Re: mpd pptp server?
On Wed, Mar 19, 2008 at 12:43:58AM +0100, Jon Theil Nielsen wrote: I have tried some different ways to make a working VPN server on FreeBSD 7.0. The main goal is to make it possible for Windows clients to access their Samba home shares. I'm not sure if mpd is the best solution, but I will give it a try. I have installed /usr/ports/mpd4 and have the following configuration: I run openvpn on FreeBSD and Windows XP. -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd pptp server?
2008/3/23, Alex de Kruijff [EMAIL PROTECTED]: On Wed, Mar 19, 2008 at 12:43:58AM +0100, Jon Theil Nielsen wrote: I have tried some different ways to make a working VPN server on FreeBSD 7.0. The main goal is to make it possible for Windows clients to access their Samba home shares. I'm not sure if mpd is the best solution, but I will give it a try. I have installed /usr/ports/mpd4 and have the following configuration: I run openvpn on FreeBSD and Windows XP. -- Alex I have now succeeded in establishing connections from Windows to a VPN server based on mpd4. But it has some severe limitations: I have to define every single connection in the conf file (not a major problem). And I don't see any option to authenticate against neither UNIX or Samba passwords. Is that different through openvpn? Could you give some brief hints on the configuration or maybe a reference to a useful howto? Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
VPN setup with OpenVPN (was: mpd pptp server?)
On Sun, Mar 23, 2008 at 10:45:57PM +0100, Jon Theil Nielsen wrote: 2008/3/23, Alex de Kruijff [EMAIL PROTECTED]: On Wed, Mar 19, 2008 at 12:43:58AM +0100, Jon Theil Nielsen wrote: I have tried some different ways to make a working VPN server on FreeBSD 7.0. The main goal is to make it possible for Windows clients to access their Samba home shares. I'm not sure if mpd is the best solution, but I will give it a try. I have installed /usr/ports/mpd4 and have the following configuration: I run openvpn on FreeBSD and Windows XP. I have now succeeded in establishing connections from Windows to a VPN server based on mpd4. But it has some severe limitations: I have to define every single connection in the conf file (not a major problem). And I don't see any option to authenticate against neither UNIX or Samba passwords. Is that different through openvpn? Could you give some brief hints on the configuration or maybe a reference to a useful howto? Giving you the program name ought to be enove of a hint. http://www.google.com/search?q=openvpn The openvpn site has a very nice howto. I can tell you the setup I have. I don't authenticate against UNIX or Samba passwords. I don't see what good it will do to require such autentication. It might even post a security risk. It might be posible. I do use certificates (standard) so I can cut off machines. Users need to authenticate when the connect to the services of a machine. I have a firewall on each computer. I have a VPN tunnel beteen sites and a road warrior setup for laptops. And I have a setup that allows me to take a server down without disrupting traffic flow beteen sites. -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mpd pptp server?
Hello, Here is my config using the mpd3 port to create a Microsoft ppptp server: mpd.conf: ### # # MPD configuration file # ### startup: # enable TCP-Wrapper (hosts_access(5)) to block unfriendly clients set global disable tcp-wrapper # configure the console default: load client1 load client2 load client3 load client4 client1: new -i ng0 pptp1 pptp1 set ipcp ranges 192.168.0.1/32 192.168.0.50/32 load client_standard client2: new -i ng1 pptp2 pptp2 set ipcp ranges 192.168.0.1/32 192.168.0.51/32 load client_standard client3: new -i ng0 pptp3 pptp3 set ipcp ranges 192.168.0.1/32 192.168.0.52/32 load client_standard client4: new -i ng1 pptp4 pptp4 set ipcp ranges 192.168.0.1/32 192.168.0.53/32 load client_standard client_standard: set iface disable on-demand set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link mtu 1460 set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 192.168.0.1 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless set iface idle 00 mpd.links: # # # MPD links file # # # For our PPTP server pptp1: set link type pptp set pptp self 10.0.0.1 set pptp enable incoming set pptp disable originate pptp2: set link type pptp set pptp self 10.0.0.1 set pptp enable incoming set pptp disable originate pptp3: set link type pptp set pptp self 10.0.0.1 set pptp enable incoming set pptp disable originate pptp4: set link type pptp set pptp self 10.0.0.1 set pptp enable incoming set pptp disable originate mpd.secret: # # # MPD secrets file ## # someusernamesomepassword Hope this helps Rudi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd pptp server?
On Wed, 19 Mar 2008 00:43:58 +0100 Jon Theil Nielsen [EMAIL PROTECTED] wrote: Do I need to have a customized kernel to make it work? Or are there any obvious errors in the above configuration? Mpd4 should work without special system tuning. The best way to find the problem is to read it's logs. Mpd writes detailed logs using syslog (you should configure syslog.conf for it alike to ppp) and to the stdout if running in foreground. -- Alexander Motin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd pptp server?
