreeBSD host?

 

[icinemagr]

PPTP is proven to be insecure. If it's insecure, you could just as well use no VPN at all. Not really a question, it just doesn't make sense to use PPTP nowadays.

It is not the same.

i have static IP all the time in my house without to pay the ISP 50 euros per month which is asking me

 

[zirias@]

Not sure I understand this correctly: So your usecase for a VPN is to have a static IPv4 address?

If so, you can just leverage dynamically updated DNS to have a static name instead. VPN really seems overkill if that's the only reason.

 

[icinemagr]

Not sure I understand this correctly: So your usecase for a VPN is to have a static IPv4 address?

If so, you can just leverage dynamically updated DNS to have a static name instead. VPN really seems overkill if that's the only reason.

Is not the reason is one of the reasons.

 

[zirias@]

Ok just to get it straight one time...

The raison d'être of a VPN is that it offers a private network in a virtual (on top of public network infrastructure) way. This can only be achieved if it is secure (offering confidential communication and reliable authentication). One key component for that is strong encryption.

So, if you don't need that ... and the need for a known address can be achieved by a dynamically updated DNS name ... why would you want a VPN?

Do whatever you like, I won't ask more questions – just want to make sure you really think about requirements and how they make sense...

 

[icinemagr]

Ok just to get it straight one time...

The raison d'être of a VPN is that it offers a private network in a virtual (on top of public network infrastructure) way. This can only be achieved if it is secure (offering confidential communication and reliable authentication). One key component for that is strong encryption.

So, if you don't need that ... and the need for a known address can be achieved by a dynamically updated DNS name ... why would you want a VPN?

Do whatever you like, I won't ask more questions – just want to make sure you really think about requirements and how they make sense...

So i have to rely my services on DDNS? and pray to be up all time .And what happen on the middle time before dynamic dns refresh this 1-10 seconds?
Some visitors will not be able to Place an order or what ever.
So i am fine with the vpn as for security its much much better than plain connection.

 

[zirias@]

So i have to rely my services on DDNS? and pray to be up all time .And what happen on the middle time before dynamic dns refresh this 1-10 seconds?
Some visitors will not be able to Place an order or what ever.

1. VPNs need time to reconnect as well, although (just like DNS updates) most likely never 10 seconds.
2. Basing a business on a dial-up connection. Seriously? ?

So i am fine with the vpn as for security its much much better than plain connection.

Sure, for a VPN that works (aka is secure). Not for PPTP.

 

[icinemagr]

1. VPNs need time to reconnect as well, although (just like DNS updates) most likely never 10 seconds.
2. Basing a business on a dial-up connection. Seriously? ?

Sure, for a VPN that works (aka is secure). Not for PPTP.

Well as i can see pptp still exists on freebsd and many other os so sould be a reason for that eh?