1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
$Id: HOWTO_PIPEX_NPPPD.txt,v 1.7 2012/01/06 11:20:36 sebastia Exp $
How to test npppd and pipex
---------------------------
client ------ server
A.B.C.D
on server
1. update your source tree
2. build and update kernel
3. build npppd
% cd /usr/src/usr.sbin/npppd
% make
% sudo make install
4. install npppd.conf and npppd-users.csv to /etc/npppd/
sample npppd.conf and npppd-user.csv attached below on this file.
% sudo mkdir -m 0755 /etc/npppd
% sudo cp npppd.conf /etc/npppd/
% sudo cp npppd-users.csv /etc/npppd/
5. enable PIPEX and GRE by sysctl
% sudo sysctl net.inet.gre.allow=1 (for PPTP)
% sudo sysctl net.pipex.enable=1 (for PIPEX)
6. run npppd
% sudo /usr/sbin/npppd -d
NOTE:
* Previous version required to create `_npppd' user and group, but
now it uses '_ppp' instead. Delete `_npppd' if you created.
% sudo userdel _npppd
% sudo groupdel _npppd
on client
1. install 'pptp' from ports.
2. edit /etc/ppp/ppp.conf
-------------------------------
test_pptp:
set device "!/usr/local/sbin/pptp --nolaunchpppd A.B.C.D"
set authname test
set authkey hogehoge
set mppe 128 stateless
disable protocomp
deny protocomp
disable ipv6cp
-------------------------------
modify "A.B.C.D" to actual IP address.
3. dial test_pptp
% sudo ppp -ddial test_pptp
How to test L2TP/IPsec
----------------------
1. run isakmpd
% sudo isakmpd -Kv
2. append below lines to /etc/ipsec.conf
-------------------------------
ike passive esp transport \
proto udp from A.B.C.D to any port 1701 \
main auth "hmac-sha" enc "3des" group modp1024 \
quick auth "hmac-sha" enc "aes" \
psk "secret"
-------------------------------
- change A.B.C.D to actual IP address
- change "secret" to actual shared secret
3. exec ipsecctl to notice isakmpd
% sudo ipsecctl -f /etc/ipsec.conf
4. connect from iPhone, MacOS or Windows
[npppd.conf]
-------------------------------------------------------------------------------
#
# Simplest npppd.conf sample
#
# $Id: HOWTO_PIPEX_NPPPD.txt,v 1.7 2012/01/06 11:20:36 sebastia Exp $
interface_list: tun0
interface.tun0.ip4addr: 10.0.0.1
# IP address pool
pool.dyna_pool: 10.0.0.0/25
pool.pool: 10.0.0.128/25
# Local file authentication
auth.local.realm_list: local
auth.local.realm.acctlist: /etc/npppd/npppd-users.csv
realm.local.concentrate: tun0
# RADIUS authentication / accounting
#auth.radius.realm_list: radius
#auth.radius.realm.server.address: 127.0.0.1:1812
#auth.radius.realm.server.secret: hogehoge
#auth.radius.realm.acct_server.address: 127.0.0.1:1813
#auth.radius.realm.acct_server.secret: hogehoge
#realm.radius.concentrate: tun0
lcp.mru: 1400
auth.method: mschapv2 chap
#auth.method: mschapv2 chap pap
#ipcp.dns_primary: 192.168.4.20
#ipcp.dns_secondary: 192.168.6.20
#ipcp.nbns_primary: 192.168.4.20
#ipcp.nbns_secondary: 192.168.6.20
#ipcp.assign_fixed: true
#ipcp.assign_userselect: true
pptpd.enabled: true
pptpd.ip4_allow: 0.0.0.0/0
#pptpd.listener_in: PPTP 192.168.0.1
# L2TP daemon
l2tpd.enabled: true
l2tpd.ip4_allow: 0.0.0.0/0
#l2tpd.listener_in: L2TP 192.168.0.1
#l2tpd.purge_ipsec_sa: true
l2tpd.require_ipsec: false
# PPPoE daemon
#pppoed.enabled: true
#pppoed.interface: PPPoE vic0
#pipex.enabled: false
-------------------------------------------------------------------------------
[npppd-users.csv]
- First line of the CSV is *IGNORED*. It is treated as a title line.
-------------------------------------------------------------------------------
Username,Password,Framed-IP-Address,Framed-IP-Netmask,Description,Calling-Id
user1,user1's secret,10.0.0.129,,memo for user1
-------------------------------------------------------------------------------
|
