[pptp-server] It Works: FreeBSD and PoPToP HOWTO!
Matt Cowger
mcowger at bowdoin.edu
Thu May 16 00:12:02 CDT 2002
Hi...
I know I am new to the list, but I noticed that alot of people seem to
be having issues with getting PoPToP runnng as a VPN Server for Windows
clients. I've gotten it running on FreeBSD 4.6-PRERELEASE, and thought
I'd share with the group.
1. The first thing I did was of course cvsup my ports tree.
2. Next, cd to /usr/ports/net/poptop and run make all install clean
3. You will now need to edit a number of files to make this work:
----/usr/local/etc/pptpd.conf-------
speed 115200
option /etc/ppp/options
localip xxx.xxx.xxx.xxx
remoteip xxx.xxx.xxx.yy-zz
pidfile /var/run/pptpd.pid
------------------------------------
You will need to change the local and remote IP's to match your local
configuration. LocalIP should be an address in your subnet but not the
address of your network interface(s). RemoteIP should be a **range** in
your subnet that the PPTP daemon can assign clients for addresses.
For example, if you're address on interface ep0 is 192.168.1.1, and your
subnet mask is 255.255.255.0, localip should be something like
192.168.1.100 and remote ip should be something like 192.168.1.150-200
(written just like that). The PIDFile entry should be obvious.
You will also need to create a /etc/ppp/options file:
---/etc/ppp/options----
auth
proxyarp
pap
chap
---/etc/ppp/options----
Don't worry too much about what these mean, but auth, chap, and proxyarp
NEED to be in there (look them up in man ppp for more info.
The last file you need is /etc/ppp/ppp.conf
---/etc/ppp/ppp.conf----
loop:
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
# Server (local) IP address, Range for Clients, and Netmask
set ifaddr 192.168.1.100 192.168.1.150-192.168.1.200
255.255.255.255
set server /tmp/loop "" 0177
loop-in:
set timeout 0
set log phase lcp ipcp command
allow mode direct
pptp:
load loop
enable chap
enable pap
# Authenticate against /etc/passwd
enable passwdauth
# The next depends on your routing. Proxy arp is an easy way out
enable proxy
accept dns
# DNS Servers to assign client - replace with your own
set dns 1.1.1.1
set device !/etc/ppp/secure
---/etc/ppp/ppp.conf----
The file above basically needs to stay the way it is, but the line
containing set ifaddr needs to have the same info as what you set in
pptpd.conf. The first argument should be the value of localip, the
second should be the same range as remoteip (just in a slightly
different format - you gotta spell out the whole range this time) and
the last needs to be 255.255.255.255
Now, start up the daemon with:
/usr/local/sbin/pptpd -d
The remaining setup need to be done on your windows machine. I am
assuming you are using Windows XP here, but its pretty much the same as
Windows 2000. Go to Start|Settings|Network Connections. Click the new
connection wizard. You want to "Connect to the network at my workplace"
or something along those lines - whichever one relates to VPNs. Click
next. Choose Virtual Private Network Connection. Click Next. In the
COmpany Name, type whatever you wish and hot next. The next box will
ask you if it should dial your dialup connection before trying to start
this one - choose whichever is appropriate and hit next. In the host
name, you need to put the IP of your BSD box (the real routable
address...dealing with NAT is another issue). The next screen asks who
to make this connection for, choose whiever is appropriate. Next. Hit
Finish.
Phew! Only a little more to go. Windows will now pop up the connection
box for this connection. STOP! SLOW DOWN! DONT CONNECT YET. Breathe.
Ok, Ready? Hit Properties. Under security, you need to *disable*
"Require data encryption" THis is just a tunnel, not a IPSec encrypted
connection. Click OK, and for your username and password enter your
username and password on the BSD box. Life should be good.
Have fun with your new VPN.
More information about the pptp-server
mailing list