FreeBSD 10.3 : Mpd5 PPTP SERVER – PPPoE SERVER – PPPoE Client

mpd5 pptp server:

 

pkg install mpd5

sysrc mpd_enable="YES"

cd /usr/local/etc/mpd5

vi mpd.conf

startup:
    set user mpd_consol_user mpd_consol_password  
    set console self 127.0.0.1 5005
    set console open
    set web self 0.0.0.0 5006
    set web open
default:
    load pptp_server
pptp_server:
    set ippool add pool1 10.0.0.2 10.0.0.254
    create bundle template B
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set iface route 10.0.0.1
    set ipcp yes vjcomp
    set ipcp ranges 10.0.0.1/32 ippool pool1
    set ipcp dns 8.8.8.8
    set ipcp dns 4.2.2.4
    set ipcp nbns 10.0.0.1
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless
    create link template L pptp
    set link fsm-timeout 5
    set link action bundle B
    set link enable multilink
    set link yes acfcomp protocomp
    set link no pap chap eap chap-msv2
    set link enable chap chap-msv2 eap
    set link accept chap-msv2
    set link keep-alive 10 60
    set link mtu 1460
    set pptp self 192.168.100.1
    set link enable incoming

vi mpd.secret

# here you have for each user the password and the ip he receives when connecting
mehdi "admin" 10.0.0.10
mehdi2 "password_mehdi2" *

add following lines to the end of /etc/syslog.conf

!mpd
*.* /var/log/mpd.log
!*

if the last line !* exists, just put

!mpd
*.* /var/log/mpd.log

if you want to use RADIUS as authentication and accounting SERVER use the following mpd.conf:

vi /usr/local/etc/mpd5/mpd.conf

startup:
    set user mpd_consol_user mpd_consol_password
    set console self 127.0.0.1 5005
    set console open
#the following 2 lines enables web consol
    #set web self 0.0.0.0 5006
    #set web open
    set radsrv peer 127.0.0.1 radius_secret
       set radsrv open
#the folowinf 3 lines enables change of authorization
    set radsrv self 127.0.0.1    
    set radsrv enable coa
    set radsrv enable coa
    log +radius +radius2
default:
    load pptp_server
pptp_server:
    set ippool add pool1 10.0.0.2 10.0.0.254    
    create bundle template B
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set iface route 10.0.0.1
    set ipcp no  vjcomp
    set ipcp ranges 10.0.0.1/32 ippool pool1
    set ipcp dns 8.8.8.8
    set ipcp dns 4.2.2.4
    set ipcp nbns 10.0.0.1
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless
    create link template L pptp
#the following line enables reporting of user's mac address to radius server
    #set link enable report-mac
    set ipcp no vjcomp
    set link fsm-timeout 5
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap
    set link enable chap mschap pap
    set link accept chap mschap pap
    set link keep-alive 20 100
    set link mtu 1300
    set pptp self 192.168.100.1
    load radius
    set link enable incoming

radius:
    set radius server 127.0.0.1 radius_secret 1812 1813
    set radius retries 1
    set radius timeout 3
    set radius me 127.0.0.1
    set auth acct-update  60
    set auth enable radius-auth
    set auth enable radius-acct
    set auth disable internal
    set auth max-logins 1
    set radius disable message-authentic
    set radius update-limit-in 100000
    set radius update-limit-out 100000
    set radius acct-update 60

Note: the interface name in the configuration mentioned as “if1” and the address associated with it is “192.168.100.1”. change them to suit your needs.

service mpd5 start

 

MPD5 PPPoE SERVER:

