On Fri, Jun 19, 2020 at 12:23:58AM +0700, Eugene Grosbein wrote:
> 19.06.2020 0:09, The Doctor via freebsd-ports wrote:
>
> > Would anyone like to help me port this application?
> >
> > Very Linux based but coould be BSD convertible.
> >
> >
> > It would make a good addition to the net ports.
>
> We already have net/mpd5 in ports for this task.
>
Wonder if my mpd5.conf is configured properly?
#################################################################
#
# MPD configuration file
#
# This file defines the configuration for mpd: what the
# bundles are, what the links are in those bundles, how
# the interface should be configured, various PPP parameters,
# etc. It contains commands just as you would type them
# in at the console. Lines without padding are labels. Lines
# starting with a "#" are comments.
#
# $Id: mpd.conf.sample,v 1.49 2015/06/02 08:30:35 dmitryluhtionov Exp $
#
#################################################################
startup:
# configure mpd users
set user admin Secret admin
#set user foo1 bar1
# configure the console
set console self 127.0.0.1 5005
set console open
# configure the web server
set web self 0.0.0.0 5006
set web open
default:
load radius
load l2tp_server
load pptp_server
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
# machine running mpd is at 192.168.1.1, and also has an externally visible
# IP address of 1.2.3.4.
#
# We want to allow a client to connect to 1.2.3.4 from out on the Internet
# via PPTP. We will assign that client the address 192.168.1.50 and proxy-ARP
# for that address, so the virtual PPP link will be numbered 192.168.1.1 local
# and 192.168.1.50 remote. From the client machine's perspective, it will
# appear as if it is actually on the 192.168.1.0/24 network, even though in
# reality it is somewhere far away out on the Internet.
#
# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
# If you don't have an NBNS server, leave that line out.
#
# Define dynamic IP address pool.
set ippool add pool1 10.10.0.0 10.255.255.254
# Create clonable bundle template named B
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 10.10.0.1/32 ippool pool1
set ipcp dns 192.168.81.1
#set ipcp nbns 192.168.81.3
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
# Create clonable link template named L
create link template L pptp
# Set bundle template to use
set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap eap
set link enable pap
set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
load radius
set link keep-alive 10 60
# Enable utmp/wtmp logging
# set auth enable system-acct
# We reducing link mtu to avoid GRE packet fragmentation.
set link mtu 1460
# Configure PPTP
set pptp self 0.0.0.0
# Allow to accept calls
set link enable incoming
l2tp_server:
# Define dynamic IP address pool.
set ippool add pool1 10.12.0.0 10.12.255.254
# Create clonable bundle template named B
create bundle template B_l2tp
set bundle enable compression
set iface enable proxy-arp
set iface enable tcpmssfix
set ifce mtu 1280
set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
set ipcp ranges 10.12.0.1/32 ippool pool_l2tp
set ipcp dns 192.168.81.1
# Create clonable link template named L
create link template L_l2tp l2tp
set link action bundle B_l2tp
set link keep-alive 0 0
set link yes acfcomp protocomp
set link no pap chap eap
set link enable pap
set link enable chap
# Configure L2TP
set l2tp self 0.0.0.0
set l2tp disable dataseq
# Allow to accept calls
set link enable incoming
pptp_vpn:
