IPv4 Address:-
IPv6 Address:-
Service Provider:-
SSL Information:-
HTTP Protocol:-
Database:-
Web:-
PPTP VPN in FreeBSD (for Windows XP/Vista/7 clients) [07/Feb/2010]   RAID5/6 (using ZFS) in FreeBSD 8.x     Booting from ZFS RAID0/1/5/6 in FreeBSD 8.x  

WARNING: This post has been marked as obsolete and may be incorrect. It is kept for archival purposes only. Here's a simple guide to setting up a VPN server on FreeBSD so that Windows clients can connect using their built-in VPN clients...

First, make sure your ports collection is up-to-date, then build poptop in /usr/ports/net/poptop:

# cd /usr/ports/net/poptop/
# make
# make install Copy


Next we need to create a config file for poptop... create the file /usr/local/etc/pptpd.conf as follows:

nobsdcomp
proxyarp
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless Copy


Next we need to create a PPP configuration file called /etc/ppp/ppp.conf (overwrite the existing file) as follows (edit the IPs to suit your network requirements):

loop:
    set timeout 0
    set log phase chat connect lcp ipcp command
    set device localhost:pptp
    set dial
    set login
    # Server (local) IP address, Range for Clients, and Netmask
    set ifaddr 192.168.31.254 192.168.31.120-192.168.31.128 255.255.255.255
    set server /tmp/vpn-in-%d "" 0177

loop-in:
    set timeout 0
    set log phase lcp ipcp command
    allow mode direct

pptp:
    load loop
    disable pap
    disable passwdauth
    disable ipv6cp
    enable proxy
    accept dns
    enable MSChapV2
    enable mppe
    disable deflate pred1
    deny deflate pred1
    set device !/etc/ppp/secure Copy


Next we need to create a file called /etc/ppp/secure with the following contents:

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in Copy


And set it to be executable with chmod 0755 /etc/ppp/secure – this script will be run automatically during the VPN setup process.

Now we need to add a login for the VPN (you can have multiple username/passwords in this file) called /etc/ppp/ppp.secret like so:

user1 pass1
user2 pass2
user3 pass3 Copy


Now we need to enable proxy ARP in Freebsd.  Add the following line into /etc/sysctl.conf:

net.link.ether.inet.proxyall=1 Copy

To activate it without a reboot, type sysctl net.link.ether.inet.proxyall=1

And finally set the VPN server to start on bootup automatically by adding the following into /etc/rc.conf:

pptpd_enable="YES" Copy

Now startup the VPN server by running:

/usr/local/etc/rc.d/pptpd start Copy

Your VPN server is now ready on your FreeBSD server and you're ready to configure your Windows clients to connect to it.  I'll give you an example of how to do it on Windows 7, i'm sure you can find out how to do it on earlier versions of windows...

Go to Start
Open Control Panel
Under Network and Internet, click View network status and tasks
Click Set up a new connection or network at the bottom of the page
Choose Connect to a workplace and click Next
Select No, create a new connection and click Next
Select Use my Internet connection (VPN)
Enter the IP address of your VPN server in Internet address and give it a description below.
Check Don't connect now; just set it up so I can connect later and click Next
Enter the username and password from your ppp.secret file, leave Domain blank, click Create
Click Close
Click Change adapter settings on the left of your Network and Sharing Center window
Right-click on your new VPN and go to Properties
Go to the Networking tab, click Internet Protocol Version 4 (TCP/IPv4) and click Properties
Click Advanced
Uncheck Use default gateway on remote network (this enables split tunnelling mode which is probably what you will want to use)
Click Ok then Ok then Ok and close the Network Connections window.

Now your VPN is setup, you can connect by clicking on the network icon in your taskbar, clicking your VPN in the list and clicking on Connect.

Windows Vista is similar to Windows 7 to configure.  Windows XP is a little different – but the general setup is identical on all three flavours of Windows.

Split Tunnelling mode is when you join the remote network but not route your entire internet connection via it.  If you want to route your entire connection via the VPN you can skip steps 12-17 above.

  RAID5/6 (using ZFS) in FreeBSD 8.x     Booting from ZFS RAID0/1/5/6 in FreeBSD 8.x  
Copyright © 2024 Daniel Austin MBCS.
Proudly hosted using the FreeBSD operating system.
 
E-mail me
PGP Key
E-mail me
LOGGED IN
Login
padlock icon
LOGIN ERROR#123: random error here