1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
$Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $
How to test npppd and pipex
---------------------------
client ------ server
A.B.C.D
on server
1. update your source tree
2. enable PIPEX on your kernel and reboot with the kernel
Add bellow line to your kernel configuration file
option PIPEX # Pppac IP EXtension, for npppd
3. build and update kernel
4. build npppd
% cd /usr/src/usr.sbin/npppd
% make
% sudo make install
5. install npppd.conf and npppd-users.csv to /etc/npppd/
sample npppd.conf and npppd-user.csv attached below on this file.
% sudo mkdir 0755 /etc/npppd
% sudo cp npppd.conf /etc/npppd/
% sudo cp npppd-users.csv /etc/npppd/
6. create user '_npppd'
% sudo groupadd _npppd
% sudo useradd -d /var/empty -s /sbin/nologin -g _npppd _npppd
6. set net.inet.gre.allow=1
% sudo sysctl net.inet.gre.allow=1
7. run npppd
% sudo /usr/sbin/npppd -d
on client
1. install 'pptp' from ports.
2. edit /etc/ppp/ppp.conf
-------------------------------
test_pptp:
set device "!/usr/local/sbin/pptp --nolaunchpppd A.B.C.D"
set authname test
set authkey hogehoge
set mppe 128 stateless
disable protocomp
deny protocomp
disable ipv6cp
-------------------------------
modify "A.B.C.D" to actual IP address.
3. dial test_pptp
% sudo ppp -ddial test_pptp
How to test L2TP/IPsec
----------------------
1. run isakmpd
% sudo isakmpd -Kv
2. append below lines to /etc/ipsec.conf
-------------------------------
ike passive esp transport \
proto udp from A.B.C.D to any port 1701 \
main auth "hmac-sha" enc "3des" group modp1024 \
quick auth "hmac-sha" enc "aes" \
psk "secret"
-------------------------------
- change A.B.C.D to actual IP address
- change "secret" to actual shared secret
3. exec ipsecctl to notice isakmpd
% sudo ipsecctl -f /etc/ipsec.conf
4. connect from iPhone, MacOS or Windows
[npppd.conf]
-------------------------------------------------------------------------------
#
# Simplest npppd.conf sample
#
# $Id: HOWTO_PIPEX_NPPPD.txt,v 1.3 2010/09/26 06:54:44 yasuoka Exp $
interface_list: tun0
interface.tun0.ip4addr: 10.0.0.1
# IP address pool
pool.dyna_pool: 10.0.0.0/25
pool.pool: 10.0.0.128/25
# Authentication
auth.local.realm_list: local
auth.local.realm.acctlist: /etc/npppd/npppd-users.csv
realm.local.concentrate: tun0
lcp.mru: 1400
auth.method: mschapv2 chap
#auth.method: mschapv2 chap pap
#ipcp.dns_primary: 192.168.4.20
#ipcp.dns_secondary: 192.168.6.20
#ipcp.nbns_primary: 192.168.4.20
#ipcp.nbns_secondary: 192.168.6.20
#ipcp.assign_fixed: true
#ipcp.assign_userselect: true
pptpd.enabled: true
pptpd.ip4_allow: 0.0.0.0/0
#pptpd.listener_in: PPTP 192.168.0.1
# L2TP daemon
l2tpd.enabled: true
l2tpd.ip4_allow: 0.0.0.0/0
#l2tpd.listener_in: L2TP 192.168.0.1
#l2tpd.purge_ipsec_sa: true
l2tpd.require_ipsec: false
# PPPoE daemon
#pppoed.enabled: true
#pppoed.interface: PPPoE vic0
-------------------------------------------------------------------------------
[npppd-users.csv]
- First line of the CSV is *IGNORED*. It is treated as a title line.
-------------------------------------------------------------------------------
Username,Password,Framed-IP-Address,Framed-IP-Netmask,Description,Calling-Id
user1,user1's secret,10.0.0.129,,memo for user1
-------------------------------------------------------------------------------
|
