From owner-freebsd-questions@FreeBSD.ORG Tue Mar 18 14:31:32 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0F22106567A for ; Tue, 18 Mar 2008 14:31:32 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: from smtp.teledomenet.gr (smtp.teledomenet.gr [213.142.128.2]) by mx1.freebsd.org (Postfix) with ESMTP id 2EBC78FC1F for ; Tue, 18 Mar 2008 14:31:32 +0000 (UTC) (envelope-from nvass@teledomenet.gr) Received: by smtp.teledomenet.gr (Postfix, from userid 58) id 0BED6142535; Tue, 18 Mar 2008 16:31:31 +0200 (EET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on smtp.teledomenet.gr X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.2.3 Received: from iris (unknown [192.168.1.71]) by smtp.teledomenet.gr (Postfix) with ESMTP id A8392142654; Tue, 18 Mar 2008 16:31:16 +0200 (EET) From: Nikos Vassiliadis To: freebsd-questions@freebsd.org Date: Tue, 18 Mar 2008 16:30:47 +0200 User-Agent: KMail/1.9.7 References: <8f82c35c0803180528g31ce1280icf2d8fb3f51f52ef@mail.gmail.com> In-Reply-To: <8f82c35c0803180528g31ce1280icf2d8fb3f51f52ef@mail.gmail.com> X-NCC-RegID: gr.telehouse MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200803181630.48688.nvass@teledomenet.gr> Cc: Jon Theil Nielsen Subject: Re: pptpd server on a Samba PDC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2008 14:31:32 -0000 On Tuesday 18 March 2008 14:28:22 Jon Theil Nielsen wrote: > My goal is to make our PDC (FreeBSD 7.0 - Samba 3.0.28) available > through VPN from Windows clients so clients can authenticate via > Winbind, join the domain and access there home shares. > I have tried to follow the instructions by Andrew Bartlett ( > http://samba.org/ftp/unpacked/lorikeet/pppd/final-report.pdf) - without > success. > > My main configuration file /usr/local/etc/httpd.conf looks like > option /etc/ppp/options.pptp > localip 192.168.1.4 > remoteip 192.168.1.150-155 > pidfile /var/run/pptpd.pid > # TAG: bcrelay > bcrelay eth0 > > And the /etc/ppp/options.pptp: > lock > noauth > nobsdcomp > lcp-echo-failure 10 > lcp-echo-interval 10 > > I have another file /etc/ppp/options: > lock > noauth > nobsdcomp > lcp-echo-failure 10 > lcp-echo-interval 10 > mflserver3# less /etc/ppp/options > name mflserver3 > noipdefault > noauth > lock > local > lcp-echo-interval 30 > lcp-echo-failure 4 > lcp-max-configure 60 > lcp-restart 2 > idle 600 > noipx > file /etc/ppp/filters > proxyarp > ms-dns 192.168.1.4 > ms-wins 192.168.1.4 > refuse-chap > refuse-mschap > > Finally, I have both pap-secrets and chap-secrets. > > With the existence of a /etc/ppp/ppp.conf looking like: > pptp: > set timeout 0 > set log phase chat connect lcp ipcp command > set dial > set login > enable mssfixup > set ifaddr 192.168.1.4 192.168.150-192.168.1.155 255.255.255.0 > set server /tmp/loop "" 0177 > disable pap > # Authenticate against /etc/passwd > enable passwdauth > disable ipv6cp > enable proxy > accept dns > enable MSChapV2 > enable mppe > disable deflate pred1 > deny deflate pred1 > set dns 195.184.96.2 > set device !/etc/ppp/secure > > I got the following in my log: > ppp[67205]: Warning: Label /etc/ppp/options.pptp rejected -direct > connection: Configuration label not found > > When I removed ppp.conf, I got: > ppp[67267]: Warning: Label /etc/ppp/options.pptp rejected -direct > connection: /etc/ppp/ppp.conf : File not found > > I am a bit confused. It seems that the reference to the options file > makes something go wrong. And it seems that pptpd needs the ppp > configuration file to work. Yes, this configuration guide you've read is for Linux, thus it will use pppd by Paul Mackeras. pppd is in the base system(/usr/sbin/pppd), but it's an older version than the Linux one, since most people on FreeBSD use user-ppp(/usr/sbin/ppp). So, bad news first: pppd probably won't work(at least won't work by copying a configuration file you've found on the internet). I have many doubts that FreeBSD's pppd can be used with pptp. The good news are, that poptop is supported(it's in the ports), you just have to use user-ppp(which you seem to already use, since the name of the process above is ppp). Isn't the pptp entry on /etc/ppp/ppp.conf, installed from the port??? Did you search the package for configuration samples? > > Does anyone have a working example of poptop-based vpn server The pptp server/client of preference for a FreeBSD system, is in my humble opinion net/mpd. I suggest you to use that. There many guides on "pptp and mpd" lying around on the net. HTH, Nikos