Setting up a PPTP VPN server in FreeBSD

Creating a PPTP server on FreeBSD

If you want to run a PPTP (Point to Point Tunneling Protocol) server on FreeBSD, there are a couple of solutions available. The option discussed here is using the MPD port for just such a service. The current version of MPD we use here at Section6 is 3.8. This of course may vary as to the date of your ports tree.

What’s Needed

  • A FreeBSD kernel compiled with “pseudo–device tun” support
  • Enable the option sysctl net.inet.ip.forwarding=1 or gateway_enable=“YES” on /etc/rc.conf
  • Install MPD on the server you wish to run PPTP services (ports/net/mpd)
  • Open and redirect TCP port 1723 and protocol 47 (GRE) if the PPTP server exists behind a firewall

Configure the the MPD links and configuration file

By default, the ports installation of MPD creates a /usr/local/etc/mpd directory which houses the configuration files for mpd, and it also creates startup script in /usr/local/etc/rc.d

Creating the MPD configuration

The first file to look at is called is called mpd.conf (which is represented by a sample file called mpd.conf.sample):

       load pptp

       new -i ng0 pptp pptp                    	## create a new interface of ng0 for the pptp connection
       set iface disable on-demand             	## disable on-deman dialing for this connection
       set iface enable proxy-arp			## enable the arp proxy for the created interface
       set bundle disable multilink			## disable multi link options
       set bundle authname Fred			## define the username for this connection
       set bundle enable encryption			## enable encryption for this connection
       set link yes acfcomp protocomp			## address control and protocol field compression
       set link disable pap				## disable PAP authentication for this link
       set link enable chap				## enable CHAP authentication for this link
       set link keep-alive 10 60			## keep alive settings for idle links
       set ipcp enable vjcomp		           	## enables header compression for the link
       set ipcp ranges	## sets IP of PPTP server as well as initial link
       set ipcp dns				## sets IP of DNS server to be given to client
       set ipcp nbns		        	## sets IP of the WINS server to be given out
       set bundle enable compression			## enables tunnel compression
       set ccp enable mppc				## enables microsoft point-to-point compression
       set ccp enable mpp-e40		        	## 40-bit MPP encryption
       set ccp enable mpp-e128		        	## 128-bit MPP encryption
       set ccp yes mpp-stateless			## enables stateless mode for faster recovery
       set bundle enable crypt-reqd		## require client to have encryption or drop link

The first section tells mpd<tt> to load a connection called <tt>pptp<tt>. Then next section defines the settings for the connection called pptp. To allow other clients to make simultaneous connections, you must define and load additional connections (pptp1, pptp2, etc.. )

Creating the MPD links

The next file to look at is called <tt>mpd.links<tt> (whisch is also represented by a sample file called <tt>mpd.links.sample)

set link type pptp	## define the link type protocol as PPTP
set pptp self        ## define the IP address  on which MPD will run
set pptp enable incoming      ## define the connection as Incoming
set pptp enable originate     ## enables PPTP connection for communication with the client

This entry is a link configuration for the connection that was defined in the mpd.conf file. There must be subsequent link entries for each connection that was defined (pptp1, pptp2, etc. )

Creating MPD usernames and passwords

The third file to look at is mpd.secrets. This file contains the usernames and passwords of users that have access to the PPTP server as defined in the “authname” configuration for each connection in the mpd.conf file.

Fred	password_for_fred
Joe	password_for_joe
Bob	password_for_bob

These lines are pretty straightforward and understandable. Just make sure after creating the file that only root has read access to this file.

From here, you just need to start MPD from the startup script, /usr/local/etc/rc.d/ start. You now have a funtional PPTP server on your network. Have your PPTP clients login and test connectivity with the network.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s

%d blogueiros gostam disto: