PPTP VPN Dialin

Dec 16, 2013
2 min read
Jun 30, 2023 16:33 EEST

Install mpd4

cd /usr/ports/net/mpd4/
make install clean

Configuration

Edit /usr/local/etc/mpd4/mpd.conf

startup:
    # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients
    set global enable tcp-wrapper
    # configure the console
    set console port 5005
    set console ip 0.0.0.0
    set console user idefix test
    set console open

default:
    load pptp1
    load pptp2

pptp1:
    new -i ng0 pptp1 pptp1
    set ipcp ranges 192.168.0.251/32 192.168.0.2/32
    load client_standard

pptp2:
    new -i ng1 pptp2 pptp2
    set ipcp ranges 192.168.0.251/32 192.168.0.3/32
    load client_standard

client_standard:
    set iface disable on-demand
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set bundle enable multilink
    set link yes acfcomp protocomp
    set link no pap chap
    set link enable chap
    set link mtu 1460
    set link keep-alive 10 60
    set ipcp yes vjcomp
    set ipcp dns 192.168.0.251
    set ipcp nbns 192.168.0.251
    set bundle enable compression
    set ccp yes mppc
    set ccp yes mpp-e40
    set ccp yes mpp-e128
    set ccp yes mpp-stateless

Edit /usr/local/etc/mpd4/mpd.links

pptp0:
    set link type pptp
    set pptp self 0.0.0.0
    set pptp enable incoming
    set pptp disable originate

pptp1:
    set link type pptp
    set pptp self 0.0.0.0
    set pptp enable incoming
    set pptp disable originate

Edit /usr/local/etc/mpd4/mpd.secret

<username> <password>

Fix permissions:

chmod 600 /usr/local/etc/mpd4/mpd.secret

Enable IP forwarding

Edit /etc/rc.conf

gateway_enable="YES"

Enable proxy arp

Edit /etc/rc.conf

arpproxy_all="YES"

Start pptpd

/usr/local/etc/rc.d/mpd4.sh start

Allow access from extern through the firewall

Allow TCP port pptp (1723). Allow protocol GRE.


Related Posts