My cool new Blog

Hello World! This is the most epic subtitle ever.
en de

[筆記] FreeBSD 10 架設 MPD5 作為 PPTP VPN Server

2015-03-16 工作筆記

其實都是看人家整好的筆記…

參考這篇

FreeBSD使用MPD5架設VPN(PPTP協定)

還有 這篇

Install mpd5 pptp server on FreeBSD 9.2 and FreeBSD10

 

複製一個 mpd.conf 

cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf



編輯
vim /usr/local/etc/mpd5/mpd.conf
> 
startup:
>
>     set user netroby password admin
>
>     set console self 127.0.0.1 5005
>
>     set console open
>
>     set web self 0.0.0.0 5006
>
>     set web open
>
> default:
>
>     load pptp_server
>
> pptp_server:
>
>     set ippool add pool1 192.168.88.50 192.168.88.99
>
>     create bundle template B
>
>     set iface enable proxy-arp
>
>     set iface idle 1800
>
>     set iface enable tcpmssfix
>
>     set iface route 192.168.88.1
>
>     set ipcp yes vjcomp
>
>     set ipcp ranges 192.168.88.1/32 ippool pool1
>
>     set ipcp dns 8.8.8.8  <—改成 google DNS
>
>     set ipcp dns 8.8.4.4
>
>     set ipcp nbns 192.168.88.1
>
>     set bundle enable compression
>
>     set ccp yes mppc
>
>     set mppc yes e40
>
>     set mppc yes e128
>
>     set mppc yes stateless
>
>     create link template L pptp
>
>     set link fsm-timeout 5
>
>     set link action bundle B
>
>     set link enable multilink
>
>     set link yes acfcomp protocomp
>
>     set link no pap chap eap chap-msv2
>
>     set link enable chap chap-msv2 eap
>
>     set link accept chap-msv2
>
>     set link keep-alive 10 60
>
>     set link mtu 1460
>
>     set pptp self your_ip_address <–改成伺服器的WAN IP
>
>     set link enable incoming
vim /etc/pf.conf
> 
my_int = “vtnet0”
>
> internal_net = “192.168.0.0/16”
>
> external_addr = “your_ip_addr” <–改成伺服器的 WAN IP
>
> nat on $my_int from $internal_net to any -> $external_addr
>
> set skip on lo
>
> block in log all
>
> pass in on $my_int proto tcp from any to any port 1723 keep state
>
> pass in on $my_int proto tcp from any to any port 22 keep state
>
> pass in on $my_int proto tcp from any to any port 80 keep state
>
> pass in on $my_int proto tcp from any to any port 443 keep state
>
> pass in quick on $my_int proto icmp all keep state
>
> pass in proto gre all keep state
>
> pass in from any to $internal_net
>
> pass in from $internal_net to any
>
> pass out proto { gre, tcp, udp, icmp } all keep state
>
> 
service pf restart 現有的 SSH會中斷 要重連
重開 pietty 測試連線OK之後,開IPHONE來連 VPN確認正常,可是速度很糟糕..
要拿來看片,我想應該是不可能了…



改天再來測試 Linode / Vultr 的 VPS吧..
 

 

comments powered by Disqus
© 2017 by Lednerb
Bilberry Hugo Theme