[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PPTP Server



Greetings,
I tought since long time to write howto, but ...

you need kernel without gre (comment "pseudo-device gre n"
you can also clean a lot of other stuff shown from ifconfig -A) 
and put enough tuns (pseudo-device tun 10)

compile make and install poptop 
(there are some options for config regarding bsd - use it)


#-------------- less /etc/pptpd.conf ------------------------------
option /etc/ppp/ppp.conf
#debug

# if you have multiple addresses and only want to "listen" on one:
listen $ext_ip_addr_to_connect

speed 115200
localip $loc_ip_addr_int_net

# ip_adrreses for the remote users
# comment: use net which differ from your internal net (config your pf and routing)
remoteip 10.1.4.200-210 
pidfile /var/run/pptpd.pid

#------------------- /etc/ppp/ppp.conf ---------------------------
loop:
 set timeout 0
 set log phase chat connect lcp ipcp command
 set device localhost:pptp
 set dial
 set login
 # Server (local) IP address, Range for Clients, and Netmask
 set ifaddr $loc_ip_addr_int_net 10.1.4.200-10.1.4.210 255.255.255.255
 set server /tmp/loop "" 0177

loop-in:
 set timeout 0
 set log phase lcp ipcp command
 allow mode direct

pptp:
 load loop
 enable MSCHAPv2
 disable deflate pred1
 deny deflate pred1
 disable pap
 set mppe * *
 disable ipv6cp
 #enable mppc
 accept dns
 set dns $int_dns_1 $int_dns_2
 set nbns $int_dns_1 $int_wins_2
 set device !/etc/ppp/secure

#-------------------- 711 /etc/ppp/secure ------------------------
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

#-------------------- 600 /etc/ppp/ppp.secret ---------------------
hm noidea * *

#-------------------- /etc/inetd.conf------------------------------
8081            stream  tcp     nowait  root    /usr/libexec/ftp-proxy  ftp-proxy
ppploop         stream  tcp     nowait  root    /usr/sbin/ppp ppp -direct loop-in

#-------------------- /etc/pf.conf   -----------------------------
pass in  quick on $ext_if proto gre from any to $ext_ip_addr_to_connect
pass out quick on $ext_if proto gre from $ext_ip_addr_to_connect to any
pass in quick on $ext_if inet proto tcp from any to $ext_ip_addr_to_connect port = 1723 flags S/SA keep state
#-----------------------end --------------------------------------

P.S. A lot of help I received from Robert S. 
     - thank you for the tips (especially about the second net instead of proxyarp )

Hope nobody will have trobles with this, but if anybody does - i'm 100% not responsible :)
Please use ipsec in all the cases you have the possibility

Greeting,
qstreb


On Wed, Jun 26, 2002 at 11:07:27PM -0400, Chris wrote:
> Greetings,
> 
> 	I have searched around quite a bit and cannot come up with anything decent.
> I have seen some postings through the mailing lists, but none of them seemed
> answered either. Anyway.. Simply put, has anybody been successful in setting
> up a PPTP server for windows(98,etc) clients to connect to? PoPToP is
> available, but there is no encryption. There is MPD for FreeBSD, but that
> doesn't seem to be happy on OpenBSD. If anybody has any hints on setting up
> a PPTP server with encryption, I would greatly appreciate it.
> 
> Thanks!
> - Chris



Visit your host, monkey.org