mpd5 VPN + routing help

A

Andy22

Hi,

I try to switch from my CentOS pptpd VPN solution to a FreeBSD mpd5. What I need is a simple VPN server I can connect to with windows clients, in a way that all traffic is routed using the VPN server.

I used this guide for centos which worked out of the box. http://www.vps-tutorial.info/2011/01/10/pptp-vpn-setup-xen-centos5/

Now I found this for FreeBSD: http://blog.up-link.ro/freebsd-how-to-install-and-configure-a-pptp-server-with-mpd5-on-freebsd-8-2/

I'm using the latest FreeBSD 9 and the guide worked so far and I can connect, but the traffic seems not to be routed automatically.

I guess I miss this part
Code: 
iptables -t nat -A POSTROUTING -s 192.168.216.0/24 -o eth0 -j MASQUERADE
Does someone know a tutorial on the missing forwarding/routing part?

Thanks, Andy
 
Ah okay, so I just execute this via shell or put this in a config file somewhere? Sorry, but kind of new to FreeBSD and on linux you have to save those settings so they don't get lost on a reboot?

--

Ah okay, just noticed this goes into the pf.conf and I need to enable the PF service also via rc.conf.

Will try this, thanks.

--

I added this to my rc.conf
Code: 
#enable ipforewarding
gateway_enable="YES"
# Enable mpd5 daemon
mpd_enable="YES"
mpd_flags="-b -s mpd5"
#enable packet filter service
pf_enable="YES"
pf_rules="/etc/pf.conf"

and this is how my /etc/pf.conf looks.
Code: 
ext_if="re0"
vpn_net = "{10.0.0.0/24}"
#int_if="int0"

nat on $ext_if inet from $vpn_net to any -> $ext_if

I still get a
Code: 
/etc/pf.conf:12: syntax error
pfctl: Syntax error in config file: pf rules not loaded
?

Any idea?

--

Oki Okay, found the syntax error, was a missing CR at the end of the line. Still the traffic is not routed correctly, I can connect, but can't get/open any site on the windows client?

--

Seems to work now after adding
Code: 
set iface route default
to the mpd.conf file. The speed is not impressive and compares to my pptpd centos setup, guess I have to test openvpn also, but thanks anyway.

[ Merged posts; this is not a diary. -- Mod. ]
 
You must log in or register to reply here.
Back
Top