PPTP VPN with DD-WRT and TP-Link TL-ER6120

This article describe, how to setup a VPN connection between a DD-WRT router and a TP-Link TL-ER6120 acting as the PPTP server.

  • TP-Link router
  • PPTP server
  • WAN IP : pptp.server.com
  • Local subnet: 192.168.14.0/24
  • DD-WRT router
  • PPTP client
  • Local subnet: 192.168.0.0/24

Configure PPTP Server

Configuration of TL-ER6120 is very trivial, their is so little options it's hard to do a mistake. First, go to VPN > L2TP/PPTP > IP Adresse Pool. Create a new address pool range. Notice, this address pool must not conflict with local subnet nor the remote subnet. i.e.: 192.168.15.100-192.168.15.110

Go to VPN > L2TP/PPTP > L2TP/PPTP Tunel and create a new tunnel as follow:

  • Protocol: PPTP
  • Mode: Server
  • Account Name: enter a username
  • Password: enter a password, make sure to use only alphanumeric character
  • Tunnel: LAN-to-LAN
  • Encryption: Enabled
  • IP Address pool: select the previously create address pool
  • Remote Subnet: enter the remote subnet information, this will be used to create the route
  • Status: Activate

Configure PPTP Client

Go to Services > VPN, change the PPTP client settings as follow:

  • PPTP Client Options: Enable
  • Server IP or DNS name: pptp.server.com
  • Remote Subnet: 192.168.14.0
  • Remote Subnet Mask: 255.255.255.0
  • MPPE Encryption: noipdefault mppe required,stateless
  • MTU: 1450 (as default)
  • MRU: 1450 (as default)
  • NAT: Disable
  • User Name: enter the the same username
  • Password: enter the same password

The magic setting is the MPPE encryption. noipdefault let the pptp server provide an IP to the client. I figure out the mppe required,stateless by trial and error. Don't try with stateful option. The PPTP client doesn't support it.

If you try with this settings, the PPTP client will establish a connection, but will disconnect within the next minute. After investigation, I notice the PPTP client is creating a bad route to the remote IP forwarding all the trafic to the ppp0 interface. Removing this route fix it all. To automate this process, go to Administration > Commands. Enter the following text and save it as startup script.

(while [ ! -f /tmp/pptpd_client/ip-up ]; do sleep 10; done
cp /tmp/pptpd_client/ip-up /tmp/ipup.tmp
sed '/^ kelokepptpd)/a\ /sbin/route del -host $5 dev $1' < /tmp/ipup.tmp > /tmp/pptpd_client/ip-up ) &

Using Discrete Card on ThinkPad T430 With Optimus Disabled