#
# Mpd using PPTP for LAN to LAN VPN, always connected.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
# remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
# between these two private networks using a PPTP VPN over the Internet.
#
# You run mpd on dual-homed machines on either end. Say the local machine
# has internal address 192.168.1.1 and externally visible address 1.2.3.4,
# and the remote machine has internal address 192.168.2.1 and externally
# visible address 2.3.4.5.
#
# Note: mpd does not support the peer's "inside" IP address being the same
# as its "outside" IP address. In the above example, this means that
# 192.168.2.1 != 2.3.4.5.
#
# The "inside" IP addresses are configured by "set ipcp ranges ..."
# (in mpd.conf) while the "outside" IP addreses are configured by
# "set pptp self ..." and "set pptp peer ...".
#
create bundle static B1
set ipcp ranges 10.10.1.1/32 10.10.2.1/32
set iface route 192.168.2.0/24
# Enable Microsoft Point-to-Point encryption (MPPE)
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set bundle enable crypt-reqd
set mppc yes stateless
create link static L1 pptp
set link action bundle B1
# Enable both sides to authenticat each other with CHAP
set link no pap chap eap
set link yes chap
#set auth authname "VpnLogin"
#set auth password "VpnPassword"
set link mtu 1460
set link keep-alive 10 75
set link max-redial 0
# Configure PPTP and open link
set pptp self 10.2.3.4
set pptp peer 10.3.4.5
set link enable incoming
open
pptp_client:
#
# PPTP client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B1
set bundle enable compression
set ccp yes mppc
set mppc no e40
set mppc yes e128
set mppc yes stateless
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
# Enable network Address Translation (NAT)
# and forward tcp port 80 to the internal network machine with IP 192.168.0.1
set iface enable nat
set nat red-port tcp 0.0.0.0 80 192.168.0.1 80
create link static L1 pptp
set link action bundle B1
set auth authname MyLogin
set auth password MyPass
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer 1.2.3.4
set pptp disable windowing
open
pppoe_server:
#
# Multihomed multilink PPPoE server
#
# Create clonable bundle template
create bundle template B
# Set IP addresses. Peer address will be later replaced by RADIUS.
set ipcp ranges 192.168.0.1/32 127.0.0.2/32
# Create link template with common info
create link template common pppoe
# Enable multilink protocol
set link enable multilink
# Set bundle template to use
set link action bundle B
# Enable peer authentication
set link disable chap pap eap
set link enable pap
load radius
set pppoe service "superisp"
# Create templates for ifaces to listen using 'common' template and let them go
create link template fxp0 common
set link max-children 1000
set pppoe iface fxp0
set link enable incoming
create link template fxp1 common
set link max-children 500
set pppoe iface fxp1
set link enable incoming
pppoe_client:
#
# PPPoE client: only outgoing calls, auto reconnect,
# ipcp-negotiated address, one-sided authentication,
# default route points on ISP's end
#
create bundle static B1
set iface route default
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static L1 pppoe
set link action bundle B1
set auth authname MyLogin
set auth password MyPass
set link max-redial 0
set link mtu 1460
set link keep-alive 10 60
set pppoe iface fxp0
set pppoe service ""
open
radius:
# You can use radius.conf(5), its useful, because you can share the
# same config with userland-ppp and other apps.
#set radius config /etc/radius.conf
#set radius config /usr/gnurad/etc/raddb/config
# or specify the server directly here
set radius server localhost Tone 1645 1646
set radius retries 3
set radius timeout 3
# send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
set radius me 10.11.1.1
# send accounting updates every 5 minutes
set auth acct-update 300
# enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
set auth enable radius-auth
# enable RADIUS accounting
set auth enable radius-acct
# protect our requests with the message-authenticator
set radius enable message-authentic
simple_lac:
#
# This is a simple L2TP access concentrator which receives PPPoE calls
# and forwards them to LNS on 1.2.3.4
#
create link template L1 pppoe
set pppoe iface fxp0
set link action forward L2
set link enable incoming
create link template L2 l2tp
set l2tp peer 1.2.3.4
complete_lac:
#
# This is more complicated L2TP access concentrator which receives PPPoE calls
# and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
# if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
# all other connections processes itself localy using internal auth and
# assigning dynamic IP from specified pool.
#
set ippool add pool1 10.12.0.1 10.12.255.254
create link template L1 pppoe
set pppoe iface igb0
# We must ask authentication to get peer login
set link no pap chap eap
set link enable pap
set link action forward L2 "@corp1\\.net$"
set link action forward L3 "@corp2\\.net$"
set link action bundle B1
set link enable incoming
create link template L2 l2tp
set l2tp peer 10.2.3.4
set l2tp secret corp1secret
create link template L3 l2tp
set l2tp peer 10.3.4.5
set l2tp secret corp2secret
create bundle template B1
set ipcp ranges 10.12.1.1/32 ippool pool1
>
> _______________________________________________
> freebsd-ports@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
nk.ca started 1 June 1995 . https://www.empire.kred/ROOTNK?t=94a1f39b
Better shun the bait, than struggle in the snare. -John Dryden
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
