Configure PPTP Server With PopTop on FreeBSD

For some reason,  I need to set up a PPTP server on FreeBSD 7.2. I noticed two options to acheive this goal. One is PopTop. The other is MPD. I choose PopTop just because it is small and widely used. Sure, I did notice there are lots of articals and posts complaining about its configuration on FreeBSD. But, I decided to have a try. It took me about 2 days to make it work.

 

Installation is quite simple like any other package.

pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-current/net/poptop-1.3.4_2.tbz

Once the package is successfully installed, there are several additional steps to make it work.

The first step is to create and edit the pptpd configuration file /usr/local/etc/pptpd.conf. You could simply copy  file /usr/local/etc/pptpd.conf.sample to /usr/local/etc/pptpd.conf. Then, edit it. Generally, you only need to specify localip and remoteip used by PPTPD. The most important thing is to comment out the following line. This is the thing that nearly make me mad.

option /etc/ppp/options.pptpd

With this line in the pptpd.conf, I always get the following error even you point it to correct file. In this case, I always get 619 error while making pptp connection to the server. Poptop maybe built with some kind of difference between FreeBSD and Linux.

Aug 20 18:33:27 WebServer ppp[2184]: Warning: Label /etc/ppp/ppp.conf rejected -direct connection: Configuration label not found

The next step is to make change to /etc/ppp/ppp.conf. There are many options here. I will not explain all of them. Just add the following part to the end of this config file.

 

pptp: # Note: leading spaces before each line below is critical. Do not remove.
        set timeout 0 
        #enable proxy
        set mrru
        accept dns
        enable MSChapV2  # Only accept MSChap2 authentication
        enable mppe
        disable pap
        disable chap
        disable mschap
        #set mppe * stateless
        #set dns 192.168.1.254  # Change it to your DNS
        set ifaddr 192.168.1.30 192.168.1.201-192.168.1.220 255.255.255.255 # Change it to your network addresses
        add default HISADDR                     # Add a (sticky) default route

 

Then,  make a secret file /etc/ppp/ppp.secret containing username and password for PPTP authentication.  Its content may like this:

username1  password

username2  password

The last step, add two lines to /etc/rc.conf.

# needed by PPTP server
gateway_enable="YES"
pptpd_enable="YES"

Now, you have nearly everything done. You can reboot and verify it. In case you already enabled gateway before doing this configuration, you can simply start and stop the pptp server with command lines:

/usr/local/etc/rc.d/pptpd start

/usr/local/etc/rc.d/pptpd stop

 

If it does not work, checking /var/log/message and /var/log/ppp.log may help. If you have anykind of firewall opened, be sure to enable TCP port 1723 and GRE package.