mpd5 pptp server:
pkg install mpd5 sysrc mpd_enable="YES" cd /usr/local/etc/mpd5
vi mpd.conf
startup:
set user mpd_consol_user mpd_consol_password
set console self 127.0.0.1 5005
set console open
set web self 0.0.0.0 5006
set web open
default:
load pptp_server
pptp_server:
set ippool add pool1 10.0.0.2 10.0.0.254
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface route 10.0.0.1
set ipcp yes vjcomp
set ipcp ranges 10.0.0.1/32 ippool pool1
set ipcp dns 8.8.8.8
set ipcp dns 4.2.2.4
set ipcp nbns 10.0.0.1
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pptp
set link fsm-timeout 5
set link action bundle B
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap eap chap-msv2
set link enable chap chap-msv2 eap
set link accept chap-msv2
set link keep-alive 10 60
set link mtu 1460
set pptp self 192.168.100.1
set link enable incoming
vi mpd.secret
# here you have for each user the password and the ip he receives when connecting mehdi "admin" 10.0.0.10 mehdi2 "password_mehdi2" *
add following lines to the end of /etc/syslog.conf
!mpd *.* /var/log/mpd.log !*
if the last line !* exists, just put
!mpd *.* /var/log/mpd.log
if you want to use RADIUS as authentication and accounting SERVER use the following mpd.conf:
vi /usr/local/etc/mpd5/mpd.conf
startup:
set user mpd_consol_user mpd_consol_password
set console self 127.0.0.1 5005
set console open
#the following 2 lines enables web consol
#set web self 0.0.0.0 5006
#set web open
set radsrv peer 127.0.0.1 radius_secret
set radsrv open
#the folowinf 3 lines enables change of authorization
set radsrv self 127.0.0.1
set radsrv enable coa
set radsrv enable coa
log +radius +radius2
default:
load pptp_server
pptp_server:
set ippool add pool1 10.0.0.2 10.0.0.254
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface route 10.0.0.1
set ipcp no vjcomp
set ipcp ranges 10.0.0.1/32 ippool pool1
set ipcp dns 8.8.8.8
set ipcp dns 4.2.2.4
set ipcp nbns 10.0.0.1
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pptp
#the following line enables reporting of user's mac address to radius server
#set link enable report-mac
set ipcp no vjcomp
set link fsm-timeout 5
set link action bundle B
set link disable multilink
set link yes acfcomp protocomp
set link no pap
set link enable chap mschap pap
set link accept chap mschap pap
set link keep-alive 20 100
set link mtu 1300
set pptp self 192.168.100.1
load radius
set link enable incoming
radius:
set radius server 127.0.0.1 radius_secret 1812 1813
set radius retries 1
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 60
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
set auth max-logins 1
set radius disable message-authentic
set radius update-limit-in 100000
set radius update-limit-out 100000
set radius acct-update 60
Note: the interface name in the configuration mentioned as “if1” and the address associated with it is “192.168.100.1”. change them to suit your needs.
service mpd5 start
MPD5 PPPoE SERVER:
All Configs is the same but we need some changes to mpd.conf
vi /usr/local/etc/mpd5/mpd.conf
# each user get an IP address according to it's RADIUS value of the attribute
# named 'Framed-Pool', from the RADIUS response packet
# A generic IP pool, no user should have it's address assigned fom this pool
create bundle template B
set ippool add pool1 10.0.0.2 10.0.0.254
set ipcp ranges 10.0.0.1/32 ippool pool1
set ipcp dns 8.8.8.8
set iface enable tcpmssfix
set ipcp no vjcomp
#set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh
#set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh
create link template common pppoe
#set link enable multilink
set link disable multilink
set link action bundle B
set link disable chap pap eap
set link enable pap
set link disable check-magic
set link accept check-magic
set link keep-alive 20 100
set link mtu 1300
set iface enable tcpmssfix
load radius
set pppoe service "*"
# use the re1 interface for incoming connections
create link template if1 common
set link max-children 1000
set pppoe iface if1
set link keep-alive 20 100
set link mtu 1300
set bundle disable multilink
set iface enable tcpmssfix
set ipcp no vjcomp
set link enable incoming
# use the vlan100 interface too, if you want to server pppoe server on some sort of vlans
#create link template vlan100 common
#set link max-children 1000
#set pppoe iface vlan100
#set link enable incoming
radius:
set radius server 127.0.0.1 radius_secret 1812 1813
set radius retries 1
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 60
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
set auth max-logins 1
set radius disable message-authentic
set radius update-limit-in 100000
set radius update-limit-out 100000
set radius acct-update 60
service mpd5 restart
PPPoE Client + PPTP SERVER :
vi /usr/local/etc/mpd5/mpd.conf
startup:
set user mpd_consol_user mpd_consol_password
set console self 127.0.0.1 5005
set console open
#set web self 0.0.0.0 5006
#set web open
set radsrv peer 127.0.0.1 radius_secret
set radsrv open
set radsrv self 127.0.0.1
set radsrv enable coa
set radsrv enable coa
log +radius +radius2
default:
load pptp_server
load pppoe_client
pppoe_client:
create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface name pppoe
set iface up-script /usr/local/etc/mpd5/link_up.sh
create link static L1 pppoe
set link action bundle B1
set auth authname pppoe_client_user
set auth password pppoe_client_password
set link max-redial 0
set link mtu 1460
set link keep-alive 10 60
#witch interface will use to connect pppoe client
set pppoe iface if2
set pppoe service ""
open
pptp_server:
set ippool add pool1 10.0.0.2 10.0.0.254
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface route 10.0.0.1
set ipcp no vjcomp
set ipcp ranges 10.0.0.1/32 ippool pool1
set ipcp dns 8.8.8.8
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pptp
#set link enable report-mac
set link fsm-timeout 5
set link action bundle B
set link disable multilink
set link yes acfcomp protocomp
set link no pap
set link enable chap mschap pap
set link accept chap mschap pap
set link keep-alive 200 100
set link mtu 1300
set pptp self 192.168.100.1
load radius
set link enable incoming
radius:
set radius server 127.0.0.1 radius_secret 1812 1813
set radius retries 1
set radius timeout 3
set radius me 127.0.0.1
set auth acct-update 60
set auth enable radius-auth
set auth enable radius-acct
set auth disable internal
set auth max-logins 1
set radius disable message-authentic
set radius update-limit-in 100000
set radius update-limit-out 100000
set radius acct-update 60
Note: if you are using pf with dynamic address on pppoe client interface for nat, use the up_script to restart pf every time pppoe client connected.
set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh #set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh
vi /usr/local/etc/mpd5/scripts/mpd_linkup.sh
service pf restart
By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com
TAG: freebsd 10, freebsd 10.3, mpd, mpd5, pptp server, vpn server, pppoe server, pppoe, pppoe client, radius