Date: Mon, 20 Oct 2003 04:48:50 -0700 From: "Aaron Burke" <aburke@nullplusone.com> To: <jake@yaknetworks.com>, <freebsd-stable@freebsd.org>, <freebsd-net@freebsd.org> Subject: RE: good solution for VPN? Message-ID: <AMEMKJNMFLJCJDLFIEDBOEMMELAA.aburke@nullplusone.com> In-Reply-To: <20031013191044.M25865@yaknetworks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
> Anyone got a good solution for a freebsd VPN server to windows
> clients? Tried
> poptop, but not really working for me any other ideas? Thanks in advance.
I currently use mpd to run VPN links. The windows machines work the same as
if I had a Windows NT/2000/Server 2003 server running the links.
I installed the 'mpd' system from ports/net/mpd. Then created the following
files in /usr/local/etc/mpd/.
mpd.conf
mpd.links
mpd.secret
The installation of the port did not seem to create the files with the
appropriate ownerships. So make sure that your files are owned by
root:wheel .
mpd.conf basically tells mpd (Multi-link PPP daemon) what to load, and the
options that each connection needs.
mpd.links basically tells mpd what to do with each connection. This is
usually a pretty simple file.
and mpd.secret tells mpd what the valid users and passwords can be. This
file should only be readable by root. Take a look at mpd.secret.sample .
I am also including my config files (modified for my security) for you
to take a look at. And for the list that may read this as well, I have
converted the files to the Microsoft crlf format. All addresses that
are listed as 1.2.3.4 gets swapped out with your public internet address.
And for firewall rules, if they apply, you need to make sure that port
1723 gets redirected to your VPN server. (even if its the local machine)
And finally, you may want to make sure that the following file exists
/usr/local/etc/rc.d/mpd.sh with executable permissions set if you want
the server to load itself on startup. If it doesnt exist it is attached
to this email as well.
And yes, I realise that getting a VPN up and running can be a pain in the
but. But if you have any questions about it feel free to get in touch
with me via email.
>
> Thanks,
And for the sake of everyone else, this question really should be directed
to -net. So I request that further discussion on the matter be moved
there. This list is for people that wish to discuss comments and report
bugs etc about freebsd-stable.
>
> Jake
Aaron Burke
aburke@nullplusone.com
[-- Attachment #2 --]
default:
load pptp0
load pptp1
load pptp2
load pptp3
pptp0:
new -i ng0 pptp0 pptp0
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 1.2.3.4/32 192.168.0.50/32
set ipcp dns 192.168.0.1
set ipcp nbns 192.168.0.1
set bundle enable compression
# set bundle enable encryption
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
pptp1:
new -i ng1 pptp1 pptp1
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 1.2.3.4/32 192.168.0.51/32
set ipcp dns 192.168.0.1
set ipcp nbns 192.168.0.1
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
pptp2:
new -i ng2 pptp2 pptp2
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 1.2.3.4/32 192.168.0.52/32
set ipcp dns 192.168.0.1
set ipcp nbns 192.168.0.1
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
pptp3:
new -i ng3 pptp3 pptp3
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 1.2.3.4/32 192.168.0.53/32
set ipcp dns 192.168.0.1
set ipcp nbns 192.168.0.1
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
[-- Attachment #3 --]
#! /bin/sh
pidf=/var/run/mpd.pid
case "$1" in
# broken - attempting fix
# start|"") mpd -b;;
# works, But I want to know about its startup
# start|"") /usr/local/sbin/mpd -b;;
start|"") /usr/local/sbin/mpd -b && echo -n ' mpd';;
stop) if [ -r $pidf ]; then
kill -TERM `cat $pidf`
fi;;
*) echo "usage: $0 [start|stop]" 1>&2; exit 1;;
esac
[-- Attachment #4 --]
# NOTE: this file should not be readable by anyone except root!
# each user is limited to one ip address to make my job as an admin
# a lot easier.
#
# login-name password (optional ip address list)
aburke "abcd1234" 192.168.0.50
ben "god" 192.168.0.51
dorin "2424" 192.168.0.63
[-- Attachment #5 --]
pptp0:
set link type pptp
set pptp self 1.2.3.4
set pptp enable incoming
set pptp disable originate
pptp1:
set link type pptp
set pptp self 1.2.3.4
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 1.2.3.4
set pptp enable incoming
set pptp disable originate
pptp3:
set link type pptp
set pptp self 1.2.3.4
set pptp enable incoming
set pptp disable originate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AMEMKJNMFLJCJDLFIEDBOEMMELAA.aburke>