FreeBSD PPTP VPN

Learn how to install a windows compatable PPTP VPN server on FreeBSD. Instructions for using POPTOP with MPPE 128bit encryption

1. Install poptop from the ports directory
[root]# cd /usr/ports/net/poptop
[root]# make install clean
This will download and install the latest version of PoPToP


2.Edit the configuration files
** My local network in this example is 172.16.0.0/16. You will need to change the IP Address to meet your needs
/usr/local/etc/pptpd.conf
–––––––––––––––––––––-
debug
nobsdcomp
proxyarp
localip 172.16.0.4
remoteip 172.16.0.150-155
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless

/etc/ppp/ppp.conf
–––––––––––––––––––––
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
set ifaddr 172.16.0.4 172.16.0.150-172.16.0.155 255.255.0.0
add default HISADDR
set server /tmp/loop „“ 0177

loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct

pptp:
load loop
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 24.26.163.24
set device !/etc/ppp/secure

/etc/ppp/secure
–––––––––––––––––––––
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/ppp.secret
–––––––––––––––––––––
#user #passoword
user1 password
user2 password


3. Ensure IP Forwarding is enabled
[root]# sysctl net.inet.ip.forwarding
1

If the value is not 1 you can enable ip forwarding by
[root]# sysctl net.inet.ip.forwarding=1

You can have it always default to 1 by editing
/etc/rc.conf
gateway_enable=“YES“


4. Enable proxy arp
/etc/rc.conf
arpproxy_all=“YES“


5. Start pptpd
/usr/local/etc/rc.d/pptpd start


Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN

PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port

Contributed by Chad Brandt

Този сайт използва Akismet за намаляване на спама. Научете как се обработват данните ви за коментари.