Love MPD, but a few questions
rsauve_admin at securenet.net
rsauve_admin at securenet.net
Tue May 18 19:24:12 PDT 2004
Thanks, this basically confirms rather that I am doing it correctly,
using the same initial ip and reassigning it on authentification.
The question of alternate authentification methods (ie: no plaintext
passwords) remains ;^)
> http://www.section6.net/help/pptphow.php
>
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
> rsauve_admin at securenet.net
> Sent: Tuesday, May 18, 2004 10:26 AM
> To: freebsd-questions at freebsd.org
> Subject: Love MPD, but a few questions
>
> Hi all,
>
> I've been using mpd as a pptp/vpn server for a few projects and I really
>
> like it with very few reservations.
>
> Thanks for a great port.
>
> I'm using FreeBSD 4.x and 5.2.1 and mpd-3.15_1
>
> When I was first trying to set it up, I screwed around with the configs,
>
> until I could get it to work and I
> now realize that I've likely left in some rather major fudges.
>
> Everything works really well.
> I've set up scripts to manage users and rebuild the conf and links files
>
> and restart mpd for dynamic ip setups
>
> I'm from the school of 'if it ain't broke, don't fix it'
> Nonetheless, I still feel that I'm not quite doing it right
>
> The mpd.conf, in particular is what I'm talking about
> Below are some config samples
>
> Any suggestions would be appreciated
>
> Richard Sauvé - rsauve_admin at securenet.net
>
> ### CONFS, ETC BELOW ############3
>
> Here is an example setup
>
> 172.19.45.1 is aliased to lo0 to keep samba and others happy at boot, as
>
> I've found it better to delay
> mpd starting at boot time
>
> ## mpd.conf - reduced
>
> default:
> load pptp0
> load pptp1
> load pptp2
>
> pptp0:
> new -i ng0 pptp0 pptp0
> set ipcp ranges 172.19.45.2/24 172.19.45.100/24
> load pptp_standard
>
> pptp1:
> new -i ng1 pptp1 pptp1
> set ipcp ranges 172.19.45.2/24 172.19.45.100/24
> load pptp_standard
>
> pptp2:
> new -i ng2 pptp2 pptp2
> set ipcp ranges 172.19.45.2/24 172.19.45.100/24
> load pptp_standard
>
> pptp_standard:
> set iface disable on-demand
> set iface enable proxy-arp
> set bundle enable multilink
> set link yes acfcomp protocomp
> set link no pap chap
> set link enable chap
> set link keep-alive 10 60
> set ipcp yes vjcomp
> set ipcp dns 172.19.45.2
> set ipcp nbns 172.19.45.2
> set bundle enable compression
> set ccp yes mppc
> set ccp yes mpp-e40
> set ccp yes mpp-e128
> set ccp yes mpp-stateless
> set bundle yes crypt-reqd
>
> #######################################
> ## mpd.links - 000.000.000.000 replaces the WAN ip
>
> pptp0:
> set link type pptp
> set pptp self 000.000.000.000
> set pptp enable incoming
> set pptp disable originate
>
> pptp1:
> set link type pptp
> set pptp self 000.000.000.000
> set pptp enable incoming
> set pptp disable originate
>
> pptp2:
> set link type pptp
> set pptp self 000.000.000.000
> set pptp enable incoming
> set pptp disable originate
>
> ##############################3
> ## mpd.secret
>
> user1 "ghi123" 172.19.45.101
> user2 "def123" 172.19.45.103
> user3 "abc123" 172.19.45.104
>
>
> thanks for any pointers in advance,
>
> Richard Sauvé - rsauve_admin at securenet.net
>
> PS: I've seen references to authenticating mpd with radius, or other
> ways, but no how-to's.
> It kind of bothers me to have plain-text passwords anywhere on the
> system, even if only readable by root.
> If root has them on a tty, they are world readable !
>
>
> 'It's good to be root'
>
>
>
>
> ---------------------------------------------
> This message was sent using SecureNet Mailman.
> http://www.securenet.net/
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
---------------------------------------------
This message was sent using SecureNet Mailman.
http://www.securenet.net/
More information about the freebsd-questions
mailing list