2015年3月18日 星期三

在 FreeBSD 10.1 上建置 vpn server

/usr/ports/net/mpd5
make install clean

edit /usr/local/etc/mpd5/mpd.conf

startup:

default:
        load pptp_server

pptp_server:
        set ippool add LANPOOL 10.10.1.10 10.10.1.50

        create bundle template VPN

        set iface disable on-demand
        set iface idle 0

        set iface enable proxy-arp
        set iface enable tcpmssfix

        set ipcp yes vjcomp

        set ipcp ranges 10.10.1.1/32 ippool LANPOOL

        set bundle enable compression

        set ccp yes mppc

        set mppc no e40
        set mppc yes e128

        set mppc yes stateless

        create link template VPNLINK pptp

        set link action bundle VPN

        set link enable multilink

        set link yes acfcomp protocomp

        set link no pap chap

        set link enable chap

        set link keep-alive 30 300

        set link mtu 1460

        set link enable incoming


edit /usr/local/etc/mpd5/mpd.secret

abcd 123456   //account password

edit /etc/rc.conf

gateway_enable="YES"

pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"

mpd_flags="-b"
mpd_enable="YES"


edit /etc/pf.conf

ext_if ="hn0"

table persist {10.10.1.0/24}

nat on $ext_if from to any -> ($ext_if)
pass in all
pass out all
#pass in quick inet from to any keep state

重新啟動之後,使用abcd及密碼123456撥接登入vpn server