FreeBSD PPTP VPN

Learn how to install a windows compatable PPTP VPN server on FreeBSD. Instructions for using POPTOP with MPPE 128bit encryption

1. Install poptop from the ports directory
[root]# cd /usr/ports/net/poptop
[root]# make install clean
This will download and install the latest version of PoPToP


2.Edit the configuration files
** My local network in this example is 172.16.0.0/16. You will need to change the IP Address to meet your needs
/usr/local/etc/pptpd.conf
–––––––––––––––––––––-
debug
nobsdcomp
proxyarp
localip 172.16.0.4
remoteip 172.16.0.150-155
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless

/etc/ppp/ppp.conf
–––––––––––––––––––––
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
set ifaddr 172.16.0.4 172.16.0.150-172.16.0.155 255.255.0.0
add default HISADDR
set server /tmp/loop „“ 0177

loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct

pptp:
load loop
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 24.26.163.24
set device !/etc/ppp/secure

/etc/ppp/secure
–––––––––––––––––––––
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/ppp.secret
–––––––––––––––––––––
#user #passoword
user1 password
user2 password


3. Ensure IP Forwarding is enabled
[root]# sysctl net.inet.ip.forwarding
1

If the value is not 1 you can enable ip forwarding by
[root]# sysctl net.inet.ip.forwarding=1

You can have it always default to 1 by editing
/etc/rc.conf
gateway_enable=“YES“


4. Enable proxy arp
/etc/rc.conf
arpproxy_all=“YES“


5. Start pptpd
/usr/local/etc/rc.d/pptpd start


Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN

PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port

Contributed by Chad Brandt

How to boot a Vista system from a locally stored WIM file

The Windows AIK provides excellent opportunities to create custom Windows PE based images. Those images are provided as WIM files and can be easily converted to ISO files to be burned on CD or DVD. WIM files can also be used to boot from the network using Windows Deployment Services. The Microsoft site also provides procedures to boot a WIM file from USB drive or a clean local hard drive. Unfortunately I was not able to find a complete description how to place a WIM boot image on the local hard disk and provide it as alternative boot option in the Vista boot Menu.

After combining various publications about the subject I managed to extract the procedure to add an option to the boot menu and boot a computer from the WIM file C:\Sources\boot.wim on the local hard drive:

  1. Copy boot\boot.sdi from the Windows Vista installation DVD to C:\boot (By default this folder is hidden in Windows Explorer)
  2. Use the following set of commands to create a ramdiskoptions object in the BCD store. The string „{ramdiskoptions}“ is the well-known name for the object’s GUID.

    bcdedit /create {ramdiskoptions} /d „Ramdisk options“

    bcdedit /set {ramdiskoptions} ramdisksdidevice partition=c:

    bcdedit /set {ramdiskoptions} ramdisksdipath \boot\boot.sdi

  3. Create a new boot entry.

    bcdedit -create /d „Windows PE boot“ /application OSLOADER

  4. Step 3 returns the GUID that is associated with the newly created boot entry. It is referred to as NewGUID in the remaining examples. Run the following set of commands to configure the boot entry.

    bcdedit /set {NewGUID} device ramdisk=[c:]\sources\boot.wim,{ramdiskoptions}

    bcdedit /set {NewGUID} path \windows\system32\boot\winload.exe

    bcdedit /set {NewGUID} osdevice ramdisk=[c:]\sources\boot.wim,{ramdiskoptions}

    bcdedit /set {NewGUID} systemroot \windows

    bcdedit /set {NewGUID} winpe yes

    bcdedit /set {NewGUID} detecthal yes

    bcdedit /displayorder {NewGUID} /addlast

Now when you boot the system, an extra boot option „Windows PE boot“ is presented and can be used to boot from c:\sources\boot.wim

VoIP – реализация и сигурност спрямо PSTN

Повечето компании избират VoIP технологията по многобройни причини като достоен заместник на канално- комутируемите публични мрежи, използвани масово последните няколко години. В течение на времето VoIP е усъвършенствала своята надеждност и сигурност, като същевременно спестява и излишни финансови вложения на фирмите.

Съпоставката на VoIP и PSTN може да откриете в статията на Стив Съливан: www.infosecwriters.com/text_resources/pdf/Voip_SSullivan.pdf

Global Hosted Operating System

G.ho.st (Global Hosted Operating System) is a free browser-based hosted alternative to desktop client systems like Microsoft’s Windows and Apple’s OS X. With Gh.o.st, all users need is an active Internet connection according to Zvi Schreiber, CEO of G.ho.st: „The idea of having the whole computing environment on the Web has been a great idea for a while, but the [applications] haven’t been there.” That’s changing, however, as companies like Zoho and Google rolling out Web-based word processors, spreadsheets, and calendars, Schreiber said. „The intention [of G.ho.st] is people are doing more and more of their work on the Web and less and less on the local [client].” Launched as an alpha version in April, the Web-based operating system is being hosted by Amazon Web Services data centers – a fully functional service is planned for this summer.
G.ho.st uses Linux technologies along with freshly architected pieces in such areas as client-to-server connectivity. „We give you a single file system to keep track of all the different files you’ve got online,“ Schreiber said. Schreiber admitted his operating system can’t compete with client operating systems and noted instead that G.ho.st is targeted at three groups: people who do not have a laptop, people in developing countries who cannot afford a PC or Internet connection, and people not permitted to install their own files on their computers at work. Possible growth opportunities include mobile workers, who could use it to access a personal desktop remotely. The company is hoping to generate revenues through affiliation with service providers like Amazon.com.
News source: InfoWorld