# Configure pptp vpn service



## blind0ne (Oct 28, 2021)

Hello, I would like to setup VPN server on my machine to connect on from Windows. I've installed mpd from ports, and here is my config. in rc.conf:

```
mpd_enable=YES
mpd_flags="-b"
gateway_enable="YES"
```
And in:

```
/u/l/e/mpd5# diff mpd.conf.sample mpd.conf
31c31
<       load dialup
---
>       load pptp_server
184c184
<       set ippool add pool1 192.168.1.50 192.168.1.99
---
>       set ippool add pool1 172.17.0.2 172.17.0.50
193,195c193,194
<       set ipcp ranges 192.168.1.1/32 ippool pool1
<       set ipcp dns 192.168.1.3
<       set ipcp nbns 192.168.1.4
---
>       set ipcp ranges 172.17.0.1/32 ippool pool1
>       set ipcp dns 172.17.0.1
220c219
<         set pptp self 1.2.3.4
---
>         set pptp self 9*.2*.2*.9*
```
But I still can't connect and don't now where to look for logs or enable them. Thanks


----------



## SirDice (Oct 28, 2021)

blind0ne said:


> I would like to setup VPN server on my machine to connect on from Windows


Does it specifically have to be PPTP? Why don't you simply use OpenVPN? There's a good client for Windows for it.


----------



## blind0ne (Oct 28, 2021)

SirDice said:


> Does it specifically have to be PPTP? Why don't you simply use OpenVPN? There's a good client for Windows for it.


I dont care whitch one to use, just used pptp before. Where I could find info about configuring this openVPN server of freebsd and clients both on win and android?


----------



## hardworkingnewbie (Oct 28, 2021)

Microsoft PPTPv1 is broken according to Bruce Schneier. Depends of course on your version of Windows, too. PPTPv2 is more robust, but still questionable according to Schneier.






						Schneier on Security: Frequently Asked Questions about Microsoft's PPTP Implementation
					






					www.schneier.com
				




But in short, as soon as somewhere Windows is involed there: don't use it. Use OpenVPN, IPSec or Wireguard instead.


----------



## SirDice (Oct 28, 2021)

blind0ne said:


> Where I could find info about configuring this openVPN server of freebsd and clients both on win and android?


There are plenty of example configurations on the OpenVPN website. You'll find the Windows client there too (https://openvpn.net/community-downloads/, don't download their "OpenVPN Connect", just use the community version). Don't know if there's a client for Android though. Never had to use one.


----------



## obsigna (Oct 28, 2021)

Setting up PPTP-VPN using mpd5


----------



## blind0ne (Oct 29, 2021)

SirDice said:


> There are plenty of example configurations on the OpenVPN website. You'll find the Windows client there too (https://openvpn.net/community-downloads/, don't download their "OpenVPN Connect", just use the community version). Don't know if there's a client for Android though. Never had to use one.


i've Installed some kind of open vpn server and it's even works as a service, but Can't figure out how to make a config file for windows client. That why I want something simpler, I dont want to use separete clients on Win and android - just to have simple login/passw. OpenVPN seems to be to complicated and huge in confuguration. I want to just start service and pass login/pass for it. For this moment I just don't understand how to force it to work


----------



## covacat (Oct 29, 2021)

install easy-rsa port/package on freebsd
it is a collection of shell scripts that simplifies a lot the management of certificates


----------



## blind0ne (Oct 29, 2021)

finally I've find out how to enable loging for mpd5, and after connection to log errors are as such: 

 mpd[13038]: caught fatal signal TERM
mpd[13038]: bind: Can't assign requested address
[13038]: [B_pptp] Bundle: Shutdown
13038]: [L_pptp] Link: Shutdown
[13038]: PPTP: stop waiting for connection on 192.168.0.1 1723
[13038]: process 13038 terminated
[13109]: Multi-link PPP daemon for FreeBSD
[13109]:
[13109]: process 13109 started, version 5.9
13109]: CONSOLE: listening on 127.0.0.1 5005
13109]: web: listening on 0.0.0.0 5006
[13109]: bind: Can't assign requested address
[13109]: PPTP: waiting for connection on 192.168.0.1 1723
[13109]: bind: Can't assign requested address

Please teach me how to handle this link inside


----------



## hardworkingnewbie (Oct 29, 2021)

blind0ne said:


> i've Installed some kind of open vpn server and it's even works as a service, but Can't figure out how to make a config file for windows client. That why I want something simpler, I dont want to use separete clients on Win and android - just to have simple login/passw. OpenVPN seems to be to complicated and huge in confuguration. I want to just start service and pass login/pass for it. For this moment I just don't understand how to force it to work


Maybe you should get yourself something like OPNSense, which will generate all the client configuration files for you? 

Aside that when you don't want to install dedicated VPN clients on your client devices you'll be stuck with what the underlying OS supports. Which probably will be PPTP and IPSec, mostly.


----------



## covacat (Oct 29, 2021)

post the whole config file
do you have a local ip 192.168.0.1 ? set pptp self
l2tp + ipsec is the only one supported on windows/ios/macos/android without third party clients

ios/macos have no pptp, android has no ikev2 (or at least used to miss it, never checked newer versions)


----------



## blind0ne (Oct 29, 2021)

covacat said:


> post the whole config file
> do you have a local ip 192.168.0.1 ? set pptp self
> l2tp + ipsec is the only one supported on windows/ios/macos/android without third party clients
> 
> ios/macos have no pptp, android has no ikev2 (or at least used to miss it, never checked newer versions)


changed config litle bit, new log output for it: 
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1] LCP: SendConfigReq #10
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   ACFCOMP
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   PROTOCOMP
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   MRU 1500
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   MAGICNUM 0x006d71d7
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   AUTHPROTO CHAP MSOFTv2
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   MP MRRU 2048
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   MP SHORTSEQ
Oct 29 12:44:51 OffGateway mpd[13293]: [L_pptp-1]   ENDPOINTDISC [IP Address] 5b c8 ea 5c
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: parameter negotiation failed
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: state change Req-Sent --> Stopped
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: LayerFinish
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] PPTP call terminated
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] Link: DOWN event
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: Close event
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: state change Stopped --> Closed
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: Down event
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] LCP: state change Closed --> Initial
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] Link: SHUTDOWN event
Oct 29 12:44:53 OffGateway mpd[13293]: [L_pptp-1] Link: Shutdown

and config itself:

startup:
        set user igor bar admin
        set console self 127.0.0.1 5005
        set console open
        set web self 0.0.0.0 5006
        set web open

default:
        load pptp_server

pptp_server:
        set ippool add pool_pptp 172.16.0.1 172.16.0.2
        create bundle template B_pptp
        set iface enable proxy-arp
        set iface enable tcpmssfix
        set ipcp yes vjcomp
        set ipcp ranges 172.16.0.1/32 ippool pool_pptp
        set ipcp dns 8.8.8.8
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless

        create link template L_pptp pptp
        set link action bundle B_pptp
        set link enable multilink
        set link no pap chap eap
        set link enable chap
        set link keep-alive 0 0
        set link mtu 1448
        set pptp self 91.200.2xx.xx
        set pptp enable always-ack
        set link enable incoming


----------



## covacat (Oct 29, 2021)

is any of your server/client behind nat ?
pptp is not nat safe and requires some nat tricks


----------

