Date: Tue, 18 May 2004 17:26:07 GMT From: <rsauve_admin@securenet.net> To: freebsd-questions@FreeBSD.org Subject: Love MPD, but a few questions Message-ID: <20040518172607.C229A15ED7F@ms.securenet.net>
next in thread | raw e-mail | index | archive | help
Hi all,
I've been using mpd as a pptp/vpn server for a few projects and I really
like it with very few reservations.
Thanks for a great port.
I'm using FreeBSD 4.x and 5.2.1 and mpd-3.15_1
When I was first trying to set it up, I screwed around with the configs,
until I could get it to work and I
now realize that I've likely left in some rather major fudges.
Everything works really well.
I've set up scripts to manage users and rebuild the conf and links files
and restart mpd for dynamic ip setups
I'm from the school of 'if it ain't broke, don't fix it'
Nonetheless, I still feel that I'm not quite doing it right
The mpd.conf, in particular is what I'm talking about
Below are some config samples
Any suggestions would be appreciated
Richard Sauvé - rsauve_admin@securenet.net
### CONFS, ETC BELOW ############3
Here is an example setup
172.19.45.1 is aliased to lo0 to keep samba and others happy at boot, as
I've found it better to delay
mpd starting at boot time
## mpd.conf - reduced
default:
load pptp0
load pptp1
load pptp2
pptp0:
new -i ng0 pptp0 pptp0
set ipcp ranges 172.19.45.2/24 172.19.45.100/24
load pptp_standard
pptp1:
new -i ng1 pptp1 pptp1
set ipcp ranges 172.19.45.2/24 172.19.45.100/24
load pptp_standard
pptp2:
new -i ng2 pptp2 pptp2
set ipcp ranges 172.19.45.2/24 172.19.45.100/24
load pptp_standard
pptp_standard:
set iface disable on-demand
set iface enable proxy-arp
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp dns 172.19.45.2
set ipcp nbns 172.19.45.2
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd
#######################################
## mpd.links - 000.000.000.000 replaces the WAN ip
pptp0:
set link type pptp
set pptp self 000.000.000.000
set pptp enable incoming
set pptp disable originate
pptp1:
set link type pptp
set pptp self 000.000.000.000
set pptp enable incoming
set pptp disable originate
pptp2:
set link type pptp
set pptp self 000.000.000.000
set pptp enable incoming
set pptp disable originate
##############################3
## mpd.secret
user1 "ghi123" 172.19.45.101
user2 "def123" 172.19.45.103
user3 "abc123" 172.19.45.104
thanks for any pointers in advance,
Richard Sauvé - rsauve_admin@securenet.net
PS: I've seen references to authenticating mpd with radius, or other
ways, but no how-to's.
It kind of bothers me to have plain-text passwords anywhere on the
system, even if only readable by root.
If root has them on a tty, they are world readable !
'It's good to be root'
---------------------------------------------
This message was sent using SecureNet Mailman.
http://www.securenet.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040518172607.C229A15ED7F>