mpd5 pptp server:
pkg install mpd5 sysrc mpd_enable="YES" cd /usr/local/etc/mpd5
vi mpd.conf
startup: set user mpd_consol_user mpd_consol_password set console self 127.0.0.1 5005 set console open set web self 0.0.0.0 5006 set web open default: load pptp_server pptp_server: set ippool add pool1 10.0.0.2 10.0.0.254 create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set iface route 10.0.0.1 set ipcp yes vjcomp set ipcp ranges 10.0.0.1/32 ippool pool1 set ipcp dns 8.8.8.8 set ipcp dns 4.2.2.4 set ipcp nbns 10.0.0.1 set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless create link template L pptp set link fsm-timeout 5 set link action bundle B set link enable multilink set link yes acfcomp protocomp set link no pap chap eap chap-msv2 set link enable chap chap-msv2 eap set link accept chap-msv2 set link keep-alive 10 60 set link mtu 1460 set pptp self 192.168.100.1 set link enable incoming
vi mpd.secret
# here you have for each user the password and the ip he receives when connecting mehdi "admin" 10.0.0.10 mehdi2 "password_mehdi2" *
add following lines to the end of /etc/syslog.conf
!mpd *.* /var/log/mpd.log !*
if the last line !* exists, just put
!mpd *.* /var/log/mpd.log
if you want to use RADIUS as authentication and accounting SERVER use the following mpd.conf:
vi /usr/local/etc/mpd5/mpd.conf
startup: set user mpd_consol_user mpd_consol_password set console self 127.0.0.1 5005 set console open #the following 2 lines enables web consol #set web self 0.0.0.0 5006 #set web open set radsrv peer 127.0.0.1 radius_secret set radsrv open #the folowinf 3 lines enables change of authorization set radsrv self 127.0.0.1 set radsrv enable coa set radsrv enable coa log +radius +radius2 default: load pptp_server pptp_server: set ippool add pool1 10.0.0.2 10.0.0.254 create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set iface route 10.0.0.1 set ipcp no vjcomp set ipcp ranges 10.0.0.1/32 ippool pool1 set ipcp dns 8.8.8.8 set ipcp dns 4.2.2.4 set ipcp nbns 10.0.0.1 set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless create link template L pptp #the following line enables reporting of user's mac address to radius server #set link enable report-mac set ipcp no vjcomp set link fsm-timeout 5 set link action bundle B set link disable multilink set link yes acfcomp protocomp set link no pap set link enable chap mschap pap set link accept chap mschap pap set link keep-alive 20 100 set link mtu 1300 set pptp self 192.168.100.1 load radius set link enable incoming radius: set radius server 127.0.0.1 radius_secret 1812 1813 set radius retries 1 set radius timeout 3 set radius me 127.0.0.1 set auth acct-update 60 set auth enable radius-auth set auth enable radius-acct set auth disable internal set auth max-logins 1 set radius disable message-authentic set radius update-limit-in 100000 set radius update-limit-out 100000 set radius acct-update 60
Note: the interface name in the configuration mentioned as “if1” and the address associated with it is “192.168.100.1”. change them to suit your needs.
service mpd5 start
MPD5 PPPoE SERVER:
All Configs is the same but we need some changes to mpd.conf
vi /usr/local/etc/mpd5/mpd.conf
# each user get an IP address according to it's RADIUS value of the attribute # named 'Framed-Pool', from the RADIUS response packet # A generic IP pool, no user should have it's address assigned fom this pool create bundle template B set ippool add pool1 10.0.0.2 10.0.0.254 set ipcp ranges 10.0.0.1/32 ippool pool1 set ipcp dns 8.8.8.8 set iface enable tcpmssfix set ipcp no vjcomp #set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh #set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh create link template common pppoe #set link enable multilink set link disable multilink set link action bundle B set link disable chap pap eap set link enable pap set link disable check-magic set link accept check-magic set link keep-alive 20 100 set link mtu 1300 set iface enable tcpmssfix load radius set pppoe service "*" # use the re1 interface for incoming connections create link template if1 common set link max-children 1000 set pppoe iface if1 set link keep-alive 20 100 set link mtu 1300 set bundle disable multilink set iface enable tcpmssfix set ipcp no vjcomp set link enable incoming # use the vlan100 interface too, if you want to server pppoe server on some sort of vlans #create link template vlan100 common #set link max-children 1000 #set pppoe iface vlan100 #set link enable incoming radius: set radius server 127.0.0.1 radius_secret 1812 1813 set radius retries 1 set radius timeout 3 set radius me 127.0.0.1 set auth acct-update 60 set auth enable radius-auth set auth enable radius-acct set auth disable internal set auth max-logins 1 set radius disable message-authentic set radius update-limit-in 100000 set radius update-limit-out 100000 set radius acct-update 60
service mpd5 restart
PPPoE Client + PPTP SERVER :
vi /usr/local/etc/mpd5/mpd.conf
startup: set user mpd_consol_user mpd_consol_password set console self 127.0.0.1 5005 set console open #set web self 0.0.0.0 5006 #set web open set radsrv peer 127.0.0.1 radius_secret set radsrv open set radsrv self 127.0.0.1 set radsrv enable coa set radsrv enable coa log +radius +radius2 default: load pptp_server load pppoe_client pppoe_client: create bundle static B1 set iface route default set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface name pppoe set iface up-script /usr/local/etc/mpd5/link_up.sh create link static L1 pppoe set link action bundle B1 set auth authname pppoe_client_user set auth password pppoe_client_password set link max-redial 0 set link mtu 1460 set link keep-alive 10 60 #witch interface will use to connect pppoe client set pppoe iface if2 set pppoe service "" open pptp_server: set ippool add pool1 10.0.0.2 10.0.0.254 create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set iface route 10.0.0.1 set ipcp no vjcomp set ipcp ranges 10.0.0.1/32 ippool pool1 set ipcp dns 8.8.8.8 set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless create link template L pptp #set link enable report-mac set link fsm-timeout 5 set link action bundle B set link disable multilink set link yes acfcomp protocomp set link no pap set link enable chap mschap pap set link accept chap mschap pap set link keep-alive 200 100 set link mtu 1300 set pptp self 192.168.100.1 load radius set link enable incoming radius: set radius server 127.0.0.1 radius_secret 1812 1813 set radius retries 1 set radius timeout 3 set radius me 127.0.0.1 set auth acct-update 60 set auth enable radius-auth set auth enable radius-acct set auth disable internal set auth max-logins 1 set radius disable message-authentic set radius update-limit-in 100000 set radius update-limit-out 100000 set radius acct-update 60
Note: if you are using pf with dynamic address on pppoe client interface for nat, use the up_script to restart pf every time pppoe client connected.
set iface up-script /usr/local/etc/mpd5/scripts/mpd_linkup.sh #set iface down-script /usr/local/etc/mpd5/scripts/mpd_linkdown.sh
vi /usr/local/etc/mpd5/scripts/mpd_linkup.sh
service pf restart
By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com
TAG: freebsd 10, freebsd 10.3, mpd, mpd5, pptp server, vpn server, pppoe server, pppoe, pppoe client, radius