FreeBSD VPN

Benjamin Close — Thu, 13 Nov 2008 14:24:20 +0000

FreeBSD VPN

This document describes how to setup both the server side and client side for a PPTP connection with MPPE encryption that works for windows, MacOsX and other freebsd boxes.

The basic process:

 - Install & configure pptpserver on the freebsd server
 - Configure ppp on the freebsd server
 - Setup the clients

1. Installing pptpserver

This part is handled really easily as it pptp server exists in the ports collections. Hence all you need to do is:

 cd /usr/port/net/poptop
 make install

To configure pptp modify /usr/local/etc/pptp.conf\\ Put the following lines in the file:

 localip 192.168.2.1
 remoteip 192.168.2.56-75

 # Listen on the outside interface only
 listen 130.220.37.202

Configure ppp on the freebsd server

Edit /etc/ppp/ppp.conf and set the following target only:

  pptp:
    set ifaddr 192.168.1.1 192.168.1.56-192.168.1.74 255.255.255.255
   set dns 192.168.0.1
    set nbns 192.168.0.1
   disable pap
   disable utmp
   disable passwdauth
   #enable chap     # MPPE Requirest chap81/MSChapV2
   enable MSChapV2
   enable mppe      # Enable Encrptions
   set log Phase Chat LCP IPCP CCP tun command  # Debugging
   set timeout 0   # Don't drop the connection

   #
   # Force 128 bit encryption with a key change every packet
   # MacOSX only works with stateless connections and the are more
   # secure anyway - just less efficient.
   set mppe 128 stateless

   # Disable compression - freebsd clients try to use it but it breaks mppe
   disable deflate pred1
   deny deflate pred1
   set server /var/run/pptp_ppp_%d "" 0700
   accept dns              # Enable clients to request dns details
   disable ipv6cp          # Disable ipv6
   enable proxy            # Enable proxying addresses on the local net for clients

Now modify/create /etc/ppp/ppp.secret and put in it:

 someuser  userpassword  192.168.1.75

Now ‘someuser’ can log in with the password ‘userpassword’ and will get an IP address of 192.168.1.75. If you don’t want to specify the ip, just leave the 3rd parameter off that line of the file.

Setup Clients

This section details how to setup various clients

Windows XP

 - Create a new VPN connection
 - Specify host
 - Specify Usename  / password
 - Hit connect

FreeBSD

Freebsd works with MPPE out the box. Simply setup the following in /etc/ppp.conf

 MYVPN:
   set authname someuser
   set authkey  userpassword
   disable pred1
   enable proxy
   disable ipv6cp
   set timeout 0
   add default HISADDR

Install pptpclient

   cd /usr/ports/net/pptpclient
   make install

Now run it with: pptp serverip MYVPN\\ ie:

  pptp  130.220.37.2 MYVPN

Mac OsX

Simply configure the GUI tool.

FreeBSD VPN

Benjamin Close — Fri, 07 Nov 2008 04:16:30 +0000

This document describes how to setup both the server side and client side for a PPTP connection with MPPE encryption that works for windows, MacOsX and other freebsd boxes.

Note, it was based on FreeBSD 6 series, whether it works with later versions of FreeBSD is unknown.

The basic process:

 - Install & configure pptpserver on the freebsd server
 - Configure ppp on the freebsd server
 - Setup the clients

1. Installing pptpserver

This part is handled really easily as it pptp server exists in the ports collections. Hence all you need to do is:

 cd /usr/port/net/poptop
 make install

To configure pptp modify /usr/local/etc/pptp.conf\\ Put the following lines in the file:

 localip 192.168.2.1
 remoteip 192.168.2.56-75

 # Listen on the outside interface only
 listen 130.220.37.202

Configure ppp on the freebsd server

Edit /etc/ppp/ppp.conf and set the following target only:

  pptp:
    set ifaddr 192.168.1.1 192.168.1.56-192.168.1.74 255.255.255.255
   set dns 192.168.0.1
    set nbns 192.168.0.1
   disable pap
   disable utmp
   disable passwdauth
   #enable chap     # MPPE Requirest chap81/MSChapV2
   enable MSChapV2
   enable mppe      # Enable Encrptions
   set log Phase Chat LCP IPCP CCP tun command  # Debugging
   set timeout 0   # Don't drop the connection

   #
   # Force 128 bit encryption with a key change every packet
   # MacOSX only works with stateless connections and the are more
   # secure anyway - just less efficient.
   set mppe 128 stateless

   # Disable compression - freebsd clients try to use it but it breaks mppe
   disable deflate pred1
   deny deflate pred1
   set server /var/run/pptp_ppp_%d "" 0700
   accept dns              # Enable clients to request dns details
   disable ipv6cp          # Disable ipv6
   enable proxy            # Enable proxying addresses on the local net for clients

Now modify/create /etc/ppp/ppp.secret and put in it:

 someuser  userpassword  192.168.1.75

Setup Clients

This section details how to setup various clients

Windows XP

 - Create a new VPN connection
 - Specify host
 - Specify Usename  / password
 - Hit connect

FreeBSD

Freebsd works with MPPE out the box. Simply setup the following in /etc/ppp.conf

 MYVPN:
   set authname someuser
   set authkey  userpassword
   disable pred1
   enable proxy
   disable ipv6cp
   set timeout 0
   add default HISADDR

Install pptpclient

   cd /usr/ports/net/pptpclient
   make install

Now run it with: pptp serverip MYVPN\\ ie:

  pptp  130.220.37.2 MYVPN

Mac OsX

Simply configure the GUI tool.

ClearChain » pptp

FreeBSD VPN

FreeBSD VPN

1. Installing pptpserver

Configure ppp on the freebsd server

Setup Clients

Windows XP

FreeBSD

Mac OsX

FreeBSD VPN

1. Installing pptpserver

Configure ppp on the freebsd server

Setup Clients

Windows XP

FreeBSD

Mac OsX