Posts Tagged “VPN”
The most competent console tool for this in FreeBSD is probably Mpd5. It’s quite easy to work with but you’ll need to get all the details right otherwise it just won’t work.
The following mpd.conf configuration file worked for me and allowed me to successfully connect to a Windows VPN. One of the keys were to disable EAP, this particular VPN server just plain refused to work with it enabled
default: load vpn vpn: create bundle static B1 # Create a default route (use a net/mask to create specific routes) set iface route default # Script to execute on connect (custom routes etc) # set iface up-script /usr/local/etc/route-up.sh # Accept any IP-address set ipcp ranges 0.0.0.0/0 0.0.0.0/0 # Microsoft Point-to-Point Compression, only enable if you have a really fast machine # set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e56 set mppc yes e128 create link static L1 pptp set link action bundle B1 # Replace with you credentials or use the mpd.secret file set auth authname USERNAME set auth password SECRET set link max-redial 0 set link mtu 1460 set link keep-alive 20 75 # Hostname/IP of the VPN server set pptp peer vpn.example.com set pptp disable windowing set link no eap
Save it to a file, say mpd.conf in /usr/local/etc/mpd.conf and simply run mpd5 mpd.conf and with some luck you’ll be connected the the VPN.
The order of the statements are important. As they only apply to the current selected link (create link) or bundle (create bundle). Keep this in mind when editing.
Windows logon name
If you’re connecting to a Windows network you’ll probably need to use “DOMAIN\\username” as the authname (with the quotes and double backslash).
Firewall and NAT issues
The PPTP protocol is far from ideal. If you’re behind NAT chances are you won’t be able to do multiple PPTP connections to the same VPN server from within your LAN.
You’ll also need to allow the GRE protocol through, with Free/OpenBSD pf (packet filter) the following line is enough (you still won’t be able to do simultaneous connections to the same server though)
pass out on $ext_if proto gre from ($ext_if) to any keep state
Replace $ext_if with your external network interface.