Setting up a PPTP tunnel to a VPN provider.
My goal in this blogentry is to set up a permanent open PPTP tunnel to a VPN provider. I am going to set up a couple of internal clients in my network to always be tunneled through this provider.
The first step set up a basic tunnel to the PPTP tunnel provider
set interfaces pptp-client pptpc0 default-route none set interfaces pptp-client pptpc0 description 'VPN to privateinternetaccess.com' set interfaces pptp-client pptpc0 mtu 1500 set interfaces pptp-client pptpc0 name-server auto set interfaces pptp-client pptpc0 require-mppe set interfaces pptp-client pptpc0 server-ip country.privateinternetaccess.com set interfaces pptp-client pptpc0 user-id someusername set interfaces pptp-client pptpc0 password superlongpassword
Now we make a source-routing entry (number 1) to default route traffic through the tunnel interface
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface pptpc0
Then we set up a firewall group called PPTP_CLIENTS which contains all the clients we want to route through the VPN tunnel. In my case here I have one client in my VLAN 30 (Wifi trusted) and one client in VLAN 40 (Wifi guest).
set firewall ip-src-route enable set firewall group address-group PPTP_CLIENTS address 192.168.30.15 set firewall group address-group PPTP_CLIENTS address 192.168.40.10 set firewall modify SOURCE_ROUTE rule 10 description 'traffic via VPN' set firewall modify SOURCE_ROUTE rule 10 source group address-group PPTP_CLIENTS set firewall modify SOURCE_ROUTE rule 10 modify table 1 set interfaces ethernet eth3 vif 30 firewall in modify SOURCE_ROUTE set interfaces ethernet eth3 vif 40 firewall in modify SOURCE_ROUTE
It’s important to bind this source routing rule to each interface where you might have clients that you want to tunnel. This is done in the last two lines.
Finally we set up all VPN traffic to be natted through the tunnel.
set service nat rule 5010 outbound-interface pptpc0 set service nat rule 5010 type masquerade set service nat rule 5010 description "Outbound NAT on PPTP tunnel interface"
Last step is to traceroute or use whatismyip.com from the clients to confirm that the traffic is actually tunneled 🙂
Hi.
I stubled over your setup the other day, I have been trying to setup my edgerouter with vpn the last week, and managed to set it up with openvpn. When using no vpn i get a speed of 24mbs, when using openvpn it drops to 7mbs. I am using pptp today with my asus router, and would like to try the same with the edgerouter. I have tried your settings but get a little confused since i dont have any of the vlans you have setup. The setup i am hoping to achieve is as follows; i set the dhcp range of router to 192.168.1.128/25, so that all clients connecting with dhcp gets a ip address in the range 192.168.1.128-254. These clients should connect directly to my isp, also without going throug vpn. The devices that i want to go through the vpn i will assign ip adressses manually in the range 192.168.1.2-127. My vpn is expressvpn, and i am using it to connect to a danish server to watch danish tv.
Could you help me with this pls? Thank you in advance, and best regards Lars
I followed the stepsabove and it works. I am not using a VLan, just routing Ip’s on Eth0(LAN), Now all other IP’s will not go to the internet on Eth1.
What Step did I miss?
Looking to do something like this on an Edgerouter 4, i haven’t found documentation to help create something like this, any help would be appreciated.