2008/3/20, Alexander Motin [EMAIL PROTECTED]: On Wed, 19 Mar 2008 00:43:58 +0100 Jon Theil Nielsen [EMAIL PROTECTED] wrote: Do I need to have a customized kernel to make it work? Or are there any obvious errors in the above configuration? Mpd4 should work without special system tuning. The best way to find the problem is to read it's logs. Mpd writes detailed logs using syslog (you should configure syslog.conf for it alike to ppp) and to the stdout if running in foreground. I finally got it working with mpd4 (can only check it from my own private network right now). Files are as follow /usr/local/etc/mpd4/mpd.conf startup: default: load pptp1 pptp1: new -i ng0 pptp1 pptp1 set iface disable on-demand set iface enable proxy-arp set iface idle 0 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.1.4/32 192.168.1.151/32 set ipcp dns 195.184.96.2 213.173.225.86 set ipcp nbns 192.168.1.4 set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless /usr/local/etc/mpd.links pptp1: set link type pptp set pptp enable incoming set pptp disable originate Hope I can access my (Samba) homedrive from the outside. Line compression doesn't seem to work, but that has something to do with some proprietary MS stuff or what? There is now way I can authenticate via my Samba or system passowrds? Thanks for the advices so far...! Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd pptp server?
Oops, there was a typo. The path is of course /usr/local/etc/mpd4/ /usr/local/etc/mpd.links pptp1: set link type pptp set pptp enable incoming set pptp disable originate Regards, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mpd pptp server?
On Wed, 19 Mar 2008 00:43:58 +0100 Jon Theil Nielsen [EMAIL PROTECTED] wrote: I have tried some different ways to make a working VPN server on FreeBSD 7.0. The main goal is to make it possible for Windows clients to access their Samba home shares. I'm not sure if mpd is the best solution, but I will give it a try. I have installed /usr/ports/mpd4 and have the following configuration: You'll do much better in freebsd-net@ with this. I've copied Alexander Motin, current author/maintainer, as he may not be watching [EMAIL PROTECTED] ==/usr/local/etc/mpd4/mpd.conf startup: don't know what to put in here... Stuff like configuring the console and/or web interface, logging etc. default: load pptp1 I'm not sure whether leading whitespace on non-label lines is still required as with ppp.conf, but it can't hurt to follow the examples. pptp1: new -i ng0 pptp1 pptp1 set iface disable on-demand set iface enable proxy-arp set iface idle 0 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.1.4/32 192.168.1.151/32 set ipcp dns 192.168.1.4 set ipcp nbns 192.168.1.4 set link disable pap set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless #set bundle enable crypt-reqd ==/usr/local/etc/mpd4/mpd.linksf I assume 'mpd.linksf' is a typo .. pptp1: set link type pptp ## define the link type protocol as PPTP set pptp self 192.168.1.4## define the IP address on which MPD will run set pptp enable incoming ## define the connection as Incoming set pptp disable originate ## enables PPTP connection for communication with the client And then I also have a mpd.secrets file of course. I can start the service, but I don't see any pptp interface after an ifconfig command. And netstat -an does not show any port 1723 listening. Do I need to have a customized kernel to make it work? Or are there any obvious errors in the above configuration? Can't help with pptp, I only use pppoe, but have posted this to bring it to Alexander's attention. He'll most likely want to see some logging .. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
mpd pptp server?
I have tried some different ways to make a working VPN server on FreeBSD 7.0. The main goal is to make it possible for Windows clients to access their Samba home shares. I'm not sure if mpd is the best solution, but I will give it a try. I have installed /usr/ports/mpd4 and have the following configuration: ==/usr/local/etc/mpd4/mpd.conf startup: don't know what to put in here... default: load pptp1 pptp1: new -i ng0 pptp1 pptp1 set iface disable on-demand set iface enable proxy-arp set iface idle 0 set iface enable tcpmssfix set bundle enable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp ranges 192.168.1.4/32 192.168.1.151/32 set ipcp dns 192.168.1.4 set ipcp nbns 192.168.1.4 set link disable pap set bundle enable compression set ccp yes mppc #set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless #set bundle enable crypt-reqd ==/usr/local/etc/mpd4/mpd.linksf pptp1: set link type pptp ## define the link type protocol as PPTP set pptp self 192.168.1.4## define the IP address on which MPD will run set pptp enable incoming ## define the connection as Incoming set pptp disable originate ## enables PPTP connection for communication with the client And then I also have a mpd.secrets file of course. I can start the service, but I don't see any pptp interface after an ifconfig command. And netstat -an does not show any port 1723 listening. Do I need to have a customized kernel to make it work? Or are there any obvious errors in the above configuration? Regards, Jon Theil Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]