====== MPD for PPTP ======

/usr/local/etc/mpd5/mpd.conf

<code>
startup:
        # configure mpd users 设置管理账号, 用户名 user 密码 pass
        set user user pass admin
        # configure the console 设置Telnet管理监听地址和端口
        set console self 127.0.0.1 5005
        set console open
        # configure the web server 设置网页管理监听地址和端口
        set web self 127.0.0.1 5006
        set web open

default:
        load pptp_server

pptp_server:
# Define dynamic IP address pool. 设置动态分配给接入客户端的IP
        set ippool add pool1 192.168.102.100 192.168.102.200

# Create clonable bundle template named PPTP
        create bundle template PPTP
        set iface enable proxy-arp
        set iface idle 0
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment. 设置拨入后服务端的IP
        set ipcp ranges 192.168.102.254/32 ippool pool1
        set ipcp dns 8.8.8.8 8.8.4.4
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
# 启用e40 e56是为了一些终端例如iOS使用
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e56
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named VPN
        create link template VPN pptp
# Set bundle template to use
        set link action bundle PPTP
# Multilink adds some overhead, but gives full 1500 MTU.
# 多重链接有时候会有MTU问题, 不建议启用(默认不启用)
        #set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap
        set link yes chap-msv2
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation. 将MTU设为1300避免GRE包碎片
        set link mtu 1300
# Configure PPTP 如果服务器有多个IP, 需要指定监听某个IP, 则需要配置下面一行
#       set pptp self 1.2.3.4
# Allow to accept calls
        set link enable incoming
# 只允许每个账号1次链接
#        set auth max-logins 1
</code>

用户配置 /usr/local/etc/mpd5/mpd.secret, 格式为

<code>
username password
</code>

还需要配置NAT
配置pf.conf, 替换$ext_if为外网网卡

<code>
scrub all no-df random-id fragment reassemble
nat on $ext_if from { 192.168.102/24 } to any -> ($ext_if)
</code>

{{tag>freebsd mpd pptp vpn}}