Love MPD, but a few questions

rsauve_admin at securenet.net rsauve_admin at securenet.net
Tue May 18 10:25:43 PDT 2004 

Hi all,

I've been using mpd as a pptp/vpn server for a few projects and I really 
like it with very few reservations.

Thanks for a great port.

I'm using FreeBSD 4.x and 5.2.1 and mpd-3.15_1

When I was first trying to set it up, I screwed around with the configs, 
until I could get it to work and I
now realize that I've likely left in some rather major fudges.

Everything works really well.
I've set up scripts to manage users and rebuild the conf and links files 
and restart mpd for dynamic ip setups

I'm from the school of 'if it ain't broke, don't fix it'
Nonetheless, I still feel that I'm not quite doing it right

The mpd.conf, in particular is what I'm talking about
Below are some config samples

Any suggestions would be appreciated

Richard Sauvé - rsauve_admin at securenet.net

### CONFS, ETC BELOW ############3

Here is an example setup

172.19.45.1 is aliased to lo0 to keep samba and others happy at boot, as 
I've found it better to delay
mpd starting at boot time

## mpd.conf - reduced

default:
        load pptp0
        load pptp1
        load pptp2

pptp0:
               new -i ng0 pptp0 pptp0
               set ipcp ranges 172.19.45.2/24 172.19.45.100/24
               load pptp_standard

pptp1:
               new -i ng1 pptp1 pptp1
               set ipcp ranges 172.19.45.2/24 172.19.45.100/24
               load pptp_standard

pptp2:
               new -i ng2 pptp2 pptp2
               set ipcp ranges 172.19.45.2/24 172.19.45.100/24
               load pptp_standard

pptp_standard:
               set iface disable on-demand
               set iface enable proxy-arp
               set bundle enable multilink
               set link yes acfcomp protocomp
               set link no pap chap
               set link enable chap
               set link keep-alive 10 60
               set ipcp yes vjcomp
               set ipcp dns 172.19.45.2
               set ipcp nbns 172.19.45.2
               set bundle enable compression
               set ccp yes mppc
               set ccp yes mpp-e40
               set ccp yes mpp-e128
               set ccp yes mpp-stateless
                set bundle yes crypt-reqd

#######################################
## mpd.links - 000.000.000.000 replaces the WAN ip

pptp0:
        set link type pptp
        set pptp self 000.000.000.000
        set pptp enable incoming
        set pptp disable originate

pptp1:
        set link type pptp
        set pptp self 000.000.000.000
        set pptp enable incoming
        set pptp disable originate

pptp2:
        set link type pptp
        set pptp self 000.000.000.000
        set pptp enable incoming
        set pptp disable originate

##############################3
## mpd.secret

user1	"ghi123"		172.19.45.101
user2	 "def123"	172.19.45.103
user3	 "abc123"	172.19.45.104


thanks for any pointers in advance,

Richard Sauvé - rsauve_admin at securenet.net

PS: I've seen references to authenticating mpd with radius, or other 
ways, but no how-to's.
It kind of bothers me to have plain-text passwords anywhere on the 
system, even if only readable by root.
If root has them on a tty, they are world readable !


'It's good to be root'




---------------------------------------------
This message was sent using SecureNet Mailman.
http://www.securenet.net/

More information about the freebsd-questions mailing list