My goal is to do an ADSL dial-up gateway, this network is closed by MPD as a VPN gateway daemon, using the PPTP protocol as a transport protocol, because this machine has a Samba server, so I can not open all my ports, I must block all the unwanted ports. That's why it took a long time to study what the PPTP protocols need to pass through those ports on the firewall and those protocols. The purpose of the configuration has been told to you, the following is the process of configuration.
First from the PPP dial ADSL, if you are using PPP connection PPPoE (that is, ADSL use of the connection method) is very familiar with, you can skip this paragraph directly to look behind.
Using PPP to connect PPPoE is very simple, FreeBSD after installation you will be in the/etc/ppp/directory to see a file called ppp.conf, you modify this file to the following look can be connected to PPPoE, the file contents are as follows:
default:
Set log Phase Chat LCP IPCP CCP tun command
Ident user-ppp VERSION (built compilationdate) # Ensure that ' device ' references the correct serial port
# for your modem. (cuaa0 = COM1, Cuaa1 = COM2)
#
Set device pppoe:rl0
Set speed Sync
Set MRU 1492
Set MTU 1492
Set Ctsrts off
Set Timeout # 3 minute idle timer (the default)
Enable DNS # request DNS info (for resolv.conf)
Papchap:
#
# Edit the next three lines and replace the items in caps with
# The values which have been assigned by yo ur ISP.
#
Set authname #username #
Set Authkey #password #
Set timeout
set ifaddr 10.0.0.1/0 10.0.0. 2/0 255.255.255.0 0.0.0.0
Add default Hisaddr # Add a (sticky) default route
The first part is the way to set up the log and some default information set device PPPoE: The back needs to be changed to your network card driver, my Realtek is 8139, so that is rl0, the following is set the maximum Send/accept unit, PPPoE default is 1492, Then timeout is the timeout that you set when you are using the Auto method, which will be disconnected over this time. Enable DNS is to open the DNS from the ISP server to receive assignments, the following Papchap part is to set up your PPPoE account information, the last two sentences is to set the routing information, please be sure to add.
Note the statement after the label to have indentation, at least indented a space, in the post may not see, we should pay attention to!
After modifying the configuration file you can use ppp-ddial Papchap to test, if the connection on the network is no problem, add the following two sentences in the rc.conf file can start when the PPP dialing:
ppp_enable="YES"
ppp_mode=ddial
ppp_nat="YES"
ppp_profile="papchap"
The ppp_mode= is followed by PPP, optional auto ddial background, and the specific information can be obtained from man PPP. The above is PPP dial PPPoE configuration, you can see very simple.
The following section is the firewall that starts the IPFW, which needs to modify the default kernel settings, while using the MPD also need to modify the kernel, which is also modified here. I'm using the upgraded version of IPFW, known as the IPFW2 firewall, which requires you to recompile IPFW on freebsd4.x, which requires you to install FreeBSD4.6 above the source code on your hard disk, and then perform the following steps to upgrade your IPFW:
cd /usr/src/sbin/ipfw
make -DIPFW2
make install
cd /usr/src/lib/libalias
make -DIPFW2
make install
or add it to your/etc/make.conf.
Ipfw2=true
And MAK world to upgrade your firewall.
Upgrade IPFW finished, the next is to modify the kernel, recompile the kernel need to go through the following steps, first into the/sys/i386/conf/directory, which has two files, one is generic, the other is lint, the specific description of information I will not repeat, I'll just talk about the process of modifying the kernel.
First, the CP GENERIC Mykern Edit Mykern added the following sections:
options NETGRAPH
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET
options NETGRAPH_ETHER
options IPFW2
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPSTEALTH
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
Exit editor
config mykern
cd ../../compile/mykern
make depend
make
make install
And then reboot the machine kernel update is done.
So IPFW2 installation is done, we do not open the firewall, we first configure MPD to establish PPTP server. The installation of MPD is actually very simple, you can compile it yourself manually, but I recommend that you use ports to install it, because I really can't think of any reason to install it without ports: If you install ports to your hard drive, you can complete MPD installation with the following steps
cd /usr/ports/net/mpd
make install
make clean
After installation, ports will automatically create the/USR/LOCAL/ETC/MPD directory and the configuration file samples stored in this directory, you can modify the existing configuration file samples to complete the MPD configuration, to Mpd.conf.sample, for example, first CP Mpd.conf.sample mpd.conf then modifies the following partial PPTP:
new -i ng0 pptp pptp
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.1.50/32
set ipcp dns 192.168.1.3
set ipcp nbns 192.168.1.4
#
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
#
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless