FreeBSD PPTP VPN    	PDF   	Print   	E-mail 
Contributed by Chad Brandt   	
Wednesday, 16 June 2004
Learn how to install a windows compatable PPTP VPN server on FreeBSD. Instructions for using POPTOP with MPPE 128bit encryption

1. Install poptop from the ports directory
   [root]# cd /usr/ports/net/poptop
   [root]# make install clean
   This will download and install the latest version of PoPToP

2.Edit the configuration files
   ** My local network in this example is 172.16.0.0/16. You will need to change the IP Address to meet your needs

/usr/local/etc/pptpd.conf
----------------------------------------------------------------
debug
nobsdcomp
proxyarp
localip 172.16.0.4
remoteip 172.16.0.150-155
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless


/etc/ppp/ppp.conf
---------------------------------------------------------------
loop:
    set timeout 0
    set log phase chat connect lcp ipcp command
    set device localhost:pptp
    set dial
    set login
    # Server (local) IP address, Range for Clients, and Netmask
    # if you want to use NAT use private IP addresses
    set ifaddr 172.16.0.4 172.16.0.150-172.16.0.155 255.255.0.0
    add default HISADDR
    set server /tmp/loop "" 0177

loop-in:
    set timeout 0
    set log phase lcp ipcp command
    allow mode direct

pptp:
    load loop
    disable pap
    # Authenticate against /etc/passwd
    enable passwdauth
    disable ipv6cp
    enable proxy
    accept dns
    enable MSChapV2
    enable mppe
    disable deflate pred1
    deny deflate pred1
    set dns 24.26.163.24
    set device !/etc/ppp/secure

/etc/ppp/secure
---------------------------------------------------------------
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/ppp.secret
---------------------------------------------------------------
#user #passoword
user1 password
user2 password

3. Ensure IP Forwarding is enabled
   [root]# sysctl net.inet.ip.forwarding
   1

   If the value is not 1 you can enable ip forwarding by
   [root]# sysctl net.inet.ip.forwarding=1

   You can have it always default to 1 by editing
   /etc/rc.conf
   gateway_enable="YES"

4. Enable proxy arp
   /etc/rc.conf
   arpproxy_all="YES"

5. Start pptpd
   /usr/local/etc/rc.d/pptpd start

Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN

PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port