Love MPD, but a few questions

rsauve_admin at securenet.net rsauve_admin at securenet.net
Tue May 18 19:24:12 PDT 2004


Thanks, this basically confirms rather that I am doing it correctly, 
using the same initial ip and reassigning it on authentification.

The question of alternate authentification methods (ie: no plaintext 
passwords) remains ;^)

> http://www.section6.net/help/pptphow.php
> 
> 
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
> rsauve_admin at securenet.net
> Sent: Tuesday, May 18, 2004 10:26 AM
> To: freebsd-questions at freebsd.org
> Subject: Love MPD, but a few questions
> 
> Hi all,
> 
> I've been using mpd as a pptp/vpn server for a few projects and I really
> 
> like it with very few reservations.
> 
> Thanks for a great port.
> 
> I'm using FreeBSD 4.x and 5.2.1 and mpd-3.15_1
> 
> When I was first trying to set it up, I screwed around with the configs,
> 
> until I could get it to work and I
> now realize that I've likely left in some rather major fudges.
> 
> Everything works really well.
> I've set up scripts to manage users and rebuild the conf and links files
> 
> and restart mpd for dynamic ip setups
> 
> I'm from the school of 'if it ain't broke, don't fix it'
> Nonetheless, I still feel that I'm not quite doing it right
> 
> The mpd.conf, in particular is what I'm talking about
> Below are some config samples
> 
> Any suggestions would be appreciated
> 
> Richard Sauvé - rsauve_admin at securenet.net
> 
> ### CONFS, ETC BELOW ############3
> 
> Here is an example setup
> 
> 172.19.45.1 is aliased to lo0 to keep samba and others happy at boot, as
> 
> I've found it better to delay
> mpd starting at boot time
> 
> ## mpd.conf - reduced
> 
> default:
>         load pptp0
>         load pptp1
>         load pptp2
> 
> pptp0:
>                new -i ng0 pptp0 pptp0
>                set ipcp ranges 172.19.45.2/24 172.19.45.100/24
>                load pptp_standard
> 
> pptp1:
>                new -i ng1 pptp1 pptp1
>                set ipcp ranges 172.19.45.2/24 172.19.45.100/24
>                load pptp_standard
> 
> pptp2:
>                new -i ng2 pptp2 pptp2
>                set ipcp ranges 172.19.45.2/24 172.19.45.100/24
>                load pptp_standard
> 
> pptp_standard:
>                set iface disable on-demand
>                set iface enable proxy-arp
>                set bundle enable multilink
>                set link yes acfcomp protocomp
>                set link no pap chap
>                set link enable chap
>                set link keep-alive 10 60
>                set ipcp yes vjcomp
>                set ipcp dns 172.19.45.2
>                set ipcp nbns 172.19.45.2
>                set bundle enable compression
>                set ccp yes mppc
>                set ccp yes mpp-e40
>                set ccp yes mpp-e128
>                set ccp yes mpp-stateless
>                 set bundle yes crypt-reqd
> 
> #######################################
> ## mpd.links - 000.000.000.000 replaces the WAN ip
> 
> pptp0:
>         set link type pptp
>         set pptp self 000.000.000.000
>         set pptp enable incoming
>         set pptp disable originate
> 
> pptp1:
>         set link type pptp
>         set pptp self 000.000.000.000
>         set pptp enable incoming
>         set pptp disable originate
> 
> pptp2:
>         set link type pptp
>         set pptp self 000.000.000.000
>         set pptp enable incoming
>         set pptp disable originate
> 
> ##############################3
> ## mpd.secret
> 
> user1	"ghi123"		172.19.45.101
> user2	 "def123"	172.19.45.103
> user3	 "abc123"	172.19.45.104
> 
> 
> thanks for any pointers in advance,
> 
> Richard Sauvé - rsauve_admin at securenet.net
> 
> PS: I've seen references to authenticating mpd with radius, or other 
> ways, but no how-to's.
> It kind of bothers me to have plain-text passwords anywhere on the 
> system, even if only readable by root.
> If root has them on a tty, they are world readable !
> 
> 
> 'It's good to be root'
> 
> 
> 
> 
> ---------------------------------------------
> This message was sent using SecureNet Mailman.
> http://www.securenet.net/
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> 





---------------------------------------------
This message was sent using SecureNet Mailman.
http://www.securenet.net/




More information about the freebsd-questions mailing list