FreeBSD下边PPTP VPN的安装

最近因工作需要开始研究VPN了.
windows下边的VPN没啥可专门研究的,装起来很简单.
考虑到VPN的兼容性,我们一般会选择PPTP的VPN来安装,因为Windows内置的VPN客户端就支持这个协议.
在FreeBSD里边,对于PPTP而言,Poptop和MPD是用得比较多的服务器端.
Poptop最后一次更新已是2009年8月份的事了.所以在我选择使用MPD来做服务器端.
首先是装好一个全新的FreeBSD,不用多说了,按之前在网上查到的资料,想要实现传输过程中进行压缩,需要在修改内核并重新编译.
在内核中加入如下内容:

# for mpd pptp server
#netgraph(4) system
options         NETGRAPH
options         NETGRAPH_ASYNC
options         NETGRAPH_BPF
options         NETGRAPH_ECHO
options         NETGRAPH_ETHER
options         NETGRAPH_HOLE
options         NETGRAPH_IFACE
options         NETGRAPH_KSOCKET
options         NETGRAPH_LMI
# MPPC compression requires proprietary files (not included)
options         NETGRAPH_MPPC_COMPRESSION
options         NETGRAPH_MPPC_ENCRYPTION
options         NETGRAPH_PPP
options         NETGRAPH_PPTPGRE
options         NETGRAPH_RFC1490
options         NETGRAPH_SOCKET
options         NETGRAPH_UI
#end

关于MPPC的压缩,在如下网址有说明:
http://www.mavhome.dp.ua/MPPC/

按提示进行如下操作:

fetch http://www.mavhome.dp.ua/MPPC/mppc-1.0.tgz
tar zxvf mppc-1.0.tgz -C /usr/src/sys/net/
# 编辑Makefile文件
ee /usr/src/sys/modules/netgraph/mppc/Makefile

将

NETGRAPH_MPPC_COMPRESSION?=     0

这一行,改为

NETGRAPH_MPPC_COMPRESSION?=     1

然后进行安装:

cd /usr/src/sys/modules/netgraph/mppc
make && make install && make clean

#Stop all ng_mppc consumers and unload previous module with
kldunload ng_mppc

然后再进行内核编译.

编译完毕之后,重启进入系统,编辑rc.conf,增加如下几行:

gateway_enable="YES"
mpd_enable="YES"
#在背景中运行
mpd_flags="-b"

编辑/usr/local/etc/mpd5/下边的配置文件,mpd5会预先生成一些sample文件,配置很简单,大致改下就能用.
mpd.conf

#在这个配置文件里边,vpn客户端获取ip地址段是192.168.0.200~192.168.0.220,vpn的服务器地址是192.168.0.10,客户端获取的dns server和wins server都是192.168.0.10,vpn服务器的公网ip是222.222.222.222
startup:
        # configure mpd users
        set user foo bar admin
        set user foo1 bar1
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open

default:

# Define dynamic IP address pool.
        set ippool add pool1 192.168.0.200 192.168.0.220

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.0.10/32 ippool pool1
        set ipcp dns 192.168.0.10
        set ipcp nbns 192.168.0.10
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 222.222.222.222
# Allow to accept calls
        set link enable incoming

mpd.secret

MyLogin         MyPassword
PeerLogin       PeerPassword

user            "user"
joe            "foobar"        192.168.0.200
bob            "\x34\"foo\n"   192.168.0.200/24
sal            "yipee"         192.168.0.222