Annotation of embedaddon/mpd/conf/mpd.conf.sample, revision 1.1
1.1 ! misho 1: #################################################################
! 2: #
! 3: # MPD configuration file
! 4: #
! 5: # This file defines the configuration for mpd: what the
! 6: # bundles are, what the links are in those bundles, how
! 7: # the interface should be configured, various PPP parameters,
! 8: # etc. It contains commands just as you would type them
! 9: # in at the console. Lines without padding are labels. Lines
! 10: # starting with a "#" are comments.
! 11: #
! 12: # $Id: mpd.conf.sample,v 1.46 2009/04/29 11:04:17 amotin Exp $
! 13: #
! 14: #################################################################
! 15:
! 16: startup:
! 17: # configure mpd users
! 18: set user foo bar admin
! 19: set user foo1 bar1
! 20: # configure the console
! 21: set console self 127.0.0.1 5005
! 22: set console open
! 23: # configure the web server
! 24: set web self 0.0.0.0 5006
! 25: set web open
! 26:
! 27: #
! 28: # Default configuration is "dialup"
! 29:
! 30: default:
! 31: load dialup
! 32:
! 33: dialup:
! 34: #
! 35: # Example of a simple PPP dialup account using modem device.
! 36: # This will connect whenever there is outgoing demand (DoD), and hangup
! 37: # after a 15 minute idle time. It also connects and disconnects
! 38: # when signals SIGUSR1 and SIGUSR2 are received, respectively.
! 39: #
! 40: # Note the "set iface addrs ..." is needed because we're doing
! 41: # dial-on-demand and therefore can't wait for the peer to assign
! 42: # us IP addresses for the interface. These can be completely phoney
! 43: # IP addresses.
! 44: #
! 45: # We also enable the idle-script "Ringback", which means if we're
! 46: # not connected and we detect an incoming call, we don't answer it
! 47: # BUT we do initiate a call to the ISP to get connected. This is
! 48: # nice to connect yourself when you're away from home, etc.
! 49: #
! 50:
! 51: # Create static modem link named L1
! 52: create link static L1 modem
! 53: # Configure modem
! 54: set modem device /dev/cuad0
! 55: set modem var $DialPrefix "DT"
! 56: set modem var $Telephone "1-415-555-1212"
! 57: set modem script DialPeer
! 58: set modem idle-script Ringback
! 59: # We expect to be authenticated by peer using any protocol.
! 60: set link disable chap pap
! 61: set link accept chap pap
! 62: # Configure the account name. Password will be taken from mpd.secret.
! 63: set auth authname MyLogin
! 64: # To make Ringback work we should specify how to handle "incoming"
! 65: # calls originated by it.
! 66: set link action bundle B1
! 67: set link enable incoming
! 68:
! 69: # Create static bundle named B1
! 70: create bundle static B1
! 71: # Enumerate links participating in DoD
! 72: set bundle links L1
! 73: # Configure the interface: dial on demand, default route, idle timeout.
! 74: set iface addrs 1.1.1.1 2.2.2.2
! 75: set iface route default
! 76: set iface enable on-demand
! 77: set iface idle 900
! 78:
! 79: # "Open" interface (but don't actually dial until there's demand)
! 80: open iface
! 81:
! 82: dialin:
! 83: #
! 84: # This setup answers incoming calls from a remote peer,
! 85: # but is not intended for dialing out.
! 86: #
! 87: # The local IP address is 1.1.1.1 and the remote is 2.2.2.2.
! 88: #
! 89:
! 90: create bundle static B1
! 91: set iface idle 900
! 92: set ipcp ranges 1.1.1.1/32 2.2.2.2/32
! 93:
! 94: create link static L1 modem
! 95: # Set bundle to use
! 96: set link action bundle B1
! 97: # Authenticate peer with chap-md5
! 98: set link no pap chap eap
! 99: set link enable chap-md5
! 100: # Configure modem
! 101: set modem device /dev/cuad0
! 102: set modem var $DialPrefix "DT"
! 103: set modem idle-script AnswerCall
! 104: # Permit incoming calls using this link
! 105: set link enable incoming
! 106:
! 107: multi_dialup:
! 108: #
! 109: # Example of a multi-link dialup setup, using links "usr1" and "usr2"
! 110: # Similar to the first example, but uses two links together, and
! 111: # does not do dial-on-demand.
! 112: #
! 113:
! 114: # Create clonable bundle template
! 115: create bundle template B
! 116: set iface route default
! 117: set iface idle 900
! 118:
! 119: # Create links and open them
! 120: create link static L1 modem
! 121: load common
! 122: set modem device /dev/cuad0
! 123: open
! 124:
! 125: create link static L2 modem
! 126: load common
! 127: set modem device /dev/cuad1
! 128: open
! 129:
! 130: common:
! 131: # Enable multilink protocol
! 132: set link enable multilink
! 133: # Set bundle template to use
! 134: set link action bundle B
! 135: # Allow peer to authenticate us
! 136: set link disable chap pap
! 137: set link accept chap pap
! 138: set auth authname MyLogin
! 139: # Set inifinite redial attempts
! 140: set link max-redial 0
! 141: set modem var $DialPrefix "DT"
! 142: set modem var $Telephone "1-415-555-1212"
! 143: set modem script DialPeer
! 144:
! 145: sync:
! 146: #
! 147: # Dedicated synchronous line using netgraph link.
