[pptp-server] It Works: FreeBSD and PoPToP HOWTO!
Philip J Beyer
phil at beyer.family-site.org
Wed May 22 15:27:19 CDT 2002
i also had trouble setting poptop up for the first time on FreeBSD 4.x
... i'm glad you were able to figure it out and return your findings to
the community
> You will also need to create a /etc/ppp/options file:
this file is not necessary... it is actually a file that "pppd" uses,
but not the userland "ppp" that you reference later... on FreeBSD,
poptop currently uses "ppp"... i can confirm this because i'm running
fine without that options file ;-)
> The last file you need is /etc/ppp/ppp.conf
>
> ---/etc/ppp/ppp.conf----
-- snipped --
> pptp:
> load loop
> enable chap
> enable pap
> # Authenticate against /etc/passwd
> enable passwdauth
> # The next depends on your routing. Proxy arp is an
> easy way out
> enable proxy
> accept dns
> # DNS Servers to assign client - replace with your own
> set dns 1.1.1.1
> set device !/etc/ppp/secure
> ---/etc/ppp/ppp.conf----
an FYI for others who are reading this: you do not have to setup users
in /etc/passwd for this to work... you can put your PPTP users in
/etc/ppp/ppp.secret and it will work just fine
i have a slightly different setup than Matt... in order to force the use
of a reasonably secure authentication method and to allow M$ users to
encrypt their communications (which is the precise reason i am setting
up a poptop vpn in the first place ;-P), my pptp section is as follows:
--- /etc/ppp/ppp.conf ---
[ all of the rest snipped ]
pptp:
load loop
enable proxy
enable dns
enable chap81
disable pap
disable deflate pred1
deny deflate pred1
set dns 1.1.1.1
set nbns 1.1.1.1
set device !/etc/ppp/secure
--- /etc/ppp/ppp.conf ---
> Ok, Ready? Hit Properties. Under security, you need to *disable*
> "Require data encryption" THis is just a tunnel, not a IPSec
> encrypted
> connection. Click OK, and for your username and password enter your
> username and password on the BSD box. Life should be good.
if you decide to use the method outlined above for enabling MS-CHAPv2, a
Windows VPN client will negotiate the connection successfully using its
defaults (i.e. it will encrypt the data over the wire)... which means
you won't have to "disable" anything ;-)
good luck all,
Phil
More information about the pptp-server
mailing list