opkg install pptpd kmod-mppe

== /etc/pptpd.conf ==

#debug
option /etc/ppp/options.pptpd
speed 115200
stimeout 10
localip 192.168.11.1
remoteip 192.168.11.40-49

== /etc/ppp/chap-secrets ==

#USERNAME PROVIDER PASSWORD IPADDRESS
jason * testypass *

== /etc/firewall.user ==

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Allow all traffic in and out of the ppp interface. No reason to specify nets.
iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT
# This rule will allow traffic towards internet
iptables -A forwarding_rule -i ppp+ -j ACCEPT

== /etc/config/firewall ==

config 'rule'
option 'target' 'ACCEPT'
option '_name' 'pptpd'
option 'src' 'wan'
option 'proto' 'tcpudp'
option 'dest_port' '1723'

PPTP Cleint on OpenWRT: http://vpnonline.pl/en/konfiguracja/openwrt-pptp

Make localip/remoteip network different than LAN of the server to have access to entire LAN from PPTP Client.

Additionaly you need add route on PPTP Client fo LAN:

route add -net <LAN on PPTP server side> netmask 255.255.255.0 pptp-interface

Example:

route add -net 10.0.6.0 netmask 255.255.255.0 pptp-interface

If service not started automatically:

/usr/sbin/pptpd

1. Open firewall. edit /etc/config/firewall

config rule
        option name             FTP20-Externaly
        option src              wan
        option proto            tcp
        option dest_port        20
        option target           ACCEPT
config rule
        option name             FTP21-Externaly
        option src              wan
        option proto            tcp
        option dest_port        21
        option target           ACCEPT

2. Install vsftpd

opkg update
opkg install vsftpd

3. Create the ftp directory

mkdir -p /home/ftp_user

4. add the user to the system - editing /etc/passwd

ftp_user:x:1000:55::/home/ftp_user:/bin/false

5. Change password for ftp_user

passwd ftp_user

6. Configure vsftpd - edit /etc/vsftpd.conf

anonymous_enable=YES
anon_root=/home/ftp_user/
chroot_local_user=YES

7. start/enable/reload

/etc/init.d/firefall reset - reload iptables rules

--- Rules to allow local trafic and DNS from LAN to WAN interface ---

config rule
        option name 'Allow-Local-NAT-10'
        option src 'lan'
        option dest 'wan'
        option proto 'all'
        option target 'ACCEPT'
        option dest_ip '10.0.0.0/8'

config rule
        option name 'Allow-Local-NAT-172'
        option src 'lan'
        option dest 'wan'
        option proto 'all'
        option target 'ACCEPT'
        option dest_ip '172.16.0.0/12'

config rule
        option name 'Allow-Local-NAT-192'
        option src 'lan'
        option dest 'wan'
        option proto 'all'
        option target 'ACCEPT'
        option dest_ip '192.168.0.0/16'

config rule
        option name 'Allow-Local-NAT-DNS'
        option src 'lan'
        option dest 'wan'
        option target 'ACCEPT'
        option dest_port '53'
        option proto 'tcp udp'

config rule
        option name 'Deny-NAT-through-WAN'
        option src 'lan'
        option dest 'wan'
        option target 'DROP'
        option proto 'all'

config forwarding
        option src 'lan'
        option dest 'wan'

Enabling remote SSH access in OpenWRT is a two-step process. SSH access must be enabled on the WAN, and the SSH port must be opened in the firewall.
1. Enable ssh access on the WAN Go to System->Administration. Under SSH Access, make sure "unspecified" is selected for Interface. This allows SSH access on both the LAN and WAN interfaces.
2. Now, open the appropriate port in your firewall. There are two ways to accomplish this. You can either add changes to /etc/firewall.user or /etc/config/firewall.

A. To use the first method, add the following lines to /etc/firewall.user. Note the example below specifies port 22 as the SSH port.
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT iptables -A input_wan -p tcp --dport 22 -j ACCEPT