Here’s a simple guide to setting up a VPN server on FreeBSD so that Windows clients can connect using their built-in VPN clients…
First, make sure your ports collection is up-to-date, then build poptop in /usr/ports/net/poptop:
# cd /usr/ports/net/poptop/
# make install
Next we need to create a config file for poptop… create the file /usr/local/etc/pptpd.conf as follows:
Next we need to create a PPP configuration file called /etc/ppp/ppp.conf (overwrite the existing file) as follows (edit the IPs to suit your network requirements):
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
# Server (local) IP address, Range for Clients, and Netmask
set ifaddr 192.168.31.254 192.168.31.120-192.168.31.128 255.255.255.255
set server /tmp/vpn-in-%d “” 0177
set timeout 0
set log phase lcp ipcp command
allow mode direct
disable deflate pred1
deny deflate pred1
set device !/etc/ppp/secure
Every line above except those ending with a colon(:) should be indented or ppp.conf will not work – the CMS in use on this site wont indent – sorry 🙁
Next we need to create a file called /etc/ppp/secure with the following contents:
exec /usr/sbin/ppp -direct loop-in
And set it to be executable with chmod 0755 /etc/ppp/secure – this script will be run automatically during the VPN setup process.
Now we need to add a login for the VPN (you can have multiple username/passwords in this file) called /etc/ppp/ppp.secret like so:
Now we need to enable proxy ARP in Freebsd. Add the following line into /etc/sysctl.conf:
To activate it without a reboot, type sysctl net.link.ether.inet.proxyall=1
And finally set the VPN server to start on bootup automatically by adding the following into /etc/rc.conf:
Now startup the VPN server by running:
Your VPN server is now ready on your FreeBSD server and you’re ready to configure your Windows clients to connect to it. I’ll give you an example of how to do it on Windows 7, i’m sure you can find out how to do it on earlier versions of windows…
- Go to Start
- Open Control Panel
- Under Network and Internet, click View network status and tasks
- Click Set up a new connection or network at the bottom of the page
- Choose Connect to a workplace and click Next
- Select No, create a new connection and click Next
- Select Use my Internet connection (VPN)
- Enter the IP address of your VPN server in Internet address and give it a description below.
- Check Don’t connect now; just set it up so I can connect later and click Next
- Enter the username and password from your ppp.secret file, leave Domain blank, click Create
- Click Close
- Click Change adapter settings on the left of your Network and Sharing Center window
- Right-click on your new VPN and go to Properties
- Go to the Networking tab, click Internet Protocol Version 4 (TCP/IPv4) and click Properties
- Click Advanced
- Uncheck Use default gateway on remote network (this enables split tunnelling mode which is probably what you will want to use)
- Click Ok then Ok then Ok and close the Network Connections window.
Now your VPN is setup, you can connect by clicking on the network icon in your taskbar, clicking your VPN in the list and clicking on Connect.
Windows Vista is similar to Windows 7 to configure. Windows XP is a little different – but the general setup is identical on all three flavours of Windows.
Split Tunnelling mode is when you join the remote network but not route your entire internet connection via it. If you want to route your entire connection via the VPN you can skip steps 12-17 above.