Gargoyle Forum

How can I get PPTP VPN connection working for computers connected to Gargoyle router? Unless I use DMZ to my IP (which I don't want as I don't want people to access all ports) it won't let me connect. I suspect this is because PPTP uses GRE instead of TCP/UDP, but I'm not sure how to forward that (preferably through interface).

Gargoyle supports OpenVPN which I use pretty extensively. It uses UDP and works well. You can setup your router itself to be the VPN server and then connect to you LAN from anywhere in the world. I recommend this approach and it needs no port forwarding setup.

I Googled PPTP VPN and found this Wiki.
https://en.wikipedia.org/wiki/Point-to- ... g_Protocol
What is shown in this Wiki uses a TCP connection. It also seems obsolete with security holes. But you should be able to forward TCP port to your VPN Server without issue.

Can you explain a little more about your goal and what software product you are using? Also if you could post a link to a screen shot showing your forwarding setup it might help.

I agree. GRE is an encapsulation, not a transport protocol. It is going to be either TCP or UDP at the transport layer

I'm trying to connect a machine to an external PPTP server. Just through Windows, you can add VPN with that and select PPTP protocol. I'm aware that it's not super secure anymore but that's what's given to me and as such out of my control. If I use DMZ to this machine then it's working, but without DMZ it's not working.

The TCP is used only for initial setup, all data is transfered through GRE. GRE is IP protocol 47 (https://www.wikiwand.com/en/List_of_IP_protocol_numbers) and while it can be encapsulated in UDP, for a PPTP VPN it isn't. So it's really sent as GRE on IP layer (I can check that in Wireshark, it's just IPv4 and then GRE). So I would need to be able to forward other protocols than UDP/TCP . In OpenWRT/LUCI you can specify other protocols than UDP/TCP but I can't find such an option in Gargoyle.

Then you will need a command line solution, which should be equally applicable to Openwrt and Gargoyle.

One way to cheat, would be to create the forwarding rule through the GUI as TCP or UDP, and then alter the /etc/config/firewall config to change the "proto" to "gre". You'll then need to restart the firewall (sh /usr/lib/gargoyle/restart_firewall.sh)

Lantis wrote:Then you will need a command line solution, which should be equally applicable to Openwrt and Gargoyle.

One way to cheat, would be to create the forwarding rule through the GUI as TCP or UDP, and then alter the /etc/config/firewall config to change the "proto" to "gre". You'll then need to restart the firewall (sh /usr/lib/gargoyle/restart_firewall.sh)

Thanks, I think I need config then as I'm not sure if GRE has port numbers. Will take a look at that this weekend.