Building pptp vpn Server with mpd5 on FreeBSD helps a friend company maintain the Server. It is abnormal that their servers are placed in a self-built IDC of a state-owned enterprise, it is inconvenient to remotely manage and maintain a vro. For the convenience of testing and internal version management, we have built a server in their company. Let's use this as a stepping stone. The server is installed with FreeBSD 9.1 64-bit edition. The installation process is not described in detail. Go directly to the topic: 1. update ports # portsnap fetch update 2. install MPD5 # cd/usr/ports/net/mpd5 # make install clean 3. Configure # cp/usr/local/etc/mpd5/ mpd. conf. sample mpd. conf # ee/usr/local/etc/mpd5/mpd. conf modify startup: default: pptp_server: paste the three parts as follows. For the modifications, see startup: # configure mpd users set user shuqi888 loveosc ### set the mpd access account and password, this account is required for telnet or web access. In this example, the Administrator name is shuqi888 and the password is loveosc # set us. Er foo1 bar1 # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 0.0.0.0 5006 set web open # Default configuration is "dialup" default: # load dialup comment out dialup load pptp_server ### change the default call pptp_server module pptp_server: # Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients. # Suppose you have a private Office LAN numbered 192.168.1.0/24 and the # machine running mpd is at 192.168.1.1, and also has an externally visible # IP address of 1.2.3.4. # We want to allow a client to connect to 1.2.3.4 from out on the Internet # via PPTP. we will assign that client the address 192.168.1.50 and proxy-ARP # for that address, so the virtual PPP link will be numbered 192.168.1.1 local # and 192.168.1.50 remote. from the client machin E's perspective, it will # appear as if it is actually on the 192.168.1.0/24 network, even though in # reality it is somewhere far away out on the Internet. # Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4. # If you don't have an NBNS server, leave that line out. # Define dynamic IP address pool. set ippool add pool1 192.168.1.50 192.168.1.99 # Here you can set the private IP address after the dial-in # Create Clonable bundle template named B create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set ipcp yes vjcomp # Specify IP address pool for dynamic assigment. set ipcp ranges 192.168.1.1/32 ippool pool1 set ipcp dns 8.8.8.8 ### set dns. I like Google's # set ipcp nbns 192.168.1.4 ### if you cannot use wins, you can comment out this part, # The five lines below enable Microsoft Point-to-Point encryptio N # (MPPE) using the ng_mppc (8) netgraph node type. set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless # Create clonable link template named L create link template L pptp # Set bundle template to use set link action bundle B # Multilink adds some overhead, but gives full 1500 MTU. set link enable multilink set link yes acfcomp protocomp set link no Pap chap eap set link enable chap # We can use RADIUS authentication/accounting by including # another config section with label 'radius '. # load radius set link keep-alive 10 60 # We perform link mtu to avoid GRE packet fragmentation. set link mtu 1460 # Configure PPTP set pptp self 192.168.1.201 ### set the ip address of the pptp listener, that is, the real IP address of your Nic, if the host is mapped out through the vro port, the vro address cannot be entered here, but it should be the real IP address configured on the NIC. # Allow to accept CILS set link enable incoming save and exit. 4. Set and start # ee/etc/rc. add mpd_enable = "YES" to conf to start mpd5 #/usr/local/etc/rc. d/mpd5 start Add a VPN Account # ee/usr/local/etc/mpd5/mpd. secret enter the user name and password, one line, such as vpnuser1 password001 enable packet forwarding (do not do this step, although you can connect to the VPN, but only access the Intranet, cannot access the Internet) # sysctl net. inet. ip. forwarding = 1 now the installation and configuration are complete. You can create a new VPN connection in Windows. You can view the status of the current dial-in connection through web access.