Running PoPToP in FreeBSD

Running PoPToP in FreeBSD

Written and maintained by John Heyer, SupraNet Communications.

  1. Requirements and Limitations
  2. Kernel Configuration
  3. PPTPd Installation and Configuration
  4. PPP Configuration and Authentication
  5. Debugging
  6. Client Configuration Notes

Requirements and Limitations

PoPToP requires FreeBSD 3.1 or later with support for packet tunnels ("tun" devices). This document describes how to run PoPToP with PPP (aka "userland ppp"), not PPPd. Because of this, the setup is quite different from Linux. My attempts to use PPPd instead have been a big failure, so please contact me if you've had any luck with it.

FreeBSD PPP does not support encryption, so either does PoPToP, by default. However if you really want it to try and get it working, a patch may be found here.

Unless you have the need to run several simultaneous connections, I'd recommend using mpd instead of PoPToP. It offers encryption natively, and is actively being developed. Check out this setup guide or view my configuration files to get started.

Kernel Requirements

3.X Kernels

Support for 1 simultaneous tunnel is included in the "GENERIC" kernel. If you've built a Kernel without tunnels or want more than one, you'll have to recompile the Kernel and add or modify this line:

pseudo-device   tun     X

Where "X" is the maximum amount of simultaneous tunnels (connections) to allow. Also after loading the new Kernel you will have to create the device files with these commands.

cd /dev
./MAKEDEV tun[1-X]

Where "X" again is the maximum amount of simultaneous tunnels.

4.X Kernels

In 4.0 and later, you simply need this line, which is included in the "GENERIC" Kernel:

pseudo-device   tun             # Packet tunnel.

PPTPd Installation and Configuration

This is the easy part - just install poptop from Packages or Ports under the "net" category. If you prefer to compile it yourself, make sure you configure it with "--with-bsdppp". Then setup your pptpd.conf file, usually in /usr/local/etc. Mine looks like this:

option /etc/ppp/ppp.conf
# turn debugging on only if you need it
##debug
# if you have multiple addresses and only want to "listen" on one:
##listen 208.212.80.82
localip 192.168.0.129
remoteip 192.168.0.130-139
pidfile /var/run/pptpd.pid

This says use /etc/ppp/ppp.conf for PPP configuration, turn on debugging, use 192.168.0.129 as the server IP address, and assign 192.168.0.130 thru 192.168.0.139 to clients. You can specify a range for your server as well, but make sure the server and client pools don't overlap.

PPP Configuration

  1. /etc/ppp/ppp.conf
  2. /etc/ppp/secure
  3. /etc/ppp/ppp.secret

/etc/ppp/ppp.conf

Now for some copying and pasting. First add the following lines to your /etc/ppp/ppp.conf file. 

loop:
 set timeout 0
 set log phase chat connect lcp ipcp command
 set device localhost:pptp
 set dial
 set login
 # Server (local) IP address, Range for Clients, and Netmask
 set ifaddr 192.168.0.129 192.168.0.130-192.168.0.139 255.255.255.255
 set server /tmp/loop "" 0177

loop-in:
 set timeout 0
 set log phase lcp ipcp command
 allow mode direct

pptp:
 load loop
 enable chap
 disable pap
 # Authenticate against /etc/passwd
 ##enable passwdauth
 enable proxy
 accept dns
 # DNS Servers to assign client
 set dns 192.168.0.1 192.168.0.2
 # NetBIOS/WINS Servers to assign client
 set nbns 192.168.0.15 192.168.0.16
 set device !/etc/ppp/secure

/etc/ppp/secure

Create a /etc/ppp/secure file with the following lines and chmod u+x on it

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/ppp.secret

If you don't want to use passwdauth, you must create a /etc/ppp/ppp.secret file containing usernames and passwords for authentication. For example:

bill	Saxophone
jimmy	Peanuts
george	HorseShoes

Obviously the passwords are in clear text, so make sure this file is not world readable.

Debugging

If "debug" is enabled in pptpd.conf, pptpd will write some debugging information to /var/log/messages. Most of the useful information however is actually written by PPP in the file /var/log/ppp.log.

Client Configuration Notes

Windows NT

In Windows NT, make sure "Enable software compression" and "Use IP header compression" are unchecked. These options seems to work fine in Windows 95/98 clients, but may cause the client to hang during "Registering on Network" phase with NT clients.





i have problem

Submitted by nima mohammadi (not verified) on Tue, 01/19/2010 - 15:23.

hi
i configured my poptop as you said but i can`t connect to my server and in my /var/log/message

Jan 15 17:22:45 firewall ppp[1596]: Warning: Label /etc/ppp/ppp.conf rejected -direct connection: Configuration label not found
Jan 15 17:22:45 firewall pptpd[1595]: GRE: read(fd=7,buffer=80589c0,len=8196) from PTY failed: status = 0 error = No error
Jan 15 17:22:45 firewall pptpd[1595]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)

help me please!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.