! 148: # The remote router is connected to the 192.168.2.0/24 subnet.
! 149: # No authentication required.
! 150: #
! 151:
! 152: create bundle static B1
! 153: set iface route 192.168.2.0/24
! 154: set ipcp ranges 192.168.1.153/32 192.168.2.1/24
! 155:
! 156: create link static L1 ng
! 157: set link action bundle B1
! 158: set link max-redial 0
! 159: set link no pap chap eap
! 160: set ng node sr0:
! 161: set ng hook rawdata
! 162: open
! 163:
! 164: pptp_server:
! 165: #
! 166: # Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
! 167: #
! 168: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
! 169: # machine running mpd is at 192.168.1.1, and also has an externally visible
! 170: # IP address of 1.2.3.4.
! 171: #
! 172: # We want to allow a client to connect to 1.2.3.4 from out on the Internet
! 173: # via PPTP. We will assign that client the address 192.168.1.50 and proxy-ARP
! 174: # for that address, so the virtual PPP link will be numbered 192.168.1.1 local
! 175: # and 192.168.1.50 remote. From the client machine's perspective, it will
! 176: # appear as if it is actually on the 192.168.1.0/24 network, even though in
! 177: # reality it is somewhere far away out on the Internet.
! 178: #
! 179: # Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
! 180: # If you don't have an NBNS server, leave that line out.
! 181: #
! 182:
! 183: # Define dynamic IP address pool.
! 184: set ippool add pool1 192.168.1.50 192.168.1.99
! 185:
! 186: # Create clonable bundle template named B
! 187: create bundle template B
! 188: set iface enable proxy-arp
! 189: set iface idle 1800
! 190: set iface enable tcpmssfix
! 191: set ipcp yes vjcomp
! 192: # Specify IP address pool for dynamic assigment.
! 193: set ipcp ranges 192.168.1.1/32 ippool pool1
! 194: set ipcp dns 192.168.1.3
! 195: set ipcp nbns 192.168.1.4
! 196: # The five lines below enable Microsoft Point-to-Point encryption
! 197: # (MPPE) using the ng_mppc(8) netgraph node type.
! 198: set bundle enable compression
! 199: set ccp yes mppc
! 200: set mppc yes e40
! 201: set mppc yes e128
! 202: set mppc yes stateless
! 203:
! 204: # Create clonable link template named L
! 205: create link template L pptp
! 206: # Set bundle template to use
! 207: set link action bundle B
! 208: # Multilink adds some overhead, but gives full 1500 MTU.
! 209: set link enable multilink
! 210: set link yes acfcomp protocomp
! 211: set link no pap chap eap
! 212: set link enable chap
! 213: # We can use use RADIUS authentication/accounting by including
! 214: # another config section with label 'radius'.
! 215: # load radius
! 216: set link keep-alive 10 60
! 217: # We reducing link mtu to avoid GRE packet fragmentation.
! 218: set link mtu 1460
! 219: # Configure PPTP
! 220: set pptp self 1.2.3.4
! 221: # Allow to accept calls
! 222: set link enable incoming
! 223:
! 224: pptp_vpn:
! 225: #
! 226: # Mpd using PPTP for LAN to LAN VPN, always connected.
! 227: #
! 228: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
! 229: # remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
! 230: # between these two private networks using a PPTP VPN over the Internet.
! 231: #
! 232: # You run mpd on dual-homed machines on either end. Say the local machine
! 233: # has internal address 192.168.1.1 and externally visible address 1.2.3.4,
! 234: # and the remote machine has internal address 192.168.2.1 and externally
! 235: # visible address 2.3.4.5.
! 236: #
! 237: # Note: mpd does not support the peer's "inside" IP address being the same
! 238: # as its "outside" IP address. In the above example, this means that
! 239: # 192.168.2.1 != 2.3.4.5.
! 240: #
! 241: # The "inside" IP addresses are configured by "set ipcp ranges ..."
! 242: # (in mpd.conf) while the "outside" IP addreses are configured by
! 243: # "set pptp self ..." and "set pptp peer ...".
