freebsd vpn server
DESCRIPTION
a tutorial guide explaining how to install FreeBSD as a VPN server, an experience at IMTelkom (http://www.imtelkom.ac.id)TRANSCRIPT
Standar Instalasi FreeBSD @ Institut Manajemen Telkom (http://www.imtelkom.ac.id)
Instalasi VPN Server : MPD
MPD (Multi Protocol Daemon) adalah aplikasi untuk VPN server yang bisa mengakomodasi Microsoft Dial Up (PPTP, Point to Point Tunelling Protocol)
sehingga user yang menggunakan platform Microsoft Windows bisa membuat VPN Dial Up dan terkoneksi secara virtual dengan suatu LAN intranet. Instalasi MPD dilakukan dengan : # cd /usr/ports/net/mpd
# make install clean
……… <tunggu sampai selesai> ………
MPD membutuhkan 3 file konfigurasi yg ada di /usr/local/etc/mpd : # ls -l /usr/local/etc/mpd
total 198
-rw------- 1 root wheel 27131 Jun 28 15:30 mpd.conf
-rw------- 1 root wheel 29354 Jun 28 15:24 mpd.links
-rw------- 1 root wheel 82641 Jun 28 15:24 mpd.secret
# cat /usr/local/etc/mpd/mpd.conf
default:
load pptp2
load pptp3
………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>………
dialin:
new -i ng1 dialin dlink
set iface addrs 172.16.3.1 172.16.3.2
set iface idle 900
set ipcp ranges 172.16.3.1/32 172.16.3.2/32
set ipcp dns 202.134.2.5 sesuaikan dengan IP DNS Server
yg akan di-assign ke semua client
set ipcp yes vjcomp
set link enable chap pap
set link disable pap
set link deny chap pap
set link yes acfcomp protocomp
set modem idle-script AnswerCall
set modem speed 57600
pptp:
set iface disable on-demand
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp dns 202.134.2.5 sesuaikan dengan IP DNS Server
yg akan di-assign ke semua client
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set ecp yes des
pptp2:
new -i ng2 pptp2 pptp2
load pptp
Standar Instalasi FreeBSD @ Institut Manajemen Telkom (http://www.imtelkom.ac.id)
set ipcp ranges 172.16.1.1/32 172.16.2.2/16
pptp3:
new -i ng3 pptp3 pptp3
load pptp
set ipcp ranges 172.16.1.1/32 172.16.2.3/16
………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>………
vpn:
new -i ng1 vpn vpn
set iface disable on-demand
set iface addrs 192.168.1.1 192.168.2.1
set iface idle 0
set iface route 192.168.2.0/24
set bundle disable multilink
set bundle authname "VpnLogin"
set bundle password "VpnPassword"
set link yes acfcomp protocomp
set link no pap
set link yes chap
set link keep-alive 10 75
set ipcp yes vjcomp
set ipcp ranges 192.168.1.1/32 192.168.2.1/32
open
PPPoE:
new -i ng0 PPPoE PPPoE
set iface addrs 1.1.1.1 2.2.2.2
set iface route default
set iface disable on-demand
set iface idle 0
set bundle disable multilink
set bundle authname MyLogin
set link no acfcomp protocomp
set link disable pap chap
set link accept chap
set ipcp yes vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
open iface
# cat /usr/local/etc/mpd/mpd.links
dlink:
set link type modem
set modem device /dev/cuaa1
pptp:
set link type pptp
set pptp mode passive
set pptp self 10.1.1.2
set pptp enable incoming
set pptp disable originate
set pptp disable windowing
pptp2:
set link type pptp
set pptp self 10.1.1.2
set pptp enable incoming
set pptp disable windowing
pptp3:
set link type pptp
set pptp self 10.1.1.2
set pptp enable incoming
Standar Instalasi FreeBSD @ Institut Manajemen Telkom (http://www.imtelkom.ac.id)
set pptp disable originate
set pptp disable windowing
………<sesuaikan dengan jumlah account yg boleh connect dlm satu saat>………
# cat /usr/local/etc/mpd/mpd.secret
user1 pass1 172.16.1.2
user2 pass2 172.16.1.3
user3 pass3 172.16.1.4
user4 pass4 172.16.1.5
………<dst>………
Untuk melihat siapa saja yg sedang login ke VPN server, bisa dilakukan dengan : # ifconfig | grep 172.16 | grep –n 172.16
Setting yg digunakan jika MPD akan digunakan sbg dialer (client) : # cat /usr/local/etc/mpd/mpd.conf
sisfo:
new -i ng0 sis sis
set iface disable on-demand
set iface idle 0
set auth authname "root"
set auth password "sengajadisalahin"
set link no pap
set link mtu 1460
open
vpn:
new -i ng1 vpn vpn
set iface disable on-demand
set iface idle 0
set bundle disable multilink
set auth authname "sisfo"
set auth password "passwordsisfo"
set link yes acfcomp protocomp
set link no pap
set link yes chap
set link disable pap chap chap-msv1 chap-msv2 chap-md5
set link mtu 1460
set link keep-alive 10 75
set ipcp yes vjcomp
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set bundle enable crypt-reqd
set ccp yes mpp-stateless
open
# cat /usr/local/etc/mpd/mpd.links
vpn:
set link type pptp
set link mtu 1200
set link mru 1200
set pptp peer 10.1.1.2
set pptp enable originate
sis:
set link type pptp
set link mtu 1400
set link mru 1400
set pptp peer 10.1.1.2
set pptp enable originate
Standar Instalasi FreeBSD @ Institut Manajemen Telkom (http://www.imtelkom.ac.id)
MPD5 menyediakan koneksi secara dinamis, dimana kita tidak perlu membuat
konfigurasi untuk setiap koneksi (pada MPD3, jika kita ingin mengakomodasi 250 user yang bisa konek, maka kita harus membuat 250 konfigurasi pptp). Untuk menggunakan MPD5 : # cd /usr/ports/net/mpd5
# make install clean
……… <tunggu sampai selesai> ………
$ cat /usr/local/etc/mpd5/mpd.conf
startup:
set user root password admin
set console self 127.0.0.1 5005
set console open
default:
load pptp_server
pptp_server:
set ippool add pool1 10.1.1.51 10.1.1.60 menyediakan 10 PPTP
create bundle template B
set iface enable proxy-arp
set iface idle 1800
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp ranges 10.1.1.1/32 ippool pool1
set ipcp dns 10.1.1.12
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pptp
set link action bundle B
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap eap
set link enable chap
set link keep-alive 10 60
set link mtu 1460
set pptp self 10.1.1.2
set link enable incoming
$ cat /usr/local/etc/mpd5/mpd.secret
user1 "pass1" 10.1.10.10