Установка
Ставим из портов mpd5:
# make -C /usr/ports/net/mpd5 fetch-recursive
# make -C /usr/ports/net/mpd5 install clean
┌────────────────────────────────────────────────────────────────────┐
│ Options for mpd 5.6 │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ [ ] NG_CAR Use ng_car kernel module from port (< 7.0 only) │ │
│ │ [ ] NG_IPACCT Use ng_ipacct kernel module from port │ │
│ └────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────┤
│ < OK > │
└────────────────────────────────────────────────────────────────────┘
Настройка
У файлов из /usr/local/etc/mpd5/ делаем копии без .sample
В mpd.secret удаляем все и прописываем имя, пароль и, при необходимости, IP адресс в открытом виде через табуляцию.
| Code: mpd.conf |
startup:
# configure mpd users
set user foo bar admin
set user foo1 bar1
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
default:
load pptp_server
В /etc/rc.conf
mpd_enable="YES"
gateway_enable="YES"
Запускаем:
sysctl net.inet.ip.forwarding=1
/usr/local/etc/rc.d/mpd5 start
Все, можно подключаться стандартным виндовым клиентом.
Клиент
Клиент PPTP
Клиент PPPoE
| Code: mpd.conf |
pppoe_client:
create bundle static B1
set iface enable tcpmssfix
set iface up-script /usr/local/etc/mpd5/io-up.sh
set iface down-script /usr/local/etc/mpd5/io-down.sh
create link static L1 pppoe
set link action bundle B1
set auth authname AUTHNAME
set auth password PASSWORD
set link max-redial 0
set link mtu 1492
set link keep-alive 10 60
set pppoe iface vlan3
set pppoe service ""
open
Клиент L2TP
Beeline
| Code: /etc/dhclient.conf |
timeout 60;
retry 60;
interface "re0"
{
request subnet-mask,
broadcast-address,
static-routes,
routers,
static-routes,
time-offset,
host-name;
require subnet-mask;
}
| Code: mpd.conf |
l2tp_client_beeline:
create bundle static B2
set iface enable tcpmssfix
set iface up-script /usr/local/etc/mpd5/l2tp_client_beeline_up.sh
set iface down-script /usr/local/etc/mpd5/l2tp_client_beeline_down.sh
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ipcp no vjcomp
create link static L2 l2tp
set link action bundle B2
set link disable chap
set link accept chap
set link latency 0
set link max-redial 0
set link mtu 1460
set link keep-alive 60 180
set l2tp peer tp.internet.beeline.ru
set auth authname login
set auth password password
open
| Code: l2tp_client_beeline_up.sh |
|
| Code: l2tp_client_beeline_down.sh |
|
Сервер
Сервер L2TP
| Code: L2TP |
l2tp_server:
#
# Define dynamic IP address pool.
set ippool add pool1 10.10.2.20 10.10.2.254
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface route 10.10.2.1
set iface up-script /usr/local/etc/mpd5/l2tp_server_up.sh
set iface down-script /usr/local/etc/mpd5/l2tp_server_down.sh
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 10.10.2.1/24 ippool pool1
set ipcp dns 10.10.2.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L l2tp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link enable chap-msv1
set link enable chap-msv2
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation
set link mtu 1460
# Configure l2tp
# IP
set l2tp self 0.0.0.0
# Allow to accept calls
set link enable incoming
Сервер PPPoE
| Code: PPPoE |
pppoe_server:
set ippool add poolsat 10.0.2.2 10.0.2.245
create bundle template B
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp ranges 10.0.2.0/24 ippool poolsat
# set ipcp dns 10.0.2.1
# set ipcp nbns 10.0.2.1
# Enable Microsoft Point-to-Point encryption (MPPE)
set bundle enable compression
set ccp yes mppc
set mppc yes compress e40 e56 e128 stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap eap
set link enable chap
set link enable chap-msv1
set link enable chap-msv2
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
set link keep-alive 10 60
# Configure PPTP and open link
set pptp self 0.0.0.0
# Allow to accept calls
set link enable incoming
Сервер PPTP
| Code: PPTP |
pptp_server:
# Define dynamic IP address pool.
set ippool add pool1 192.168.100.2 192.168.100.254
# Create clonable bundle template named B
create bundle template B
# set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set iface route 192.168.100.1
set iface up-script /usr/local/etc/mpd5/pptp_server_up.sh
set iface down-script /usr/local/etc/mpd5/pptp_server_down.sh
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 192.168.100.1/24 ippool pool1
set ipcp dns 192.168.100.1
set ipcp nbns 192.168.100.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
# set mppc yes e56
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link enable chap-msv1
set link enable chap-msv2
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
# load radius
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# set link mru 1460
# set link mrru 1024
# Configure PPTP
set pptp self 0.0.0.0
# Allow to accept calls
set link enable incoming
Параметры скриптов
| Параметр |
Описание |
Пример |
| Script |
Полный путь и название скрипта |
/usr/local/etc/mpd5/script_up.sh |
| Interface |
Интерфейс |
ng3 |
| Proto |
Протокол |
inet |
| Local-ip |
IP локальной машины |
10.0.0.1/32 |
| Remote-ip |
IP удаленной машины |
10.0.0.17 |
| Authname |
Логин |
user |
| Peer-address |
IP подключаемого хоста |
192.168.0.1 |
Лог
Использование
Автоматический запуск
| Code: /etc/rc.conf |
# VPN
mpd_enable="YES"
Запуск из консоли
RSS & RSS to Email