艾瑞克的 Hexo 空間

[筆記] FreeBSD 10 架設 MPD5 作為 PPTP VPN Server

本文發表於1003天之前,文章內容可能已經過時,如有疑問,請聯繫作者。

其實都是看人家整好的筆記…

參考這篇

FreeBSD使用MPD5架設VPN(PPTP協定)

還有 這篇

Install mpd5 pptp server on FreeBSD 9.2 and FreeBSD10

 

複製一個 mpd.conf

cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf

編輯
vim /usr/local/etc/mpd5/mpd.conf

startup:

<span class="kwd">set</span><span class="pln"> user netroby password admin

</span><span class="kwd">set</span><span class="pln"> console self </span><span class="lit">127.0</span><span class="pun">.</span><span class="lit">0.1</span> <span class="lit">5005</span>

<span class="kwd">set</span><span class="pln"> console open

</span><span class="kwd">set</span><span class="pln"> web self </span><span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span> <span class="lit">5006</span>

<span class="kwd">set</span><span class="pln"> web open

default:

load pptp_server

pptp_server:

<span class="kwd">set</span><span class="pln"> ippool add pool1 </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">88.50</span> <span class="lit">192.168</span><span class="pun">.</span><span class="lit">88.99</span><span class="pln">

create bundle template B

</span><span class="kwd">set</span><span class="pln"> iface enable proxy</span><span class="pun">-</span><span class="pln">arp

</span><span class="kwd">set</span><span class="pln"> iface idle </span><span class="lit">1800</span>

<span class="kwd">set</span><span class="pln"> iface enable tcpmssfix

</span><span class="kwd">set</span><span class="pln"> iface route </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">88.1</span>

<span class="kwd">set</span><span class="pln"> ipcp yes vjcomp

</span><span class="kwd">set</span><span class="pln"> ipcp ranges </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">88.1</span><span class="pun">/</span><span class="lit">32</span><span class="pln"> ippool pool1

</span><span class="kwd">set</span><span class="pln"> ipcp dns </span><span class="lit">8.8.8.8  &lt;---改成 google DNS</span>

<span class="kwd">set</span><span class="pln"> ipcp dns </span><span class="lit">8.8.4.4</span>

<span class="kwd">set</span><span class="pln"> ipcp nbns </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">88.1</span>

<span class="kwd">set</span><span class="pln"> bundle enable compression

</span><span class="kwd">set</span><span class="pln"> ccp yes mppc

</span><span class="kwd">set</span><span class="pln"> mppc yes e40

</span><span class="kwd">set</span><span class="pln"> mppc yes e128

</span><span class="kwd">set</span><span class="pln"> mppc yes stateless

create link template L pptp

</span><span class="kwd">set</span><span class="pln"> link fsm</span><span class="pun">-</span><span class="pln">timeout </span><span class="lit">5</span>

<span class="kwd">set</span><span class="pln"> link action bundle B

</span><span class="kwd">set</span><span class="pln"> link enable multilink

</span><span class="kwd">set</span><span class="pln"> link yes acfcomp protocomp

</span><span class="kwd">set</span><span class="pln"> link no pap chap eap chap</span><span class="pun">-</span><span class="pln">msv2

</span><span class="kwd">set</span><span class="pln"> link enable chap chap</span><span class="pun">-</span><span class="pln">msv2 eap

</span><span class="kwd">set</span><span class="pln"> link accept chap</span><span class="pun">-</span><span class="pln">msv2 

</span><span class="kwd">set</span><span class="pln"> link keep</span><span class="pun">-</span><span class="pln">alive </span><span class="lit">10</span> <span class="lit">60</span>

<span class="kwd">set</span><span class="pln"> link mtu </span><span class="lit">1460</span>

<span class="kwd">set</span><span class="pln"> pptp self </span><span class="lit">your_ip_address &lt;--改成伺服器的WAN IP</span>

<span class="kwd">set</span><span class="pln"> link enable incoming</span></pre>


vim /etc/pf.conf

my_int = “vtnet0”

internal_net = “192.168.0.0/16”

external_addr = “your_ip_addr“ <–改成伺服器的 WAN IP

nat on $my_int from $internal_net to any -> $external_addr

set skip on lo

block in log all

pass in on $my_int proto tcp from any to any port 1723 keep state

pass in on $my_int proto tcp from any to any port 22 keep state

pass in on $my_int proto tcp from any to any port 80 keep state

pass in on $my_int proto tcp from any to any port 443 keep state

pass in quick on $my_int proto icmp all keep state

pass in proto gre all keep state

pass in from any to $internal_net

pass in from $internal_net to any

pass out proto { gre, tcp, udp, icmp } all keep state


service pf restart 現有的 SSH會中斷 要重連
重開 pietty 測試連線OK之後,開IPHONE來連 VPN確認正常,可是速度很糟糕..
要拿來看片,我想應該是不可能了…

改天再來測試 Linode / Vultr 的 VPS吧..


 

 

avatar
[筆記] 在Google Compute Engine 上建立 CentOS 6 安裝 SoftEther VPN 提供 PPTP/L2TP 服務

  1. 1. FreeBSD使用MPD5架設VPN(PPTP協定)
  • Install mpd5 pptp server on FreeBSD 9.2 and FreeBSD10