Wednesday, 16 June 2004
Learn how to install a windows compatable PPTP VPN server on FreeBSD. Instructions for using POPTOP with MPPE 128bit encryption1. Install poptop from the ports directory
[root]# cd /usr/ports/net/poptop
[root]# make install clean
This will download and install the latest version of PoPToP
2.Edit the configuration files
** My local network in this example is 172.16.0.0/16. You will need to change the IP Address to meet your needs
/usr/local/etc/pptpd.conf
----------------------------------------------------------------
debug
nobsdcomp
proxyarp
localip 172.16.0.4
remoteip 172.16.0.150-155
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
/etc/ppp/ppp.conf
---------------------------------------------------------------
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
# if you want to use NAT use private IP addresses
set ifaddr 172.16.0.4 172.16.0.150-172.16.0.155 255.255.0.0
add default HISADDR
set server /tmp/loop "" 0177
loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
disable pap
# Authenticate against /etc/passwd
enable passwdauth
disable ipv6cp
enable proxy
accept dns
enable MSChapV2
enable mppe
disable deflate pred1
deny deflate pred1
set dns 24.26.163.24
set device !/etc/ppp/secure
/etc/ppp/secure
---------------------------------------------------------------
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in
/etc/ppp/ppp.secret
---------------------------------------------------------------
#user #passoword
user1 password
user2 password
3. Ensure IP Forwarding is enabled
[root]# sysctl net.inet.ip.forwarding
1
If the value is not 1 you can enable ip forwarding by
[root]# sysctl net.inet.ip.forwarding=1
You can have it always default to 1 by editing
/etc/rc.conf
gateway_enable="YES"
4. Enable proxy arp
/etc/rc.conf
arpproxy_all="YES"
5. Start pptpd
/usr/local/etc/rc.d/pptpd start
Verify that it start successfully
[root]# netstat -a -n
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN
PPTP uses tcp port 1723 and protocol 47 (GRE)
If you have a firewall in front of the VPN server make sure
you open the appropriate port
|
Thank you
Written by Guest on 2004-07-24 14:08:50
But:
/etc/ppp.conf = /etc/ppp/ppp.conf
And:
Do not forget the tabs in:
/etc/ppp/ppp.conf
 | thanks for the corrections
Written by chad on 2004-07-24 14:12:28
I made the changes you mentioned | Written by Guest on 2004-07-29 03:14:55
I have problem
I can't connect to VPN
I use this page config
but I can't connect pass
this is error
Quote:
Jul 29 16:13:04 msb ppp[60420]: Warning: Add route failed: 0.0.0.0/0 already exists
Jul 29 16:13:05 msb pptpd[60419]: GRE: xmit failed from decaps_hdlc: No route to host
Jul 29 16:13:05 msb pptpd[60419]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5)
please help me,thk | VPN Problem
Written by chad on 2004-07-29 07:51:24
I would make sure your ip address pool is the same in pptpd.conf and ppp.conf. Are you using rfc1918 addresses? make sure the address subnet is correct. | VPN Problem
Written by Guest on 2004-08-03 09:12:49
I just try it and I got the same error message ppp,ppptpd and the answer was that in /etc/ppp/ppp.secret user1 and password needs to be changed to your own one, or when you try to log on from windows use username: user1 and password: password.
P.S. For Author - Great staff buddy.
Cheers | Use this with WiFi
Written by Guest on 2004-12-31 17:54:16
Hi,
I just tried this tut to encrypt my Home/Wifi installation. It still is better than my previous NetBSD try (limited to 80Kbps) but still not as "nice" as my Linux try (slack 2.4) as the traffic rate is varying from a bit less than max (54Mbps) to nearly 0.
My wifi cards are WG511T (on both my windows client and VPN test server)
My prod server would use WG311T.
Can I expect better perf (as cardbus might sux) ?
TIA,
Jo | No MPPE?
Written by Guest on 2005-01-03 07:38:51
I've tried this on a FreeBSD 5.2.1-RELEASE.
I can login with a Windows XP Professional SP1 with MS-CHAP and without MPPE.
Whenever I try to use only MS-CHAP-V2, i get the message "Error 732: Your computer and the remote computer could not agree on PPP control protocols."
Any idea? | hmm...
