FreeBSD VPN Server
0 likes589 views
The document provides installation instructions for the MPD VPN server on FreeBSD at Institut Manajemen Telkom, detailing necessary configurations and setup for PPTP (Point to Point Tunneling Protocol). It includes step-by-step commands to install and configure MPD, manage user accounts, and monitor VPN connections. Additionally, it discusses dynamic connectivity with MPD5, allowing for automatic configuration of multiple users without individual setups.
FreeBSD VPN Server
- 1. Standar Instalasi FreeBS D @ Institut Manajemen Telkom ( http://www.imtelkom.ac.id) Instalasi VPN Server : MPD MPD (Multi Protocol Daemon) adalah aplikasi untuk VPN server yang bisa mengakomodasi Microsoft Dial Up (PPTP, Point to Point Tunelling Protocol) sehingga user yang menggunakan platform Microsoft Windows bisa membuat VPN Dial Up dan terkoneksi secara virtual dengan suatu LAN intranet. Instalasi MPD dilakukan dengan : # cd /usr/ports/net/mpd # make install clean ……… <tunggu sampai selesai> ……… MPD membutuhkan 3 file konfigurasi yg ada di /usr/local/etc/mpd : # ls -l /usr/local/etc/mpd total 198 -rw------- 1 root wheel 27131 Jun 28 15:30 mpd.conf -rw------- 1 root wheel 29354 Jun 28 15:24 mpd.links -rw------- 1 root wheel 82641 Jun 28 15:24 mpd.secret # cat /usr/local/etc/mpd/mpd.conf default: load pptp2 load pptp3 ………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>……… dialin: new -i ng1 dialin dlink set iface addrs 172.16.3.1 172.16.3.2 set iface idle 900 set ipcp ranges 172.16.3.1/32 172.16.3.2/32 set ipcp dns 202.134.2.5 sesuaikan dengan IP DNS Server yg akan di-assign ke semua client set ipcp yes vjcomp set link enable chap pap set link disable pap set link deny chap pap set link yes acfcomp protocomp set modem idle-script AnswerCall set modem speed 57600 pptp: set iface disable on-demand set bundle disable multilink set link yes acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ipcp yes vjcomp set ipcp dns 202.134.2.5 sesuaikan dengan IP DNS Server yg akan di-assign ke semua client set bundle enable compression set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e56 set ccp yes mpp-e128 set ccp yes mpp-stateless set ecp yes des pptp2: new -i ng2 pptp2 pptp2 load pptp
- 2. Standar Instalasi FreeBS D @ Institut Manajemen Telkom ( http://www.imtelkom.ac.id) set ipcp ranges 172.16.1.1/32 172.16.2.2/16 pptp3: new -i ng3 pptp3 pptp3 load pptp set ipcp ranges 172.16.1.1/32 172.16.2.3/16 ………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>……… vpn: new -i ng1 vpn vpn set iface disable on-demand set iface addrs 192.168.1.1 192.168.2.1 set iface idle 0 set iface route 192.168.2.0/24 set bundle disable multilink set bundle authname "VpnLogin" set bundle password "VpnPassword" set link yes acfcomp protocomp set link no pap set link yes chap set link keep-alive 10 75 set ipcp yes vjcomp set ipcp ranges 192.168.1.1/32 192.168.2.1/32 open PPPoE: new -i ng0 PPPoE PPPoE set iface addrs 1.1.1.1 2.2.2.2 set iface route default set iface disable on-demand set iface idle 0 set bundle disable multilink set bundle authname MyLogin set link no acfcomp protocomp set link disable pap chap set link accept chap set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 open iface # cat /usr/local/etc/mpd/mpd.links dlink: set link type modem set modem device /dev/cuaa1 pptp: set link type pptp set pptp mode passive set pptp self 10.1.1.2 set pptp enable incoming set pptp disable originate set pptp disable windowing pptp2: set link type pptp set pptp self 10.1.1.2 set pptp enable incoming set pptp disable windowing pptp3: set link type pptp set pptp self 10.1.1.2 set pptp enable incoming
- 3. Standar Instalasi FreeBS D @ Institut Manajemen Telkom ( http://www.imtelkom.ac.id) set pptp disable originate set pptp disable windowing ………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>……… # cat /usr/local/etc/mpd/mpd.secret user1 pass1 172.16.1.2 user2 pass2 172.16.1.3 user3 pass3 172.16.1.4 user4 pass4 172.16.1.5 ………<dst>……… Untuk melihat siapa saja yg sedang login ke VPN server, bisa dilakukan dengan : # ifconfig | grep 172.16 | grep –n 172.16 Setting yg digunakan jika MPD akan digunakan sbg dialer (client) : # cat /usr/local/etc/mpd/mpd.conf sisfo: new -i ng0 sis sis set iface disable on-demand set iface idle 0 set auth authname "root" set auth password "sengajadisalahin" set link no pap set link mtu 1460 open vpn: new -i ng1 vpn vpn set iface disable on-demand set iface idle 0 set bundle disable multilink set auth authname "sisfo" set auth password "passwordsisfo" set link yes acfcomp protocomp set link no pap set link yes chap set link disable pap chap chap-msv1 chap-msv2 chap-md5 set link mtu 1460 set link keep-alive 10 75 set ipcp yes vjcomp set ccp yes mppc set ccp yes mpp-e40 set ccp yes mpp-e128 set bundle enable crypt-reqd set ccp yes mpp-stateless open # cat /usr/local/etc/mpd/mpd.links vpn: set link type pptp set link mtu 1200 set link mru 1200 set pptp peer 10.1.1.2 set pptp enable originate sis: set link type pptp set link mtu 1400 set link mru 1400 set pptp peer 10.1.1.2 set pptp enable originate
- 4. Standar Instalasi FreeBS D @ Institut Manajemen Telkom ( http://www.imtelkom.ac.id) MPD5 menyediakan koneksi secara dinamis, dimana kita tidak perlu membuat konfigurasi untuk setiap koneksi (pada MPD3, jika kita ingin mengakomodasi 250 user yang bisa konek, maka kita harus membuat 250 konfigurasi pptp). Untuk menggunakan MPD5 : # cd /usr/ports/net/mpd5 # make install clean ……… <tunggu sampai selesai> ……… $ cat /usr/local/etc/mpd5/mpd.conf startup: set user root password admin set console self 127.0.0.1 5005 set console open default: load pptp_server pptp_server: set ippool add pool1 10.1.1.51 10.1.1.60 menyediakan 10 PPTP create bundle template B set iface enable proxy-arp set iface idle 1800 set iface enable tcpmssfix set ipcp yes vjcomp set ipcp ranges 10.1.1.1/32 ippool pool1 set ipcp dns 10.1.1.12 set bundle enable compression set ccp yes mppc set mppc yes e40 set mppc yes e128 set mppc yes stateless create link template L pptp set link action bundle B set link enable multilink set link yes acfcomp protocomp set link no pap chap eap set link enable chap set link keep-alive 10 60 set link mtu 1460 set pptp self 10.1.1.2 set link enable incoming $ cat /usr/local/etc/mpd5/mpd.secret user1 "pass1" 10.1.10.10