25 Sep 2019 - tsp
Since I configured the machine of a friend today and he has configured his
modem to run in singleuser mode (i.e. the modem is not required to do any
stuff like network address translation, run a local DHCP server, be a wireless
LAN access point, filter traffic, etc.) and he wanted to just forward traffic
from his public subnet arriving via the digital subscriber line at his modem
to his internal network - and there modern documentation for
a version higher than 4 was hard to find here is a short summary on how
to perform such a configuration.
There are currently two working solutions to use PPTP in client mode on FreeBSD.
The first one is to use
net/mpd5 which implements an PPP client as well as
PPP server, the other is to use
net/pptpclient which just supports PPTP
and this only in client mode. Since it’s more common and major this article
focuses on the first possibility.
First one is required to install
mpd5. This can be done either by
binary package or by port. To install the package
pkg install net/mpd5
To build the port one uses the usual
cd /usr/ports/net/mpd5 make install clean
The basic configuration is easy. It’s done through the files at
and there mainly through the
Basically one can use a configuration like the following:
startup: default: load adsl adsl: create bundle static adslBundle set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 set iface route default set iface disable on-demand set iface enable proxy-arp set iface idle 0 set iface enable nat create link static adsl pptp set link action bundle adslBundle set link no pap acfcomp protocomp set link disable chap set link accept chap set link keep-alive 30 10 set link max-redial 0 set auth authname XXXXXXXXXXX set auth password XXXXXXXXXXX set disable multilink set pptp peer 10.0.0.138 set pptp disable windowing open
Authname and password have to be set to your credentials of course. This creates
a PPP profile called
adsl, an link called internally
using PPTP and an configuration bundle that’s used within that’s called
These names are of course interchangeable arbitrarily.
10.0.0.138 address might have to be modified. This is the address your
modem gets (statically) assigned with it’s singleuser configuration.
After startup the
mpd5 daeomon will create an netgraph interface (for
ng0). If one wants to assign a different name one can use
set iface name NAMEOFYOURINTERFACE
during the link commands. This might be interesting if you configure multiple connections or interfaces.
The configuration of
iface enable nat instructs
mpd5 to perform
network address translation over your dialup line - this allows other systems
to use your internet connection (as default route - which will automatically
be set on your host because of
iface route default) if you have enabled
package forwarding on your routing machine (sysctl value
set to 1 which is also enabled with the
gateway_enabled="YES" setting in
/etc/rc.conf). If you use public IP addresses in your network one
can discard the NAT configuration.
Since the profile is listed under default and end with open it will be
initialized during the startup of
mpd5. To test your configuration
you can run
mpd5 adsl to connect with the
adsl profile and show
status on the console. The rc init scripts will later call
mpd5 -b to move
Note that since
idle has been set to 0 and
on-demand has been
mpd5 will try to stay connected 24/7, not only when some
node tries to forward traffic.