All Configs is the same but we need some changes to mpd.conf

vi /usr/local/etc/mpd5/mpd.conf

    # each user get an IP address according to it's RADIUS value of the attribute
    # named 'Framed-Pool', from the RADIUS response packet
    # A generic IP pool, no user should have it's address assigned fom this pool
    create bundle template B
    set ippool add pool1 10.0.0.2 10.0.0.254
    set ipcp ranges 10.0.0.1/32 ippool pool1
        set ipcp dns 8.8.8.8
       set iface enable tcpmssfix
    set ipcp no vjcomp
    #set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh
    #set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh

    create link template common pppoe
    #set link enable multilink
    set link disable multilink
    set link action bundle B
    set link disable chap pap eap
    set link enable pap
    set link disable check-magic
    set link accept check-magic
    set link keep-alive 20 100
    set link mtu 1300
    set iface enable tcpmssfix
    load radius
    set pppoe service "*"

    # use the re1 interface for incoming connections
    create link template if1 common
    set link max-children 1000
    set pppoe iface if1
    set link keep-alive 20 100
    set link mtu 1300
    set bundle disable multilink
    set iface enable tcpmssfix
    set ipcp no vjcomp
    set link enable incoming

    # use the vlan100 interface too, if you want to server pppoe server on some sort of vlans
    #create link template vlan100 common
    #set link max-children 1000
    #set pppoe iface vlan100
    #set link enable incoming

radius:
    set radius server 127.0.0.1 radius_secret 1812 1813
    set radius retries 1
    set radius timeout 3
    set radius me 127.0.0.1
    set auth acct-update  60
    set auth enable radius-auth
    set auth enable radius-acct
    set auth disable internal
    set auth max-logins 1
    set radius disable message-authentic
    set radius update-limit-in 100000
    set radius update-limit-out 100000
    set radius acct-update 60
service mpd5 restart

PPPoE Client + PPTP SERVER :

vi /usr/local/etc/mpd5/mpd.conf

startup:
    set user mpd_consol_user mpd_consol_password
    set console self 127.0.0.1 5005
    set console open
    #set web self 0.0.0.0 5006
    #set web open
    set radsrv peer 127.0.0.1 radius_secret
       set radsrv open
    set radsrv self 127.0.0.1    
    set radsrv enable coa
    set radsrv enable coa
    log +radius +radius2
default:
    load pptp_server
    load pppoe_client

pppoe_client:

        create bundle static B1
        set iface route default
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
    set iface name pppoe
    set iface up-script /usr/local/etc/mpd5/link_up.sh
        create link static L1 pppoe
        set link action bundle B1
        set auth authname pppoe_client_user
        set auth password pppoe_client_password
        set link max-redial 0
        set link mtu 1460
        set link keep-alive 10 60
#witch interface will use to connect pppoe client
        set pppoe iface if2
        set pppoe service ""
        open

pptp_server:
    set ippool add pool1 10.0.0.2 10.0.0.254    
    create bundle template B
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set iface route 10.0.0.1
    set ipcp no vjcomp
    set ipcp ranges 10.0.0.1/32 ippool pool1
    set ipcp dns 8.8.8.8
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless
    create link template L pptp
    #set link enable report-mac
    set link fsm-timeout 5
    set link action bundle B
    set link disable multilink
    set link yes acfcomp protocomp
    set link no pap
    set link enable chap mschap pap
    set link accept chap mschap pap
    set link keep-alive 200 100
    set link mtu 1300
    set pptp self 192.168.100.1
    load radius
    set link enable incoming

radius:
    set radius server 127.0.0.1 radius_secret 1812 1813
    set radius retries 1
    set radius timeout 3
    set radius me 127.0.0.1
    set auth acct-update  60
    set auth enable radius-auth
    set auth enable radius-acct
    set auth disable internal
    set auth max-logins 1
    set radius disable message-authentic
    set radius update-limit-in 100000
    set radius update-limit-out 100000
    set radius acct-update 60

Note: if you are using pf with dynamic address on pppoe client interface for nat, use the up_script to restart pf every time pppoe client connected.

   set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh
   #set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh

vi /usr/local/etc/mpd5/scripts/mpd_linkup.sh

service pf restart

By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com
TAG: freebsd 10, freebsd 10.3, mpd, mpd5, pptp server, vpn server, pppoe server, pppoe, pppoe client, radius