From owner-freebsd-questions@FreeBSD.ORG Tue May 18 10:25:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7203B16A4CF for ; Tue, 18 May 2004 10:25:43 -0700 (PDT) Received: from ms.securenet.net (ms.securenet.net [205.236.147.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id D758843D39 for ; Tue, 18 May 2004 10:25:37 -0700 (PDT) (envelope-from rsauve_admin@securenet.net) Received: from localhost (localhost [127.0.0.1]) by ms.securenet.net (Postfix) with ESMTP id D73C115ED8E for ; Tue, 18 May 2004 13:26:10 -0400 (EDT) Received: from ms.securenet.net ([127.0.0.1]) by localhost (ms.securenet.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71951-03 for ; Tue, 18 May 2004 13:26:08 -0400 (EDT) Received: from Debug (localhost [127.0.0.1]) by ms.securenet.net (Postfix) with SMTP id C229A15ED7F for ; Tue, 18 May 2004 13:26:07 -0400 (EDT) To: freebsd-questions@FreeBSD.org From: Date: Tue, 18 May 2004 17:26:07 GMT X-Posting-IP: 216.113.17.9 X-Mailer: Endymion MailMan Professional Edition v3.2.18 Message-Id: <20040518172607.C229A15ED7F@ms.securenet.net> X-Virus-Scanned: by f-prot anti-virus, and clamav anti-virus at SecureNet Inc. Subject: Love MPD, but a few questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2004 17:25:43 -0000 Hi all, I've been using mpd as a pptp/vpn server for a few projects and I really like it with very few reservations. Thanks for a great port. I'm using FreeBSD 4.x and 5.2.1 and mpd-3.15_1 When I was first trying to set it up, I screwed around with the configs, until I could get it to work and I now realize that I've likely left in some rather major fudges. Everything works really well. I've set up scripts to manage users and rebuild the conf and links files and restart mpd for dynamic ip setups I'm from the school of 'if it ain't broke, don't fix it' Nonetheless, I still feel that I'm not quite doing it right The mpd.conf, in particular is what I'm talking about Below are some config samples Any suggestions would be appreciated Richard Sauvé - rsauve_admin@securenet.net ### CONFS, ETC BELOW ############3 Here is an example setup 172.19.45.1 is aliased to lo0 to keep samba and others happy at boot, as I've found it better to delay mpd starting at boot time ## mpd.conf - reduced default: load pptp0 load pptp1 load pptp2 pptp0: new -i ng0 pptp0 pptp0 set ipcp ranges 172.19.45.2/24 172.19.45.100/24 load pptp_standard pptp1: new -i ng1 pptp1 pptp1 set ipcp ranges 172.19.45.2/24 172.19.45.100/24 load pptp_standard pptp2: new -i ng2 pptp2 pptp2 set ipcp ranges 172.19.45.2/24 172.19.45.100/24 load pptp_standard pptp_standard: set iface disable on-demand set iface enable proxy-arp set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 172.19.45.2 set ipcp nbns 172.19.45.2 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle yes crypt-reqd ####################################### ## mpd.links - 000.000.000.000 replaces the WAN ip pptp0: set link type pptp set pptp self 000.000.000.000 set pptp enable incoming set pptp disable originate pptp1: set link type pptp set pptp self 000.000.000.000 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 000.000.000.000 set pptp enable incoming set pptp disable originate ##############################3 ## mpd.secret user1 "ghi123" 172.19.45.101 user2 "def123" 172.19.45.103 user3 "abc123" 172.19.45.104 thanks for any pointers in advance, Richard Sauvé - rsauve_admin@securenet.net PS: I've seen references to authenticating mpd with radius, or other ways, but no how-to's. It kind of bothers me to have plain-text passwords anywhere on the system, even if only readable by root. If root has them on a tty, they are world readable ! 'It's good to be root' --------------------------------------------- This message was sent using SecureNet Mailman. http://www.securenet.net/