mpd5

Опубликовано 11/28/2014 автором Eugen

Установка

Ставим из портов mpd5:

# make -C /usr/ports/net/mpd5 fetch-recursive

# make -C /usr/ports/net/mpd5 install clean

┌────────────────────────────────────────────────────────────────────┐
│ Options for mpd 5.6                                                │  
│ ┌────────────────────────────────────────────────────────────────┐ │  
│ │ [ ] NG_CAR     Use ng_car kernel module from port (< 7.0 only) │ │  
│ │ [ ] NG_IPACCT  Use ng_ipacct kernel module from port           │ │  
│ └────────────────────────────────────────────────────────────────┘ │  
├────────────────────────────────────────────────────────────────────┤  
│                   <  OK  >                                 │  
└────────────────────────────────────────────────────────────────────┘

Настройка

Ссылки на конфигурации
Клиент Сервер
PPTP Клиент PPTP Сервер PPTP
PPPoE Клиент PPPoE Сервер PPPoE
L2TP Клиент L2TP Сервер L2TP

У файлов из /usr/local/etc/mpd5/ делаем копии без .sample

В mpd.secret удаляем все и прописываем имя, пароль и, при необходимости, IP адресс в открытом виде через табуляцию.

startup:
	# configure mpd users
	set user foo bar admin
	set user foo1 bar1
	# configure the console
	set console self 127.0.0.1 5005
	set console open
	# configure the web server
	set web self 0.0.0.0 5006
	set web open

default:
	load pptp_server

В /etc/rc.conf

mpd_enable="YES"
gateway_enable="YES"

Запускаем:

sysctl net.inet.ip.forwarding=1
/usr/local/etc/rc.d/mpd5 start

Все, можно подключаться стандартным виндовым клиентом.

Клиент

Клиент PPTP

Клиент PPPoE

Code: mpd.conf 
pppoe_client:
	create bundle static B1
	set iface enable tcpmssfix
	set iface up-script /usr/local/etc/mpd5/io-up.sh
	set iface down-script /usr/local/etc/mpd5/io-down.sh

	create link static L1 pppoe
	set link action bundle B1
	set auth authname AUTHNAME
	set auth password PASSWORD
	set link max-redial 0
	set link mtu 1492
	set link keep-alive 10 60
	set pppoe iface vlan3
	set pppoe service ""
	open

Клиент L2TP

Beeline
Code: mpd.conf 
timeout 60;
retry 60;

interface "re0"
{
	request subnet-mask,
		broadcast-address,
		static-routes,
		routers,
		static-routes,
		time-offset,
		host-name;
	require subnet-mask;
}
Code: /etc/dhclient.conf 
l2tp_client_beeline:
	create bundle static B2
	set iface enable tcpmssfix
	set iface up-script /usr/local/etc/mpd5/l2tp_client_beeline_up.sh
	set iface down-script /usr/local/etc/mpd5/l2tp_client_beeline_down.sh
	set ipcp ranges 0.0.0.0/0 0.0.0.0/0
	set ipcp no vjcomp

	create link static L2 l2tp
	set link action bundle B2
	set link disable chap
	set link accept chap
	set link latency 0
	set link max-redial 0
	set link mtu 1460
	set link keep-alive 60 180
	set l2tp peer tp.internet.beeline.ru
	set auth authname login
	set auth password password
	open
Code: mpd.conf
Code: l2tp_client_beeline_up.sh
Code: l2tp_client_beeline_down.sh

Сервер

Сервер L2TP 

l2tp_server:
# 
# Define dynamic IP address pool.
	set ippool add pool1 10.10.2.20 10.10.2.254

