====== MPD for PPTP ======
/usr/local/etc/mpd5/mpd.conf
startup:
# configure mpd users 设置管理账号, 用户名 user 密码 pass
set user user pass admin
# configure the console 设置Telnet管理监听地址和端口
set console self 127.0.0.1 5005
set console open
# configure the web server 设置网页管理监听地址和端口
set web self 127.0.0.1 5006
set web open
default:
load pptp_server
pptp_server:
# Define dynamic IP address pool. 设置动态分配给接入客户端的IP
set ippool add pool1 192.168.102.100 192.168.102.200
# Create clonable bundle template named PPTP
create bundle template PPTP
set iface enable proxy-arp
set iface idle 0
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment. 设置拨入后服务端的IP
set ipcp ranges 192.168.102.254/32 ippool pool1
set ipcp dns 8.8.8.8 8.8.4.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
# 启用e40 e56是为了一些终端例如iOS使用
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e56
set mppc yes e128
set mppc yes stateless
# Create clonable link template named VPN
create link template VPN pptp
# Set bundle template to use
set link action bundle PPTP
# Multilink adds some overhead, but gives full 1500 MTU.
# 多重链接有时候会有MTU问题, 不建议启用(默认不启用)
#set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link yes chap-msv2
set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation. 将MTU设为1300避免GRE包碎片
set link mtu 1300
# Configure PPTP 如果服务器有多个IP, 需要指定监听某个IP, 则需要配置下面一行
# set pptp self 1.2.3.4
# Allow to accept calls
set link enable incoming
# 只允许每个账号1次链接
# set auth max-logins 1
用户配置 /usr/local/etc/mpd5/mpd.secret, 格式为
username password
还需要配置NAT
配置pf.conf, 替换$ext_if为外网网卡
scrub all no-df random-id fragment reassemble
nat on $ext_if from { 192.168.102/24 } to any -> ($ext_if)
{{tag>freebsd mpd pptp vpn}}