Author: Matt Cowger
Date: 16-05-02 08:16
I saw this and thought I'd post how I did it - getting PoPToP runnng as a VPN Server for Windows clients. I've gotten it running on FreeBSD
4.6-PRERELEASE, and thought I'd share with the group.
1. The first thing I did was of course cvsup my ports tree.
2. Next, cd to /usr/ports/net/poptop and run make all install clean
3. You will now need to edit a number of files to make this work:
You will need to change the local and remote IP's to match your local configuration.
LocalIP should be an address in your subnet but not the address of your network interface(s).
RemoteIP should be a **range** in your subnet that the PPTP daemon can assign clients for addresses.
For example, if you're address on interface ep0 is 192.168.1.1, and your subnet mask is 255.255.255.0, localip should be something like 192.168.1.100 and remote ip should be something like 192.168.1.150-200 (written just like that). The PIDFile entry should be obvious.
You will also need to create a /etc/ppp/options file:
Don't worry too much about what these mean, but auth, chap, and proxyarp NEED to be in there (look them up in man ppp for more info.
The last file you need is /etc/ppp/ppp.conf
set timeout 0
set log phase chat connect lcp ipcp command
set device localhost:pptp
# Server (local) IP address, Range for Clients, and Netmask
set ifaddr 192.168.1.100 192.168.1.150-192.168.1.200 255.255.255.255
set server /tmp/loop "" 0177
set timeout 0
set log phase lcp ipcp command
allow mode direct
# Authenticate against /etc/passwd
# The next depends on your routing. Proxy arp is an easy way out
# DNS Servers to assign client - replace with your own
set dns 188.8.131.52
set device !/etc/ppp/secure
The file above basically needs to stay the way it is, but the line containing set ifaddr needs to have the same info as what you set in pptpd.conf. The first argument should be the value of localip, the second should be the same range as remoteip (just in a slightly different format - you gotta spell out the whole range this time) and the last needs to be 255.255.255.255
Now, start up the daemon with:
The remaining setup need to be done on your windows machine. I am assuming you are using Windows XP here, but its pretty much the same as Windows 2000. Go to Start|Settings|Network Connections. Click the new connection wizard. You want to "Connect to the network at my workplace" or something along those lines - whichever one relates to VPNs. Click next. Choose Virtual Private Network Connection. Click Next. In the COmpany Name, type whatever you wish and hot next. The next box will ask you if it should dial your dialup connection before trying to start this one - choose whichever is appropriate and hit next. In the host name, you need to put the IP of your BSD box (the real routable address...dealing with NAT is another issue). The next screen asks who to make this connection for, choose whiever is appropriate. Next. Hit Finish.
Phew! Only a little more to go. Windows will now pop up the connection box for this connection. STOP! SLOW DOWN! DONT CONNECT YET. Breathe. Ok, Ready? Hit Properties. Under security, you need to *disable* "Require data encryption" THis is just a tunnel, not a IPSec encrypted connection. Click OK, and for your username and password enter your username and password on the BSD box. Life should be good.
Have fun with your new VPN.