FreeBSD PPTP VPN - Ernest G. Wilson II's FreeBSD Pages

PPTP VPN on FreeBSD 6.2

Prerequisites:

FreeBSD (Base + Autoconf, Automake, Bash and GCC)
Kernel Options
IPFW

PopTop PPTP VPN Server on FreeBSD

# Install PopTop from FreeBSD Ports
cd /usr/ports/net/poptop
make install clean

# Edit pptpd.conf
vi /etc/pptpd.conf
debug nobsdcomp proxyarp localip 172.28.0.12 remoteip 172.28.0.150-155 pidfile /var/run/pptpd.pid +chapms-v2 mppe-40 mppe-128 mppe-stateless

# Edit ppp.conf
vi /etc/ppp/ppp.conf
loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask # if you want to use NAT use private IP addresses set ifaddr 172.28.0.12 172.28.0.150-172.28.0.155 255.255.0.0 add default HISADDR set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop disable pap # Authenticate against /etc/passwd enable passwdauth disable ipv6cp enable proxy accept dns enable MSChapV2 enable mppe disable deflate pred1 deny deflate pred1 set dns 24.26.163.24 set device !/etc/ppp/secure

# Edit secure
vi /etc/ppp/secure
#!/bin/sh exec /usr/sbin/ppp -direct loop-in

# Edit ppp.secret
vi /etc/ppp/ppp.secret
#user #passoword user1 password root rootpassword

# Ensure IP Forwarding is enabled
sysctl net.inet.ip.forwarding=1

# Edit /etc/rc.conf file
vi /etc/rc.conf
# VPN PPTP PopTop gateway_enable="YES" arpproxy_all="YES"

# Start pptpd via command line (Or start via Webmin)
/usr/local/etc/rc.d/pptpd start

# Verify that it start successfully (Look for: tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN)
netstat -a -n
sockstat -4
tail -f /var/log/messages

# Remember: PPTP uses tcp port 1723 and protocol 47 (GRE) - Make sure your firewall supports this setup

# More needed... like configuration... section not yet completed! 5/19/2007