FreeBSD VPN
This document describes how to setup both the server side and client side for a PPTP connection with MPPE encryption that works for windows, MacOsX and other freebsd boxes.
The basic process:
- Install & configure pptpserver on the freebsd server - Configure ppp on the freebsd server - Setup the clients
1. Installing pptpserver
This part is handled really easily as it pptp server exists in the ports collections. Hence all you need to do is:
cd /usr/port/net/poptop make install
To configure pptp modify /usr/local/etc/pptp.conf\\ Put the following lines in the file:
localip 192.168.2.1 remoteip 192.168.2.56-75 # Listen on the outside interface only listen 130.220.37.202
Configure ppp on the freebsd server
Edit /etc/ppp/ppp.conf and set the following target only:
pptp: set ifaddr 192.168.1.1 192.168.1.56-192.168.1.74 255.255.255.255 set dns 192.168.0.1 set nbns 192.168.0.1 disable pap disable utmp disable passwdauth #enable chap # MPPE Requirest chap81/MSChapV2 enable MSChapV2 enable mppe # Enable Encrptions set log Phase Chat LCP IPCP CCP tun command # Debugging set timeout 0 # Don't drop the connection
# # Force 128 bit encryption with a key change every packet # MacOSX only works with stateless connections and the are more # secure anyway - just less efficient. set mppe 128 stateless
# Disable compression - freebsd clients try to use it but it breaks mppe disable deflate pred1 deny deflate pred1 set server /var/run/pptp_ppp_%d "" 0700 accept dns # Enable clients to request dns details disable ipv6cp # Disable ipv6 enable proxy # Enable proxying addresses on the local net for clients
Now modify/create /etc/ppp/ppp.secret and put in it:
someuser userpassword 192.168.1.75
Now ‘someuser’ can log in with the password ‘userpassword’ and will get an IP address of 192.168.1.75. If you don’t want to specify the ip, just leave the 3rd parameter off that line of the file.
Setup Clients
This section details how to setup various clients
Windows XP
- Create a new VPN connection - Specify host - Specify Usename / password - Hit connect
FreeBSD
Freebsd works with MPPE out the box. Simply setup the following in /etc/ppp.conf
MYVPN: set authname someuser set authkey userpassword disable pred1 enable proxy disable ipv6cp set timeout 0 add default HISADDR
Install pptpclient
cd /usr/ports/net/pptpclient make install
Now run it with: pptp serverip MYVPN\\ ie:
pptp 130.220.37.2 MYVPN
Mac OsX
Simply configure the GUI tool.