This tutorial will cover the steps to set up a virtual private network on FreeBSD. We are using the PPTP VPN server to establish a VPN of 2 and more users. For the clients there is no need to install any VPN application as the built-in VPN client of Windows, Linux or Mac can be used.
This VPN server is using mpd4 and NAT of the VPN users and can be extended to any amount of users and interfaces.
su
) or simply prepend sudo
to all commands that require root privileges.Prepare the init scripts
Open the /etc/rc.conf
.
vi /etc/rc.conf
Add the following lines to start VPN and the firewall with NAT on system start.
mpd_enable="YES" gateway_enable="YES" pf_enable="YES"
Enable the gateway
Set up the machine to act as a gateway with:
sysctl net.inet.ip.forwarding="1"
Install Mpd
Install the mpd4 port with the default options
cd /usr/ports/net/mpd4 make install clean; rehash
Configure Mpd
In the /usr/local/etc/mpd4
directory create a mpd.conf
file:
vi /usr/local/etc/mpd4/mpd.conf
Add the Mpd configuration as follows:
startup: default: load client1 load client2 client1: new -i ng0 pptp1 pptp1 set ipcp ranges 172.16.1.1/32 172.16.1.10/32 load client_standard client2: new -i ng1 pptp2 pptp2 set ipcp ranges 172.16.2.1/32 172.16.2.10/32 load client_standard client_standard: set iface disable on-demand set iface enable proxy-arp set iface idle 0 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link enable no-orig-auth set link enable keep-ms-domain set link no pap chap set link enable chap set link yes chap-msv1 chap-md5 chap-msv2 set link mtu 1460 set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 8.8.8.8 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set bundle enable crypt-reqd
In the /usr/local/etc/mpd4
directory create a mpd.links
file:
vi /usr/local/etc/mpd4/mpd.links
Add the PPTP configuration as follows. The external-ip defines what IP Mpd is listening on.
pptp1: set link type pptp set pptp self your-external-ip set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp enable always-ack pptp2: set link type pptp set pptp self your-external-ip set pptp enable incoming set pptp disable originate set pptp disable windowing set pptp enable always-ack
In the /usr/local/etc/mpd4
directory create a mpd.secret
file:
vi /usr/local/etc/mpd4/mpd.secret
This is the cleartext file. Add the users as follows:
user1 password user2 password
Configure the PF firewall
In the /etc
directory create or edit the pf.conf
file:
vi /etc/pf.conf
This is the PF firewall configuration file. Add the configuration as follows. The external IP is where you want the VPN user traffic to originate.
ext_if="your-external-interface" internal_net="172.16.0.0/16" external_addr="your-external-ip" nat on $ext_if from $internal_net to any -> $external_addr pass in all pass out all
Start Mpd and the PF firewall
Finally we can start Mpd and the PF firewall.
/usr/local/etc/rc.d/mpd4 start /etc/rc.d/pf start
Execute the ifconfig
command.
ifconfig
The ng devices in the ifconfig output should look like this:
ng0: flags=8890metric 0 mtu 1500 ng1: flags=8890 metric 0 mtu 1500
Once there are users connected you should see something like this:
ng0: flags=88d1metric 0 mtu 1458 inet 172.16.1.1 --> 172.16.1.10 netmask 0xffffffff ng1: flags=8890 metric 0 mtu 1500
Now you have a multiuser VPN with 2 concurrent connections. Feel free to add more users by editing the mpd.conf
and mpd.links
files.
Speak Your Mind
You must be logged in to post a comment.