Forwarding other protocols than TCP/UDP

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Post Reply
Waterspuwer
Posts: 36
Joined: Mon Nov 12, 2018 6:04 am

Forwarding other protocols than TCP/UDP

Post by Waterspuwer »

How can I get PPTP VPN connection working for computers connected to Gargoyle router? Unless I use DMZ to my IP (which I don't want as I don't want people to access all ports) it won't let me connect. I suspect this is because PPTP uses GRE instead of TCP/UDP, but I'm not sure how to forward that (preferably through interface).

pbix
Developer
Posts: 1366
Joined: Fri Aug 21, 2009 5:09 pm

Re: Forwarding other protocols than TCP/UDP

Post by pbix »

Gargoyle supports OpenVPN which I use pretty extensively. It uses UDP and works well. You can setup your router itself to be the VPN server and then connect to you LAN from anywhere in the world. I recommend this approach and it needs no port forwarding setup.

I Googled PPTP VPN and found this Wiki.
https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol
What is shown in this Wiki uses a TCP connection. It also seems obsolete with security holes. But you should be able to forward TCP port to your VPN Server without issue.

Can you explain a little more about your goal and what software product you are using? Also if you could post a link to a screen shot showing your forwarding setup it might help.
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM

Lantis
Moderator
Posts: 5382
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Forwarding other protocols than TCP/UDP

Post by Lantis »

I agree. GRE is an encapsulation, not a transport protocol. It is going to be either TCP or UDP at the transport layer
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Waterspuwer
Posts: 36
Joined: Mon Nov 12, 2018 6:04 am

Re: Forwarding other protocols than TCP/UDP

Post by Waterspuwer »

I'm trying to connect a machine to an external PPTP server. Just through Windows, you can add VPN with that and select PPTP protocol. I'm aware that it's not super secure anymore but that's what's given to me and as such out of my control. If I use DMZ to this machine then it's working, but without DMZ it's not working.

The TCP is used only for initial setup, all data is transfered through GRE. GRE is IP protocol 47 (https://www.wikiwand.com/en/List_of_IP_protocol_numbers) and while it can be encapsulated in UDP, for a PPTP VPN it isn't. So it's really sent as GRE on IP layer (I can check that in Wireshark, it's just IPv4 and then GRE). So I would need to be able to forward other protocols than UDP/TCP . In OpenWRT/LUCI you can specify other protocols than UDP/TCP but I can't find such an option in Gargoyle.

Lantis
Moderator
Posts: 5382
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Forwarding other protocols than TCP/UDP

Post by Lantis »

Then you will need a command line solution, which should be equally applicable to Openwrt and Gargoyle.

One way to cheat, would be to create the forwarding rule through the GUI as TCP or UDP, and then alter the /etc/config/firewall config to change the "proto" to "gre". You'll then need to restart the firewall (sh /usr/lib/gargoyle/restart_firewall.sh)
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Waterspuwer
Posts: 36
Joined: Mon Nov 12, 2018 6:04 am

Re: Forwarding other protocols than TCP/UDP

Post by Waterspuwer »

Lantis wrote:Then you will need a command line solution, which should be equally applicable to Openwrt and Gargoyle.

One way to cheat, would be to create the forwarding rule through the GUI as TCP or UDP, and then alter the /etc/config/firewall config to change the "proto" to "gre". You'll then need to restart the firewall (sh /usr/lib/gargoyle/restart_firewall.sh)

Thanks, I think I need config then as I'm not sure if GRE has port numbers. Will take a look at that this weekend.

Post Reply