VPN mpd on FreeBSD

Posted on Wed 27 August 2008 by Pavlo Khmel

Install mpd:

pkg_add -r mpd
# or
cd /usr/ports/net/mpd
make && make install

If external IP: 123.123.123.123
VPN IP: 10.10.10.0
Configuring pptp in file /usr/local/etc/mpd/mpd.links

pptp0:
set link type pptp
pptp1:
set link type pptp
pptp2:
set link type pptp

Adding users, password and IP addresses or any password '*' in file /usr/local/etc/mpd/mpd.secret:

test "pass" 10.10.10.11
test2 "pass2" *

Main config file /usr/local/etc/mpd/mpd.conf:

default:
load pptp0
load pptp1
load pptp2
pptp0:
new -i ng0 pptp0 pptp0 # new interface
set ipcp ranges 10.10.10.1/32 10.10.10.100/32 # local and remote IP should not conflict
load pptp_standart
pptp1:
new -i ng1 pptp1 pptp1
set ipcp ranges 10.10.10.1/32 10.10.10.101/32
load pptp_standart
pptp2:
new -i ng2 pptp2 pptp2
set ipcp ranges 10.10.10.1/32 10.10.10.102/32
load pptp_standart
pptp_standart:
set iface disable on-demand
set iface route default
set bundle disable multilink
set link yes acfcomp protocomp
# chap authorization
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set bundle enable compression
# Enabling data compression for Microsoft clients
set ccp yes mppc
# Enabling encryption for Microsoft clients
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
# local IP address for incoming connections
set pptp self 123.123.123.123
# Allow incoming connections
set pptp enable incoming
set pptp disable originate

Enable autorun in file /etc/rc.conf:

mpd_enable="YES"

Enabling logging in file /etc/syslog.conf:

!mpd
*.* /var/log/mpd.log

Firewall rules:

${fwcmd} add allow tcp from any to me 1723
${fwcmd} add allow gre from any to any