Site Navigation

Date:      Mon, 20 Oct 2003 04:48:50 -0700
From:      "Aaron Burke" <aburke@nullplusone.com>
To:        <jake@yaknetworks.com>, <freebsd-stable@freebsd.org>, <freebsd-net@freebsd.org>
Subject:   RE: good solution for VPN?
Message-ID:  <AMEMKJNMFLJCJDLFIEDBOEMMELAA.aburke@nullplusone.com>
In-Reply-To: <20031013191044.M25865@yaknetworks.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is a multi-part message in MIME format.

------=_NextPart_000_00E8_01C396C5.748FCA10
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

> Anyone got a good solution for a freebsd VPN server to windows 
> clients? Tried
> poptop, but not really working for me any other ideas? Thanks in advance.
I currently use mpd to run VPN links. The windows machines work the same as
if I had a Windows NT/2000/Server 2003 server running the links.

I installed the 'mpd' system from ports/net/mpd. Then created the following
files in /usr/local/etc/mpd/.
mpd.conf
mpd.links
mpd.secret

The installation of the port did not seem to create the files with the
appropriate ownerships. So make sure that your files are owned by
root:wheel .

mpd.conf basically tells mpd (Multi-link PPP daemon) what to load, and the
options that each connection needs. 

mpd.links basically tells mpd what to do with each connection. This is
usually a pretty simple file.

and mpd.secret tells mpd what the valid users and passwords can be. This
file should only be readable by root. Take a look at mpd.secret.sample .

I am also including my config files (modified for my security) for you
to take a look at.  And for the list that may read this as well, I have
converted the files to the Microsoft crlf format. All addresses that
are listed as 1.2.3.4 gets swapped out with your public internet address.

And for firewall rules, if they apply, you need to make sure that port
1723 gets redirected to your VPN server. (even if its the local machine)

And finally, you may want to make sure that the following file exists
/usr/local/etc/rc.d/mpd.sh with executable permissions set if you want
the server to load itself on startup. If it doesnt exist it is attached
to this email as well.

And yes, I realise that getting a VPN up and running can be a pain in the
but. But if you have any questions about it feel free to get in touch
with me via email.

> 
> Thanks,

And for the sake of everyone else, this question really should be directed
to -net. So I request that further discussion on the matter be moved
there. This list is for people that wish to discuss comments and report
bugs etc about freebsd-stable.

> 
> Jake

Aaron Burke
aburke@nullplusone.com
------=_NextPart_000_00E8_01C396C5.748FCA10
Content-Type: application/octet-stream;
	name="mpd.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="mpd.conf"

default:
             load pptp0
             load pptp1
             load pptp2
             load pptp3

pptp0:
             new -i ng0 pptp0 pptp0
             set iface disable on-demand
             set bundle disable multilink
             set iface enable proxy-arp
             set link yes acfcomp protocomp
             set link no pap chap
             set link enable chap
             set link keep-alive 60 180
             set ipcp yes vjcomp
             set ipcp ranges 1.2.3.4/32 192.168.0.50/32
             set ipcp dns 192.168.0.1
             set ipcp nbns 192.168.0.1
             set bundle enable compression
	     # set bundle enable encryption
             set ccp yes mppc
             set ccp yes mpp-e40
             set ccp yes mpp-e128
             set ccp yes mpp-stateless
             set bundle yes crypt-reqd

pptp1:
             new -i ng1 pptp1 pptp1
             set iface disable on-demand
             set bundle disable multilink
             set iface enable proxy-arp
             set link yes acfcomp protocomp
             set link no pap chap
             set link enable chap
             set link keep-alive 60 180
             set ipcp yes vjcomp
             set ipcp ranges 1.2.3.4/32 192.168.0.51/32
             set ipcp dns 192.168.0.1
             set ipcp nbns 192.168.0.1
             set bundle enable compression
             set ccp yes mppc
             set ccp yes mpp-e40
             set ccp yes mpp-e128
             set ccp yes mpp-stateless
             set bundle yes crypt-reqd

pptp2:
             new -i ng2 pptp2 pptp2
             set iface disable on-demand
             set bundle disable multilink
             set iface enable proxy-arp
             set link yes acfcomp protocomp
             set link no pap chap
             set link enable chap
             set link keep-alive 60 180
             set ipcp yes vjcomp
             set ipcp ranges 1.2.3.4/32 192.168.0.52/32
             set ipcp dns 192.168.0.1
             set ipcp nbns 192.168.0.1
             set bundle enable compression
             set ccp yes mppc
             set ccp yes mpp-e40
             set ccp yes mpp-e128
             set ccp yes mpp-stateless
             set bundle yes crypt-reqd

pptp3:
             new -i ng3 pptp3 pptp3
             set iface disable on-demand
             set bundle disable multilink
             set iface enable proxy-arp
             set link yes acfcomp protocomp
             set link no pap chap
             set link enable chap
             set link keep-alive 60 180
             set ipcp yes vjcomp
             set ipcp ranges 1.2.3.4/32 192.168.0.53/32
             set ipcp dns 192.168.0.1
             set ipcp nbns 192.168.0.1
             set bundle enable compression
             set ccp yes mppc
             set ccp yes mpp-e40
             set ccp yes mpp-e128
             set ccp yes mpp-stateless
             set bundle yes crypt-reqd
------=_NextPart_000_00E8_01C396C5.748FCA10
Content-Type: application/octet-stream;
	name="mpd.sh"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="mpd.sh"

#! /bin/sh

pidf=/var/run/mpd.pid

case "$1" in
# broken - attempting fix
#       start|"") mpd -b;;
# works, But I want to know about its startup
#       start|"") /usr/local/sbin/mpd -b;;
        start|"") /usr/local/sbin/mpd -b && echo -n ' mpd';;
        stop) if [ -r $pidf ]; then
                kill -TERM `cat $pidf`
        fi;;
        *) echo "usage: $0 [start|stop]" 1>&2; exit 1;;
esac

------=_NextPart_000_00E8_01C396C5.748FCA10
Content-Type: application/octet-stream;
	name="mpd.secret"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="mpd.secret"

# NOTE: this file should not be readable by anyone except root!
# each user is limited to one ip address to make my job as an admin
# a lot easier.
#
# login-name	password	(optional ip address list)
aburke		"abcd1234"	192.168.0.50
ben		"god"		192.168.0.51
dorin		"2424"		192.168.0.63

------=_NextPart_000_00E8_01C396C5.748FCA10
Content-Type: application/octet-stream;
	name="mpd.links"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="mpd.links"

pptp0:
        set link type pptp
        set pptp self 1.2.3.4
        set pptp enable incoming
        set pptp disable originate
pptp1:
        set link type pptp
        set pptp self 1.2.3.4
        set pptp enable incoming
        set pptp disable originate
pptp2:
        set link type pptp
        set pptp self 1.2.3.4
        set pptp enable incoming
        set pptp disable originate
pptp3:
        set link type pptp
        set pptp self 1.2.3.4
        set pptp enable incoming
        set pptp disable originate

------=_NextPart_000_00E8_01C396C5.748FCA10--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AMEMKJNMFLJCJDLFIEDBOEMMELAA.aburke>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact