User Tools

Site Tools


PPTP NAT Traversal

For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit vpn.overview

By default, OpenWrt is not configured to allow through PPTP connections from LAN clients (local private network) to WAN (on the Internet) servers. This page explains how to establish PPTP tunnels passing through OpenWrt's network address translation (NAT). Thus this is often referred to as "PPTP pass through".


PPTP utilizes the GRE (Generic Routing Encapsulation) protocol for its point-to-point tunnel. As a pure IP protocol GRE uses only IP addresses but no port numbers giving the router's NAT a tough time to track such a connection. In its base configuration OpenWrt Backfire is able to NAT a single PPTP connections but not multiple such connections concurrently. It is also unreliable when trying to establish consecutive single PPTP connections from different LAN clients in rapid succession. This limitation can be lifted (as far as I could make out so far) by installing the following package.

Required Packages

Packages Name Size in Bytes Description
kmod-ipt-nathelper-extra 55770 Extra Netfilter (IPv4) Conntrack and NAT helpers


See opkg for details on how to use this tool.

For the current versions of OpenWRT (since Chaos Calmer 15.05), you should install:

opkg install kmod-nf-nathelper-extra
You should now be able to use multiple PPTP connections from LAN to WAN at the same time.

Old versions until Barrier Breaker 14.07 used 'kmod-ipt-nathelper-extra' instead:

opkg install kmod-ipt-nathelper-extra

doc/howto/vpn.nat.pptp.txt · Last modified: 2015/11/24 17:08 by deragon