! 244: #
! 245:
! 246: create bundle static B1
! 247: set ipcp ranges 192.168.1.1/32 192.168.2.1/32
! 248: set iface route 192.168.2.0/24
! 249: # Enable Microsoft Point-to-Point encryption (MPPE)
! 250: set bundle enable compression
! 251: set ccp yes mppc
! 252: set mppc yes e40
! 253: set mppc yes e128
! 254: set bundle enable crypt-reqd
! 255: set mppc yes stateless
! 256:
! 257: create link static L1 pptp
! 258: set link action bundle B1
! 259: # Enable both sides to authenticat each other with CHAP
! 260: set link no pap chap eap
! 261: set link yes chap
! 262: set auth authname "VpnLogin"
! 263: set auth password "VpnPassword"
! 264: set link mtu 1460
! 265: set link keep-alive 10 75
! 266: set link max-redial 0
! 267: # Configure PPTP and open link
! 268: set pptp self 1.2.3.4
! 269: set pptp peer 2.3.4.5
! 270: set link enable incoming
! 271: open
! 272:
! 273: pptp_client:
! 274: #
! 275: # PPTP client: only outgoing calls, auto reconnect,
! 276: # ipcp-negotiated address, one-sided authentication,
! 277: # default route points on ISP's end
! 278: #
! 279:
! 280: create bundle static B1
! 281: set iface route default
! 282: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
! 283:
! 284: create link static L1 pptp
! 285: set link action bundle B1
! 286: set auth authname MyLogin
! 287: set auth password MyPass
! 288: set link max-redial 0
! 289: set link mtu 1460
! 290: set link keep-alive 20 75
! 291: set pptp peer 1.2.3.4
! 292: set pptp disable windowing
! 293: open
! 294:
! 295: pppoe_server:
! 296: #
! 297: # Multihomed multilink PPPoE server
! 298: #
! 299:
! 300: # Create clonable bundle template
! 301: create bundle template B
! 302: # Set IP addresses. Peer address will be later replaced by RADIUS.
! 303: set ipcp ranges 192.168.0.1/32 127.0.0.2/32
! 304:
! 305: # Create link template with common info
! 306: create link template common pppoe
! 307: # Enable multilink protocol
! 308: set link enable multilink
! 309: # Set bundle template to use
! 310: set link action bundle B
! 311: # Enable peer authentication
! 312: set link disable chap pap eap
! 313: set link enable pap
! 314: load radius
! 315: set pppoe service "superisp"
! 316:
! 317: # Create templates for ifaces to listen using 'common' template and let them go
! 318: create link template fxp0 common
! 319: set link max-children 1000
! 320: set pppoe iface fxp0
! 321: set link enable incoming
! 322:
! 323: create link template fxp1 common
! 324: set link max-children 500
! 325: set pppoe iface fxp1
! 326: set link enable incoming
! 327:
! 328: pppoe_client:
! 329: #
! 330: # PPPoE client: only outgoing calls, auto reconnect,
! 331: # ipcp-negotiated address, one-sided authentication,
! 332: # default route points on ISP's end
! 333: #
! 334:
! 335: create bundle static B1
! 336: set iface route default
! 337: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
! 338:
! 339: create link static L1 pppoe
! 340: set link action bundle B1
! 341: set auth authname MyLogin
! 342: set auth password MyPass
! 343: set link max-redial 0
! 344: set link mtu 1460
! 345: set link keep-alive 10 60
! 346: set pppoe iface fxp0
! 347: set pppoe service ""
! 348: open
! 349:
! 350: radius:
! 351: # You can use radius.conf(5), its useful, because you can share the
! 352: # same config with userland-ppp and other apps.
! 353: set radius config /etc/radius.conf
! 354: # or specify the server directly here
! 355: set radius server localhost testing123 1812 1813
! 356: set radius retries 3
! 357: set radius timeout 3
! 358: # send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
! 359: set radius me 1.1.1.1
! 360: # send accounting updates every 5 minutes
! 361: set auth acct-update 300
! 362: # enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
! 363: set auth enable radius-auth
! 364: # enable RADIUS accounting
! 365: set auth enable radius-acct
! 366: # protect our requests with the message-authenticator
! 367: set radius enable message-authentic
! 368:
! 369: simple_lac:
! 370: #
! 371: # This is a simple L2TP access concentrator which receives PPPoE calls
! 372: # and forwards them to LNS on 1.2.3.4
! 373: #
! 374:
! 375: create link template L1 pppoe
! 376: set pppoe iface fxp0
! 377: set link action forward L2
! 378: set link enable incoming
! 379:
! 380: create link template L2 l2tp
! 381: set l2tp peer 1.2.3.4
! 382:
! 383: complete_lac:
! 384: #
! 385: # This is more complicated L2TP access concentrator which receives PPPoE calls
! 386: # and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
! 387: # if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
! 388: # all other connections processes itself localy using internal auth and
! 389: # assigning dynamic IP from specified pool.
! 390: #
! 391:
! 392: set ippool add pool1 192.168.1.50 192.168.1.99
! 393:
! 394: create link template L1 pppoe
! 395: set pppoe iface fxp0
! 396: # We must ask authentication to get peer login
! 397: set link no pap chap eap
! 398: set link enable pap
! 399: set link action forward L2 "@corp1\\.net$"
! 400: set link action forward L3 "@corp2\\.net$"
! 401: set link action bundle B1
! 402: set link enable incoming
! 403:
! 404: create link template L2 l2tp
! 405: set l2tp peer 1.2.3.4
! 406: set l2tp secret corp1secret
! 407:
! 408: create link template L3 l2tp
! 409: set l2tp peer 2.3.4.5
! 410: set l2tp secret corp2secret
! 411:
! 412: create bundle template B1
! 413: set ipcp ranges 192.168.1.1/32 ippool pool1
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>