Configuring ADSL PPTP connection (for example with Austrian DSL providers) on FreeBSD with mpd5
25 Sep 2019 - tsp
Last update 25 Sep 2019
3 mins
Since I configured the machine of a friend today and he has configured his
modem to run in singleuser mode (i.e. the modem is not required to do any
stuff like network address translation, run a local DHCP server, be a wireless
LAN access point, filter traffic, etc.) and he wanted to just forward traffic
from his public subnet arriving via the digital subscriber line at his modem
to his internal network - and there modern documentation for mpd with
a version higher than 4 was hard to find here is a short summary on how
to perform such a configuration.
Required software
There are currently two working solutions to use PPTP in client mode on FreeBSD.
The first one is to use net/mpd5 which implements an PPP client as well as
PPP server, the other is to use net/pptpclient which just supports PPTP
and this only in client mode. Since it’s more common and major this article
focuses on the first possibility.
First one is required to install mpd5. This can be done either by
binary package or by port. To install the package
pkg install net/mpd5
To build the port one uses the usual
cd /usr/ports/net/mpd5
make install clean
configuration
The basic configuration is easy. It’s done through the files at /usr/local/etc/mpd5
and there mainly through the mpd.conf.
Basically one can use a configuration like the following:
startup:
default:
load adsl
adsl:
create bundle static adslBundle
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set iface route default
set iface disable on-demand
set iface enable proxy-arp
set iface idle 0
set iface enable nat
create link static adsl pptp
set link action bundle adslBundle
set link no pap acfcomp protocomp
set link disable chap
set link accept chap
set link keep-alive 30 10
set link max-redial 0
set auth authname XXXXXXXXXXX
set auth password XXXXXXXXXXX
set disable multilink
set pptp peer 10.0.0.138
set pptp disable windowing
open
Authname and password have to be set to your credentials of course. This creates
a PPP profile called adsl, an link called internally adsl that’s
using PPTP and an configuration bundle that’s used within that’s called adslBundle.
These names are of course interchangeable arbitrarily.
The 10.0.0.138 address might have to be modified. This is the address your
modem gets (statically) assigned with it’s singleuser configuration.
After startup the mpd5 daeomon will create an netgraph interface (for
example ng0). If one wants to assign a different name one can use
set iface name NAMEOFYOURINTERFACE
during the link commands. This might be interesting if you configure multiple connections or interfaces.
The configuration of iface enable nat instructs mpd5 to perform
network address translation over your dialup line - this allows other systems
to use your internet connection (as default route - which will automatically
be set on your host because of iface route default) if you have enabled
package forwarding on your routing machine (sysctl value net.inet.ip.forwarding
set to 1 which is also enabled with the gateway_enabled="YES" setting in
your /etc/rc.conf). If you use public IP addresses in your network one
can discard the NAT configuration.
Since the profile is listed under default and end with open it will be
initialized during the startup of mpd5. To test your configuration
you can run mpd5 adsl to connect with the adsl profile and show
status on the console. The rc init scripts will later call mpd5 -b to move
into background.
Note that since idle has been set to 0 and on-demand has been
disabled the mpd5 will try to stay connected 24/7, not only when some
node tries to forward traffic.
This article is tagged:
