Configuring ADSL PPTP connection (for example with Austrian DSL providers) on FreeBSD with mpd5

25 Sep 2019 - tsp

Since I configured the machine of a friend today and he has configured his modem to run in singleuser mode (i.e. the modem is not required to do any stuff like network address translation, run a local DHCP server, be a wireless LAN access point, filter traffic, etc.) and he wanted to just forward traffic from his public subnet arriving via the digital subscriber line at his modem to his internal network - and there modern documentation for mpd with a version higher than 4 was hard to find here is a short summary on how to perform such a configuration.

Required software

There are currently two working solutions to use PPTP in client mode on FreeBSD. The first one is to use net/mpd5 which implements an PPP client as well as PPP server, the other is to use net/pptpclient which just supports PPTP and this only in client mode. Since it’s more common and major this article focuses on the first possibility.

First one is required to install mpd5. This can be done either by binary package or by port. To install the package

pkg install net/mpd5

To build the port one uses the usual

cd /usr/ports/net/mpd5
make install clean

configuration

The basic configuration is easy. It’s done through the files at /usr/local/etc/mpd5 and there mainly through the mpd.conf.

Basically one can use a configuration like the following:

startup:

default:
        load adsl

adsl:
        create bundle static adslBundle

        set ipcp no vjcomp
        set ipcp ranges 0.0.0.0/0 0.0.0.0/0
        set iface route default
        set iface disable on-demand
        set iface enable proxy-arp
        set iface idle 0
        set iface enable nat

        create link static adsl pptp
        set link action bundle adslBundle

        set link no pap acfcomp protocomp
        set link disable chap
        set link accept chap
        set link keep-alive 30 10
        set link max-redial 0

        set auth authname XXXXXXXXXXX
        set auth password XXXXXXXXXXX
        set disable multilink

        set pptp peer 10.0.0.138
        set pptp disable windowing
        open

Authname and password have to be set to your credentials of course. This creates a PPP profile called adsl, an link called internally adsl that’s using PPTP and an configuration bundle that’s used within that’s called adslBundle. These names are of course interchangeable arbitrarily.

The 10.0.0.138 address might have to be modified. This is the address your modem gets (statically) assigned with it’s singleuser configuration.

After startup the mpd5 daeomon will create an netgraph interface (for example ng0). If one wants to assign a different name one can use

		set iface name NAMEOFYOURINTERFACE

during the link commands. This might be interesting if you configure multiple connections or interfaces.

The configuration of iface enable nat instructs mpd5 to perform network address translation over your dialup line - this allows other systems to use your internet connection (as default route - which will automatically be set on your host because of iface route default) if you have enabled package forwarding on your routing machine (sysctl value net.inet.ip.forwarding set to 1 which is also enabled with the gateway_enabled="YES" setting in your /etc/rc.conf). If you use public IP addresses in your network one can discard the NAT configuration.

Since the profile is listed under default and end with open it will be initialized during the startup of mpd5. To test your configuration you can run mpd5 adsl to connect with the adsl profile and show status on the console. The rc init scripts will later call mpd5 -b to move into background.

Note that since idle has been set to 0 and on-demand has been disabled the mpd5 will try to stay connected 24/7, not only when some node tries to forward traffic.

This article is tagged: Administration, Computer, FreeBSD, Internet, Tutorial


Dipl.-Ing. Thomas Spielauer, Wien (webcomplains389t48957@tspi.at)

This webpage is also available via TOR at http://jugujbrirx3irwyx.onion/

Valid HTML 4.01 Strict Powered by FreeBSD IPv6 support