logo头像

You name it , I got it !

[筆記] FreeBSD 10 架設 MPD5 作為 PPTP VPN Server

本文于1219天之前發表,文章內容可能已經過時。

其實都是看人家整好的筆記…

參考這篇

FreeBSD使用MPD5架設VPN(PPTP協定)

還有 這篇

Install mpd5 pptp server on FreeBSD 9.2 and FreeBSD10

 

複製一個 mpd.conf

cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf

編輯
vim /usr/local/etc/mpd5/mpd.conf

startup:

    set user netroby password admin

    set console self 127.0.0.1 5005

    set console open

    set web self 0.0.0.0 5006

    set web open

default:

    load pptp_server

pptp_server:

    set ippool add pool1 192.168.88.50 192.168.88.99

    create bundle template B

    set iface enable proxy-arp

    set iface idle 1800

    set iface enable tcpmssfix

    set iface route 192.168.88.1

    set ipcp yes vjcomp

    set ipcp ranges 192.168.88.1/32 ippool pool1

    set ipcp dns 8.8.8.8  <---改成 google DNS

    set ipcp dns 8.8.4.4

    set ipcp nbns 192.168.88.1

    set bundle enable compression

    set ccp yes mppc

    set mppc yes e40

    set mppc yes e128

    set mppc yes stateless

    create link template L pptp

    set link fsm-timeout 5

    set link action bundle B

    set link enable multilink

    set link yes acfcomp protocomp

    set link no pap chap eap chap-msv2

    set link enable chap chap-msv2 eap

    set link accept chap-msv2 

    set link keep-alive 10 60

    set link mtu 1460

    set pptp self your_ip_address <--改成伺服器的WAN IP

    set link enable incoming


vim /etc/pf.conf

my_int = "vtnet0"

internal_net = "192.168.0.0/16"

external_addr = "your_ip_addr" <--改成伺服器的 WAN IP

nat on $my_int from $internal_net to any -> $external_addr

set skip on lo

block in log all

pass in on $my_int proto tcp from any to any port 1723 keep state

pass in on $my_int proto tcp from any to any port 22 keep state

pass in on $my_int proto tcp from any to any port 80 keep state

pass in on $my_int proto tcp from any to any port 443 keep state

pass in quick on $my_int proto icmp all keep state

pass in proto gre all keep state

pass in from any to $internal_net

pass in from $internal_net to any

pass out proto { gre, tcp, udp, icmp } all keep state


service pf restart 現有的 SSH會中斷 要重連
重開 pietty 測試連線OK之後,開IPHONE來連 VPN確認正常,可是速度很糟糕..
要拿來看片,我想應該是不可能了…

改天再來測試 Linode / Vultr 的 VPS吧..