[pptp-server] It Works: FreeBSD and PoPToP HOWTO!

Philip J Beyer phil at beyer.family-site.org
Wed May 22 15:27:19 CDT 2002

i also had trouble setting poptop up for the first time on FreeBSD 4.x
... i'm glad you were able to figure it out and return your findings to
the community

> You will also need to create a /etc/ppp/options file:

this file is not necessary... it is actually a file that "pppd" uses,
but not the userland "ppp" that you reference later... on FreeBSD,
poptop currently uses "ppp"... i can confirm this because i'm running
fine without that options file ;-)

> The last file you need is /etc/ppp/ppp.conf
> ---/etc/ppp/ppp.conf----
-- snipped --
> pptp:
>          load loop
>          enable chap
>          enable pap
>          # Authenticate against /etc/passwd
>          enable passwdauth
>          # The next depends on your routing. Proxy arp is an 
> easy way out
>          enable proxy
>          accept dns
>          # DNS Servers to assign client - replace with your own
>          set dns
>          set device !/etc/ppp/secure
> ---/etc/ppp/ppp.conf----

an FYI for others who are reading this:  you do not have to setup users
in /etc/passwd for this to work... you can put your PPTP users in
/etc/ppp/ppp.secret and it will work just fine

i have a slightly different setup than Matt... in order to force the use
of a reasonably secure authentication method and to allow M$ users to
encrypt their communications (which is the precise reason i am setting
up a poptop vpn in the first place ;-P), my pptp section is as follows:

--- /etc/ppp/ppp.conf ---
[ all of the rest snipped ]
 load loop
 enable proxy
 enable dns

 enable chap81
 disable pap
 disable deflate pred1
 deny deflate pred1

 set dns
 set nbns
 set device !/etc/ppp/secure
--- /etc/ppp/ppp.conf ---

>   Ok, Ready?  Hit Properties.  Under security, you need to *disable* 
> "Require data encryption"  THis is just a tunnel, not a IPSec 
> encrypted 
> connection.  Click OK, and for your username and password enter your 
> username and password on the BSD box.  Life should be good.

if you decide to use the method outlined above for enabling MS-CHAPv2, a
Windows VPN client will negotiate the connection successfully using its
defaults (i.e. it will encrypt the data over the wire)... which means
you won't have to "disable" anything ;-)

good luck all,

More information about the pptp-server mailing list