Menu
What's new
By:
Filters Better Search

PPTP policy routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

resetter

Occasional Visitor
Hi,
Just want to know if its possible to apply policy based routing on a PPTP VPN connection within ASUSWRT-Merlin?
If not, maybe it should be implemented.
Thanks!
 
No, and there are no plan to implement it either. I consider PPTP to be legacy technology that people should avoid using if possible.
 
RMerlin said:
No, and there are no plan to implement it either. I consider PPTP to be legacy technology that people should avoid using if possible.
Click to expand...
Hi Merlin, sorry to hear that, because the challenge here in New Zealand is that PPTP is 10 times faster than OpenVPN on all the VPN providers I have tested (I tested about 10). Is there no way we can run a script or so to apply policy based routing to L2TP (even faster) please?
 
Bart Bichau said:
Hi Merlin, sorry to hear that, because the challenge here in New Zealand is that PPTP is 10 times faster than OpenVPN on all the VPN providers I have tested (I tested about 10). Is there no way we can run a script or so to apply policy based routing to L2TP (even faster) please?
Click to expand...

You could do it by manually configuring the kernel's RPDB, but it's not something simple to do.
 
i am way too much of a noob to even consider that. But why is it that L2TP is so much faster than OpenVPN when OpenVPN is supposed to be the future?
 
Bart Bichau said:
i am way too much of a noob to even consider that. But why is it that L2TP is so much faster than OpenVPN when OpenVPN is supposed to be the future?
Click to expand...

L2TP is just a tunnel, it doesn't provide any encryption on its own.
 
Hi guys,
still interested in getting a faster VPN connection on my router, I have an ASUS RT-N66U and I have done a bit of reading.
The following guide discusses adding rules within the router software to enable split tunnelling on DD-WRT, but I figure it
should be much the same on stock/merlin firmwares. Might give it a go and see how it runs.
http://blog.adeel.io/2016/02/07/policy-based-routing-for-pptp-vpn-client-on-dd-wrt-router/
Let me know what you think.
 
resetter said:
Hi,
Just want to know if its possible to apply policy based routing on a PPTP VPN connection within ASUSWRT-Merlin?
If not, maybe it should be implemented.
Thanks!
Click to expand...
similar issue: My VPN provider openvpn config file is using UDP. Unfortunately, my Middle Eastern ISP is blocking UDP ports.
No openvpn config files with use of TCP are available, which is forcing me to go to PPTP, which has the limitation of no policy rule implementation in the Merlin firmware. Can anyone help and highlight why Merlin is not actively working this issue: making policy rules also available for PPTP
 
usasf999 said:
Can anyone help and highlight why Merlin is not actively working this issue: making policy rules also available for PPTP
Click to expand...
He's already answered that question in posts #2 and #4. Also here. It's a legacy feature that isn't worth dedicating the development time to.
 
Bart Bichau said:
Hi Merlin, sorry to hear that, because the challenge here in New Zealand is that PPTP is 10 times faster than OpenVPN on all the VPN providers I have tested (I tested about 10). Is there no way we can run a script or so to apply policy based routing to L2TP (even faster) please?
Click to expand...

PPTP is fast, but it's very insecure on all aspects - from ciphering on content to authentication...

L2TP can be fast and secure, but L2TP by itself is just a Layer 2 Tunnel - what makes it secure is IPSec, which many implementations actually use...

L2TP is faster because it runs in kernel space as a driver/interface vs. OpenVPN which needs to make jumps between kernel space (the interface driver) and userland (the ovpn and opensssl tasks) and back to kernel. It's not elegant or fast, but it is portable, and that's the goal of the OpenVPN team.

There are other options - Wireguard and ZeroTier come to mind, but that's outside of the scope of AsusWRT and the variants...
 
usasf999 said:
similar issue: My VPN provider openvpn config file is using UDP. Unfortunately, my Middle Eastern ISP is blocking UDP ports.
No openvpn config files with use of TCP are available, which is forcing me to go to PPTP, which has the limitation of no policy rule implementation in the Merlin firmware. Can anyone help and highlight why Merlin is not actively working this issue: making policy rules also available for PPTP
Click to expand...
Openvpn config files are TXT files called <something>.opvn , you should be able to edit the file and change the UDP to TCP.
The file will contain a line 'proto udp' change it to 'proto tcp' ...... (Please ignore/do not type the quotes.)
Ensure the file is edited without changing the line endings or run 'dos2unix -u <name of the .opvn file>' to ensure the file is the correct format.

Note 1:
*** Be aware it may not work IF the VPN Provider does not support TCP connections ***
*** If you still have problems you may need to change your VPN Provider :) ***

Note 2:
On the basis of your Username & location I am guessing your problem.
As an example Windscribe (VPN Vendor) will generate a OpenVPN config with the protocol and port number configurable from a list.
i.e. Protocol can be UDP or TCP and you can use Port 443 so it looks like all the other Port 443 traffic unless packet sniffed (DPI). There are options available that avoid DPI as well.
 
Last edited:
sfx2000 said:
PPTP is fast, but it's very insecure on all aspects - from ciphering on content to authentication...

L2TP can be fast and secure, but L2TP by itself is just a Layer 2 Tunnel - what makes it secure is IPSec, which many implementations actually use...

L2TP is faster because it runs in kernel space as a driver/interface vs. OpenVPN which needs to make jumps between kernel space (the interface driver) and userland (the ovpn and opensssl tasks) and back to kernel. It's not elegant or fast, but it is portable, and that's the goal of the OpenVPN team.

There are other options - Wireguard and ZeroTier come to mind, but that's outside of the scope of AsusWRT and the variants...
Click to expand...

The choice to use TCP/UDP is probably limited or decided by your VPN provider. In the case of PIA they have eleven ports available to use for OpenVPN connections but each port besides being designated TCP or UDP uses different levels of security encryption.
 
You must log in or register to reply here.

Similar threads

CntrlAltDel
PBR for PPTP
Replies
2
Views
286
Martineau
Martineau
D
Solved Samba, LACP & WireGuard. Question.
Replies
5
Views
292
DJones
D
H
Issue with Setting up Policy Routing with VPN Client
Replies
4
Views
916
hydraulics
H
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
R
Domain VPN Routing
2
Replies
24
Views
2K
Ranger802004
R
Similar threads
Thread starter Title Forum Replies Date
CntrlAltDel PBR for PPTP Asuswrt-Merlin 2
C VPN Policy rules director Asuswrt-Merlin 1
A Policy-based port routing to bypass NordVPN client Asuswrt-Merlin 10
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
P IPv6 routing table flags Asuswrt-Merlin 2
F Help with routing 2 VLAN's to the same Ethernet Port Asuswrt-Merlin 36
nothingness RT-AC86U VPN Director Not Routing Through WAN Asuswrt-Merlin 1
JCompagner Offloading ssl/tls for https (the router handling the https, routing http through) Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 956 (members: 25, guests: 931)
Top