[pptp-server] It Works: FreeBSD and PoPToP HOWTO!

Matt Cowger mcowger at bowdoin.edu
Thu May 16 00:12:02 CDT 2002


I know I am new to the list, but I noticed that alot of people seem to 
be having issues with getting PoPToP runnng as a VPN Server for Windows 
clients.  I've gotten it running on FreeBSD 4.6-PRERELEASE, and thought 
I'd share with the group.

1.  The first thing I did was of course cvsup my ports tree.
2.  Next, cd to /usr/ports/net/poptop and run make all install clean
3.  You will now need to edit a number of files to make this work:

speed 115200
option /etc/ppp/options

localip xxx.xxx.xxx.xxx
remoteip xxx.xxx.xxx.yy-zz
pidfile /var/run/pptpd.pid

You will need to change the local and remote IP's to match your local 
configuration. LocalIP should be an address in your subnet but not the 
address of your network interface(s). RemoteIP should be a **range** in 
your subnet that the PPTP daemon can assign clients for addresses.

For example, if you're address on interface ep0 is, and your 
subnet mask is, localip should be something like and remote ip should be something like 
(written just like that).  The PIDFile entry should be obvious.

You will also need to create a /etc/ppp/options file:


Don't worry too much about what these mean, but auth, chap, and proxyarp 
NEED to be in there (look them up in man ppp for more info.

The last file you need is /etc/ppp/ppp.conf

         set timeout 0
         set log phase chat connect lcp ipcp command
         set device localhost:pptp
         set dial
         set login
         # Server (local) IP address, Range for Clients, and Netmask
         set ifaddr
         set server /tmp/loop "" 0177

         set timeout 0
         set log phase lcp ipcp command
         allow mode direct

         load loop
         enable chap
         enable pap
         # Authenticate against /etc/passwd
         enable passwdauth
         # The next depends on your routing. Proxy arp is an easy way out
         enable proxy
         accept dns
         # DNS Servers to assign client - replace with your own
         set dns
         set device !/etc/ppp/secure

The file above basically needs to stay the way it is, but the line 
containing set ifaddr needs to have the same info as what you set in 
pptpd.conf.  The first argument should be the value of localip, the 
second should be the same range as remoteip (just in a slightly 
different format - you gotta spell out the whole range this time) and 
the last needs to be

Now, start up the daemon with:

/usr/local/sbin/pptpd -d

The remaining setup need to be done on your windows machine.  I am 
assuming you are using Windows XP here, but its pretty much the same as 
Windows 2000.  Go to Start|Settings|Network Connections.  Click the new 
connection wizard.  You want to "Connect to the network at my workplace" 
or something along those lines - whichever one relates to VPNs.  Click 
next.  Choose Virtual Private Network Connection.  Click Next.  In the 
COmpany Name, type whatever you wish and hot next.  The next box will 
ask you if it should dial your dialup connection before trying to start 
this one - choose whichever is appropriate and hit next.  In the host 
name, you need to put the IP of your BSD box (the real routable 
address...dealing with NAT is another issue).  The next screen asks who 
to make this connection for, choose whiever is appropriate.  Next.  Hit 

Phew!  Only a little more to go.  Windows will now pop up the connection 
box for this connection.  STOP!  SLOW DOWN!  DONT CONNECT YET.  Breathe. 
  Ok, Ready?  Hit Properties.  Under security, you need to *disable* 
"Require data encryption"  THis is just a tunnel, not a IPSec encrypted 
connection.  Click OK, and for your username and password enter your 
username and password on the BSD box.  Life should be good.

Have fun with your new VPN.

More information about the pptp-server mailing list