# Create clonable bundle template named B
	create bundle template B
	set iface enable proxy-arp
	set iface idle 1800
	set iface enable tcpmssfix
	set iface route 10.10.2.1
	set iface up-script /usr/local/etc/mpd5/l2tp_server_up.sh
	set iface down-script /usr/local/etc/mpd5/l2tp_server_down.sh
	set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
	set ipcp ranges 10.10.2.1/24 ippool pool1
	set ipcp dns 10.10.2.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
	set bundle enable compression
	set ccp yes mppc
	set mppc yes e40
	set mppc yes e128
	set mppc yes stateless
# Create clonable link template named L
	create link template L l2tp
# Set bundle template to use
	set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
	set link enable multilink
	set link yes acfcomp protocomp
	set link no pap chap
	set link enable chap
	set link enable chap-msv1
	set link enable chap-msv2
	set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation
	set link mtu 1460
# Configure l2tp
# IP
	set l2tp self 0.0.0.0
# Allow to accept calls
	set link enable incoming

Сервер PPPoE

Code: L2TP 
pppoe_server:
	set ippool add poolsat 10.0.2.2 10.0.2.245
	create bundle template B
	set iface enable proxy-arp
	set iface idle 0
	set iface enable tcpmssfix
	set ipcp yes vjcomp
	set ipcp ranges 10.0.2.0/24 ippool poolsat
#	set ipcp dns 10.0.2.1
#	set ipcp nbns 10.0.2.1
# Enable Microsoft Point-to-Point encryption (MPPE)
	set bundle enable compression
	set ccp yes mppc
	set mppc yes compress e40 e56 e128 stateless
# Create clonable link template named L
	create link template L pptp
# Set bundle template to use
	set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU
	set link enable multilink
	set link yes acfcomp protocomp
	set link no pap chap eap
	set link enable chap
	set link enable chap-msv1
	set link enable chap-msv2
# We reducing link mtu to avoid GRE packet fragmentation.
	set link mtu 1460
	set link keep-alive 10 60
# Configure PPTP and open link
	set pptp self 0.0.0.0
# Allow to accept calls
	set link enable incoming

Сервер PPTP

Code: PPPoE 
pptp_server:
# Define dynamic IP address pool.
	set ippool add pool1 192.168.100.2 192.168.100.254

# Create clonable bundle template named B
	create bundle template B
#	set iface enable proxy-arp
	set iface idle 1800
	set iface enable tcpmssfix
	set iface route 192.168.100.1
	set iface up-script /usr/local/etc/mpd5/pptp_server_up.sh
	set iface down-script /usr/local/etc/mpd5/pptp_server_down.sh
	set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
	set ipcp ranges 192.168.100.1/24 ippool pool1
	set ipcp dns 192.168.100.1
	set ipcp nbns 192.168.100.1
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
	set bundle enable compression
	set ccp yes mppc
	set mppc yes e40
#	set mppc yes e56
	set mppc yes e128
	set mppc yes stateless

# Create clonable link template named L
	create link template L pptp
# Set bundle template to use
	set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
	set link enable multilink
	set link yes acfcomp protocomp
	set link no pap chap
	set link enable chap
	set link enable chap-msv1
	set link enable chap-msv2
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#	load radius
	set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
	set link mtu 1460
#	set link mru 1460
#	set link mrru 1024
# Configure PPTP
	set pptp self 0.0.0.0
# Allow to accept calls
	set link enable incoming

Параметры скриптов

Code: PPTP
Параметр Описание Пример
Script Полный путь и название скрипта /usr/local/etc/mpd5/script_up.sh
Interface Интерфейс ng3
Proto Протокол inet
Local-ip IP локальной машины 10.0.0.1/32
Remote-ip IP удаленной машины 10.0.0.17
Authname Логин user
Peer-address IP подключаемого хоста 192.168.0.1

Лог

Использование

Автоматический запуск

# VPN
mpd_enable="YES"

Запуск из консоли

Code: /etc/rc.conf 
# mpd5 confname

Источник wiki.bsdportal.ru/index.php/FreeBSD:mpd5

Запись опубликована в рубрике *Unix,*Linux, FreeBSD. Добавьте в закладки постоянную ссылку.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Я не спамер This plugin created by Alexei91

Code: sh