在FreeBSD上用mpd5構建PPTP VPN Server

在FreeBSD上用mpd5構建PPTP VPN Server 幫一個朋友公司維護服務器，很變態，他們的服務器放在某國企自建機房，設定了僅允許通過朋友公司路由器固定IP地址才能連接訪問，遠程管理維護極不方便。正好平時為了測試和內部版本管理方便，在他們公司內部搭建了一台服務器，就用這個來做個跳板吧。 服務器安裝的是FreeBSD 9.1 64位版，安裝過程就不贅述了，直接進主題： 1、更新ports #portsnap fetch update 2、安裝MPD5 #cd /usr/ports/net/mpd5 #make install clean 3、配置 #cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf #ee /usr/local/etc/mpd5/mpd.conf 修改 startup: default: pptp_server: 這三塊 部分粘貼如下，修改見備注 startup: # configure mpd users set user shuqi888 loveosc ### 設置 mpd 的訪問帳號及密碼，通過 telnet 或 web 訪問時需要此帳號,此例中管理員名shuqi888，密碼loveosc #set user foo1 bar1 # configure the console set console self 127.0.0.1 5005 set console open # configure the web server set web self 0.0.0.0 5006 set web open # Default configuration is "dialup" default: #load dialup 注釋掉dialup load pptp_server ### 更改默認調用 pptp_server 模塊 pptp_server: # # Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients. # # Suppose you have a private Office LAN numbered 192.168.1.0/24 and the # machine running mpd is at 192.168.1.1, and also has an externally visible # IP address of 1.2.3.4. # # We want to allow a client to connect to 1.2.3.4 from out on the Internet # via PPTP. We will assign that client the address 192.168.1.50 and proxy-ARP # for that address, so the virtual PPP link will be numbered 192.168.1.1 local # and 192.168.1.50 remote. From the client machine's perspective, it will # appear as if it is actually on the 192.168.1.0/24 network, even though in # reality it is somewhere far away out on the Internet. # # Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4. # If you don't have an NBNS server, leave that line out. # # Define dynamic IP address pool. set ippool add pool1 192.168.1.50 192.168.1.99 ##這裡可以設定撥入後的私有IP # Create clonable bundle template named B create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set ipcp yes vjcomp # Specify IP address pool for dynamic assigment. set ipcp ranges 192.168.1.1/32 ippool pool1 set ipcp dns 8.8.8.8 ### 設置 dns，我喜歡谷歌的 #set ipcp nbns 192.168.1.4 ###如果你用不到 wins 的話，可以注釋掉這塊， # The five lines below enable Microsoft Point-to-Point encryption # (MPPE) using the ng_mppc(8) netgraph node type. set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless # Create clonable link template named L create link template L pptp # Set bundle template to use set link action bundle B # Multilink adds some overhead, but gives full 1500 MTU. set link enable multilink set link yes acfcomp protocomp set link no pap chap eap set link enable chap # We can use use RADIUS authentication/accounting by including # another config section with label 'radius'. # load radius set link keep-alive 10 60 # We reducing link mtu to avoid GRE packet fragmentation. set link mtu 1460 # Configure PPTP set pptp self 192.168.1.201 ###設置 pptp 的監聽 ip 地址，也就是你的網卡的 真實IP 地址，這裡一定要注意，如果是通過路由器端口映射出去的主機，這裡不能填路由器地址，而應該是網卡上配置的真實IP地址。 # Allow to accept calls set link enable incoming 保存退出。 4、設定及啟動 #ee /etc/rc.conf 加入 mpd_enable="YES" 啟動mpd5 #/usr/local/etc/rc.d/mpd5 start 添加VPN帳號 #ee /usr/local/etc/mpd5/mpd.secret 輸入用戶名和密碼，一行一個，如 vpnuser1 password001 啟用包轉發（不做這一步，雖然可以連上VPN，但只能訪問內網，無法訪問外網） #sysctl net.inet.ip.forwarding=1 至此安裝配置完成，可以在Windows中新建一個VPN連接了。 通過web訪問可以看到當前撥入連接的狀態