Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
My FreeBSD Proxy Server Setup (mpd5 & pf)

Replace all caps stuff

/usr/local/etc/mpd/mpd.conf:

default:
    load pptp_server
    
pptp_server:
    
# Define dynamic IP address pool.
    set ippool add pool1 192.168.0.2 192.168.0.99
    
# Create clonable bundle template named B
    create bundle template B
    set iface enable proxy-arp
    set iface route default
    set iface idle 1800
    set iface enable tcpmssfix
    set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
    set ipcp ranges 192.168.0.1/32 ippool pool1
    set ipcp dns DNS_ADDRESS
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless

# Create clonable link template named L
    create link template L pptp
# Set bundle template to use
    set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
    set link enable multilink
    set link yes acfcomp protocomp
    set link no pap chap eap
    set link enable chap
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
      set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
      set link mtu 1460
# Configure PPTP
      set pptp self 0.0.0.0
# Allow to accept calls
      set link enable incoming

/etc/rc.conf

mpd_enable="YES"
mpd_flags="-b -s mpd5"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"

/etc/pf.conf (replace em0 with your network interface)

ext_if="em0"

internal_net="192.168.0.0/16"
external_addr="EXTERNAL_IP_ADDRESS"

nat on $ext_if from $internal_net to any -> $external_addr

pass in all
pass out all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.