FreeBSD PPTP VPN
FreeBSD PPTP VPN Learn how to install a windows compatable PPTP VPN server on FreeBSD.
Instructions for using POPTOP with MPPE 128bit encryption
1. Install poptop from the ports directory
[root]# cd /usr/ports/net/poptop
[root]# make install clean
This will download and install the latest version of PoPToP 2.Edit the configuration files
** My local network in this example is 172.16.0.0/16. You will need
to change the IP Address to meet your needs /usr/local/etc/pptpd.conf
----------------------------------------------------------------
debug
nobsdcomp
proxyarp
localip 192.168.0.1
remoteip 192.168.0.2-255
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
/etc/ppp/ppp.conf
---------------------------------------------------------------
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
set ifaddr 192.168.0.1 192.168.0.2-192.168.0.255 255.255.255.0
add default HISADDR
set server /tmp/loop "" 0177 loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct pptp:
load loop
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 24.26.163.24
set device !/etc/ppp/secure /etc/ppp/secure
---------------------------------------------------------------
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in /etc/ppp/ppp.secret
---------------------------------------------------------------
#user #passoword
user1 password
user2 password
3. Ensure IP Forwarding is enabled
[root]# sysctl net.inet.ip.forwarding
1 If the value is not 1 you can enable ip forwarding by
[root]# sysctl net.inet.ip.forwarding=1 You can have it always default to 1 by editing
/etc/rc.conf
gateway_enable="YES" 4. Enable proxy arp
/etc/rc.conf
arpproxy_all="YES" 5. Start pptpd
/usr/local/etc/rc.d/pptpd start Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port
gateway_enable="YES"
arpproxy_all="YES"
pptpd_enable="YES"
pptpd_flags="-c /usr/local/etc/pptpd.conf -o pptp"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
pf_enable="YES"
nginx_enable="YES"
natd_enable="YES"
natd_interface="re0"
firewall_enable="YES"
firewall_type="OPEN"
firewall_logging_enable="YES"
ipfw add allow all from any to any
ipfw add divert natd ip from any to any via em0
Instructions for using POPTOP with MPPE 128bit encryption
1. Install poptop from the ports directory
[root]# cd /usr/ports/net/poptop
[root]# make install clean
This will download and install the latest version of PoPToP 2.Edit the configuration files
** My local network in this example is 172.16.0.0/16. You will need
to change the IP Address to meet your needs /usr/local/etc/pptpd.conf
----------------------------------------------------------------
debug
nobsdcomp
proxyarp
localip 192.168.0.1
remoteip 192.168.0.2-255
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
/etc/ppp/ppp.conf
---------------------------------------------------------------
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
set ifaddr 192.168.0.1 192.168.0.2-192.168.0.255 255.255.255.0
add default HISADDR
set server /tmp/loop "" 0177 loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct pptp:
load loop
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 24.26.163.24
set device !/etc/ppp/secure /etc/ppp/secure
---------------------------------------------------------------
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in /etc/ppp/ppp.secret
---------------------------------------------------------------
#user #passoword
user1 password
user2 password
3. Ensure IP Forwarding is enabled
[root]# sysctl net.inet.ip.forwarding
1 If the value is not 1 you can enable ip forwarding by
[root]# sysctl net.inet.ip.forwarding=1 You can have it always default to 1 by editing
/etc/rc.conf
gateway_enable="YES" 4. Enable proxy arp
/etc/rc.conf
arpproxy_all="YES" 5. Start pptpd
/usr/local/etc/rc.d/pptpd start Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port
gateway_enable="YES"
arpproxy_all="YES"
pptpd_enable="YES"
pptpd_flags="-c /usr/local/etc/pptpd.conf -o pptp"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server.conf"
pf_enable="YES"
nginx_enable="YES"
natd_enable="YES"
natd_interface="re0"
firewall_enable="YES"
firewall_type="OPEN"
firewall_logging_enable="YES"
ipfw add allow all from any to any
ipfw add divert natd ip from any to any via em0
