MPD: PPTP VPN for your Windows/Android

Configuration

by ross at 22:14:07 on September 16, 2017

Install MPD:

# pkg install mpd5

Add to /etc/rc.conf:

mpd_enable="YES"

Create config /usr/local/etc/mpd5/mpd.conf:

default:
        load pptp_server

pptp_server:
        set ippool add pool1 172.17.0.10 172.17.0.250

        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 172.17.0.1/32 ippool pool1
        set ipcp dns 8.8.8.8
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

        create link template L pptp
        set link action bundle B
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
        set link keep-alive 10 60
        set link mtu 1460
        set pptp self 1.2.3.4
        set link enable incoming

In the file above replace the following:

  • 172.17.0.* - this is the network of MPD, it will assign IPs to clients from this net
  • 1.2.3.4 - this is the IP of our external interface where MPD will listen for incoming connections
  • 8.8.8.8 - the DNS server

Create passwords file /usr/local/etc/mpd5/mpd.secret:

user1   somelongpassword
user2   otherstrongpassword

The example shows two usernames user1 and user2 with their plaintext passwords. Secure the file:

# chmod 600 /usr/local/etc/mpd5/mpd.secret

Start MPD:

# service mpd start

All you have to do now is to configure the firewall. Below is a PF example (not the full config, only the lines relevant are shown, re0 is the external interface):

set skip on { lo, ng }
nat on re0 from 172.17.0.0/24 to any -> 1.2.3.4 static-port
pass in on re0 proto tcp to 1.2.3.4 port 1723 keep state
pass in on re0 proto gre to 1.2.3.4 keep state
pass out on re0 keep state

 

Comments