PPTP Server on FreeBSD

- Running PoPToP in FreeBSD -


  1. Requirements
  2. Kernel Configuration
  3. PPTPd Installation and Configuration
  4. PPP Configuration
  5. Debugging
  6. Client Configuration Notes

Requirements

PoPToP requires FreeBSD 3.1 or later with support for packet tunnels ("tun" devices). This document describes how to run PoPToP with PPP (aka "userland ppp"), not PPPd. Because of this, the setup is quite different from Linux. You can use a server and clients from FreeBSD Packages or Ports. Server package is poptop-1.1.2. Client package is pptpclient-1.0.3. Both packages is in Category net. Each version is for 4.5-RELEASE.


Kernel Configuration

4.X Kernels

You simply need this line, which is included in the "GENERIC" Kernel:

pseudo-device   tun             # Packet tunnel.

PPTPd Installation and Configuration

This is the easy part - just install poptop from Packages or Ports under the "net" category.
Then setup your pptpd.conffile, usually in /usr/local/etc. Mine looks like this:

option /usr/local/etc/pptpd.options
# turn debugging on only if you need it
##debug
localip 192.168.1.224
remoteip 192.168.1.233-233,192.168.1.238
# if you have multiple addresses and only want to "listen" on one:
##listen --local if IP Address--
pidfile /var/run/pptpd.pid

This says turn off debugging(comment out debug line), use 192.168.1.224 as the server IP address, and assign 192.168.1.233 through 192.168.1.238 to clients. You make sure that the server and client pools don't overlap.


PPP Configuration

  1. /etc/ppp/ppp.conf
  2. /etc/ppp/ppp.secret

/etc/ppp/ppp.conf

Now for some copying and pasting. The following lines are contents of /etc/ppp/ppp.conf file.

default:
 set timeout 0
 set log Phase Chat LCP IPCP CCP TUN Command Connect
 disable vjcomp deflate pred1

pptp:
 set device localhost:pptp
 # Server IP address, Range for Clients, and Netmask
 set ifaddr 192.168.1.224 192.168.1.233-192.168.1.238 255.255.255.255
 set server /tmp/loop "" 0177
 enable chap
 enable MSChapV2
 enable MSChap
 disable pap
 # Authenticate against /etc/passwd
 ##enable passwdauth
 enable proxy
 ##accept dns
 # DNS Servers to assign client
 ##set dns 192.168.1.10 192.168.1.11
 # NetBIOS/WINS Servers to assign client
 ##set nbns 192.168.1.11 192.168.1.12
 allow mode direct
 # Radius Server
 ##set radius /etc/ppp/radius.conf

/etc/ppp/ppp.secret

If you don't use UNIX password authentication, you must create a /etc/ppp/ppp.secret file containing usernames and passwords for authentication. For example:


#user		password
poripori	puripuri
taro		ichiro


Debugging

If "debug" is enabled in pptpd.conf, pptpd will write some debugging information to /var/log/messages. Most of the useful information however is actually written by PPP in the file /var/log/ppp.log .


Client Configuration Notes


PPTP clients in FreeBSD

In FreeBSD, pptpclient use PPP(aka "userland ppp"). You must configure ppp. The following is /etc/ppp/ppp.conf for a pptp clients.

/etc/ppp/ppp.conf for a client

default:
 set log Phase Chat LCP IPCP CCP TUN Command Connect
 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
 add default HISADDR
 set timeout 300
 enable dns
 accept dns
 deny lqr
 disable vjcomp deflate pred1
 deny vjcomp deflate pred1

pptp:
 set device localhost:pptp
 accept MSChapV2
 set authname poripori
 set authkey hyper

Running PPTP clients in FreeBSD

Synopsis is the following:

% pptp <Server name or IP address> <label>

For expample:
% pptp pptp-server.poripori.net pptp

Written and maintained by Akira Shinoda.