PPTP Server on FreeBSD

- Running PoPToP in FreeBSD -

  1. Requirements
  2. Kernel Configuration
  3. PPTPd Installation and Configuration
  4. PPP Configuration
  5. Debugging
  6. Client Configuration Notes


PoPToP requires FreeBSD 3.1 or later with support for packet tunnels ("tun" devices). This document describes how to run PoPToP with PPP (aka "userland ppp"), not PPPd. Because of this, the setup is quite different from Linux. You can use a server and clients from FreeBSD Packages or Ports. Server package is poptop-1.1.2. Client package is pptpclient-1.0.3. Both packages is in Category net. Each version is for 4.5-RELEASE.

Kernel Configuration

4.X Kernels

You simply need this line, which is included in the "GENERIC" Kernel:

pseudo-device   tun             # Packet tunnel.

PPTPd Installation and Configuration

This is the easy part - just install poptop from Packages or Ports under the "net" category.
Then setup your pptpd.conffile, usually in /usr/local/etc. Mine looks like this:

option /usr/local/etc/pptpd.options
# turn debugging on only if you need it
# if you have multiple addresses and only want to "listen" on one:
##listen --local if IP Address--
pidfile /var/run/pptpd.pid

This says turn off debugging(comment out debug line), use as the server IP address, and assign through to clients. You make sure that the server and client pools don't overlap.

PPP Configuration

  1. /etc/ppp/ppp.conf
  2. /etc/ppp/ppp.secret


Now for some copying and pasting. The following lines are contents of /etc/ppp/ppp.conf file.

 set timeout 0
 set log Phase Chat LCP IPCP CCP TUN Command Connect
 disable vjcomp deflate pred1

 set device localhost:pptp
 # Server IP address, Range for Clients, and Netmask
 set ifaddr
 set server /tmp/loop "" 0177
 enable chap
 enable MSChapV2
 enable MSChap
 disable pap
 # Authenticate against /etc/passwd
 ##enable passwdauth
 enable proxy
 ##accept dns
 # DNS Servers to assign client
 ##set dns
 # NetBIOS/WINS Servers to assign client
 ##set nbns
 allow mode direct
 # Radius Server
 ##set radius /etc/ppp/radius.conf


If you don't use UNIX password authentication, you must create a /etc/ppp/ppp.secret file containing usernames and passwords for authentication. For example:

#user		password
poripori	puripuri
taro		ichiro


If "debug" is enabled in pptpd.conf, pptpd will write some debugging information to /var/log/messages. Most of the useful information however is actually written by PPP in the file /var/log/ppp.log .

Client Configuration Notes

PPTP clients in FreeBSD

In FreeBSD, pptpclient use PPP(aka "userland ppp"). You must configure ppp. The following is /etc/ppp/ppp.conf for a pptp clients.

/etc/ppp/ppp.conf for a client

 set log Phase Chat LCP IPCP CCP TUN Command Connect
 set ifaddr
 add default HISADDR
 set timeout 300
 enable dns
 accept dns
 deny lqr
 disable vjcomp deflate pred1
 deny vjcomp deflate pred1

 set device localhost:pptp
 accept MSChapV2
 set authname poripori
 set authkey hyper

Running PPTP clients in FreeBSD

Synopsis is the following:

% pptp <Server name or IP address> <label>

For expample:
% pptp pptp-server.poripori.net pptp

Written and maintained by Akira Shinoda.