Written by Guest on 2005-01-20 03:06:15
FreeBSD 5.2.1 completely ignores /etc/ppp/ppp.conf for some reason. | Help me
Written by Guest on 2005-03-16 22:23:44
I installed but some error include\ing. This error is /usr/sbin/pppd: unknown host: loop.
help me. My mail manlai_n@skycc.mn | please help
Written by Guest on 2005-04-15 08:10:48
With encryption mppe and winxp everythig works fine. But with witn 98 Se I have this message :
LCP: deflink: SendProtocolRej(2) state = Opened
ppp[50257]: Phase: Unknown protocol 0xecea (unrecognised protocol)
DUN1.4se is instaled. Ecryption on win98 is enabled.
Connection is established, user is logged, but communication not working. What's wrong ??
| radius+bandwidth control
Written by Guest on 2005-06-27 10:59:30
i have setup pptp server to follow above steps, can anybody tell me how to use radius and bandwidth management with poptop. | Sweet man
Written by Guest on 2005-07-26 20:24:40
I could kiss you, you are magnificent.  | Nice Place !1
Written by cmrnaidu on 2006-06-26 22:53:08
This one helped me a lot  | traffic passing
Written by puter on 2006-09-01 20:59:24
I have this all set up and I can connect, I receive an ip address in the proper range etc for the ppp interface, the problem I have is I cannot seem to contact any other computer than the VPN server
when I ping the server I get a response but I cannot ping any of the other systems on the remote network, and of course that means I also lose all internet connectivity since everything is being routed throught he VPN. can anyone offer some suggestions on what may be the cause of the problem? my gateway is coming up as the same IP as I was assigned by the VPN. | RE traffice passing
Written by chad on 2006-09-02 09:17:40
This sounds like the arp proxy is not working on the vpn server. Did you add arpproxy_all="YES" in rc.conf and reboot the system? | similar to traffic passing.
Written by amishmunshi on 2006-10-14 16:44:39
I am facing the same problem as the above traffic passing.
I have enabled arrproxy_all="YES" in rc.conf and rebooted.
Is there a arp proxy daemon or a kernel module. I also have ipforwarding enabled in rc.conf but I still face the same issue.
My server IP address is 65.111.165.50. I want to use the VPN over the Internet and allow users across the world to connect to this server. I have the following in ppp.conf.
set ifaddr 172.16.0.4 172.16.0.150-172.16.0.155 255.255.0.0
Is this correct? | Traffic passing
Written by aheck on 2006-11-02 00:31:05
I was having the same problem as others - could ping the server but not ping any hosts on the internal LAN.
The fix, as suggested by chad, worked for me.
To make sure it's done correctly, you can try:
Code:
sysctl net.link.ether.inet.proxyall [code]
BSD will report either a 1 (it's on) or 0 (it's off).
To toggle it on without a reboot:
[code]sysctl net.link.ether.inet.proxyall=1
| HELP ME
Written by batso on 2007-04-15 21:13:23
I installed pptp server on Freebsd 5.4
but i have problem.
I checked following step
step1: static ip address
/etc/ppp/ppp.secret
user userpass 192.168.0.50
it was good connected dialing process & internet connection
step2: dynamic ip address
/etc/ppp/ppp.secret
user userpass *
there was problem.
dialing process is good connect but internet no connection
what do I need to do next ? | still problems with traffic passing
Written by Guest on 2008-11-14 08:58:17
I am experiencing the symptoms as puter.
I do have arrproxy_all="YES" in rc.conf and sysctl net.link.ether.inet.proxyall=1. The machine has been rebooted a number of times (this is a long standing issue).
Any advice would be VERY appreciated. | Written by Guest on 2009-05-11 18:16:53
he made a typo, it should be:
arpproxy_all="YES" | paxvor
Written by Guest on 2009-09-14 23:27:09
amazing
works like charm ..
but mine have to change to
/usr/local/sbin/pptpd start
Great thanks !! | Written by Guest on 2010-02-04 12:45:28
Lets get some basic reading comprehension here, the rc.conf line is 'arpproxy_all' not 'arrproxy_all'. You do know what ARP is, right? |
Only registered users can write comments.
Please login or register. Powered by AkoComment 1.0 beta 2! |
Home 
