Annotation of embedaddon/mpd/conf/mpd.conf.sample, revision 1.1.1.1
1.1 misho 1: #################################################################
2: #
3: # MPD configuration file
4: #
5: # This file defines the configuration for mpd: what the
6: # bundles are, what the links are in those bundles, how
7: # the interface should be configured, various PPP parameters,
8: # etc. It contains commands just as you would type them
9: # in at the console. Lines without padding are labels. Lines
10: # starting with a "#" are comments.
11: #
12: # $Id: mpd.conf.sample,v 1.46 2009/04/29 11:04:17 amotin Exp $
13: #
14: #################################################################
15:
16: startup:
17: # configure mpd users
18: set user foo bar admin
19: set user foo1 bar1
20: # configure the console
21: set console self 127.0.0.1 5005
22: set console open
23: # configure the web server
24: set web self 0.0.0.0 5006
25: set web open
26:
27: #
28: # Default configuration is "dialup"
29:
30: default:
31: load dialup
32:
33: dialup:
34: #
35: # Example of a simple PPP dialup account using modem device.
36: # This will connect whenever there is outgoing demand (DoD), and hangup
37: # after a 15 minute idle time. It also connects and disconnects
38: # when signals SIGUSR1 and SIGUSR2 are received, respectively.
39: #
40: # Note the "set iface addrs ..." is needed because we're doing
41: # dial-on-demand and therefore can't wait for the peer to assign
42: # us IP addresses for the interface. These can be completely phoney
43: # IP addresses.
44: #
45: # We also enable the idle-script "Ringback", which means if we're
46: # not connected and we detect an incoming call, we don't answer it
47: # BUT we do initiate a call to the ISP to get connected. This is
48: # nice to connect yourself when you're away from home, etc.
49: #
50:
51: # Create static modem link named L1
52: create link static L1 modem
53: # Configure modem
54: set modem device /dev/cuad0
55: set modem var $DialPrefix "DT"
56: set modem var $Telephone "1-415-555-1212"
57: set modem script DialPeer
58: set modem idle-script Ringback
59: # We expect to be authenticated by peer using any protocol.
60: set link disable chap pap
61: set link accept chap pap
62: # Configure the account name. Password will be taken from mpd.secret.
63: set auth authname MyLogin
64: # To make Ringback work we should specify how to handle "incoming"
65: # calls originated by it.
66: set link action bundle B1
67: set link enable incoming
68:
69: # Create static bundle named B1
70: create bundle static B1
71: # Enumerate links participating in DoD
72: set bundle links L1
73: # Configure the interface: dial on demand, default route, idle timeout.
74: set iface addrs 1.1.1.1 2.2.2.2
75: set iface route default
76: set iface enable on-demand
77: set iface idle 900
78:
79: # "Open" interface (but don't actually dial until there's demand)
80: open iface
81:
82: dialin:
83: #
84: # This setup answers incoming calls from a remote peer,
85: # but is not intended for dialing out.
86: #
87: # The local IP address is 1.1.1.1 and the remote is 2.2.2.2.
88: #
89:
90: create bundle static B1
91: set iface idle 900
92: set ipcp ranges 1.1.1.1/32 2.2.2.2/32
93:
94: create link static L1 modem
95: # Set bundle to use
96: set link action bundle B1
97: # Authenticate peer with chap-md5
98: set link no pap chap eap
99: set link enable chap-md5
100: # Configure modem
101: set modem device /dev/cuad0
102: set modem var $DialPrefix "DT"
103: set modem idle-script AnswerCall
104: # Permit incoming calls using this link
105: set link enable incoming
106:
107: multi_dialup:
108: #
109: # Example of a multi-link dialup setup, using links "usr1" and "usr2"
110: # Similar to the first example, but uses two links together, and
111: # does not do dial-on-demand.
112: #
113:
114: # Create clonable bundle template
115: create bundle template B
116: set iface route default
117: set iface idle 900
118:
119: # Create links and open them
120: create link static L1 modem
121: load common
122: set modem device /dev/cuad0
123: open
124:
125: create link static L2 modem
126: load common
127: set modem device /dev/cuad1
128: open
129:
130: common:
131: # Enable multilink protocol
132: set link enable multilink
133: # Set bundle template to use
134: set link action bundle B
135: # Allow peer to authenticate us
136: set link disable chap pap
137: set link accept chap pap
138: set auth authname MyLogin
139: # Set inifinite redial attempts
140: set link max-redial 0
141: set modem var $DialPrefix "DT"
142: set modem var $Telephone "1-415-555-1212"
143: set modem script DialPeer
144:
145: sync:
146: #
147: # Dedicated synchronous line using netgraph link.
148: # The remote router is connected to the 192.168.2.0/24 subnet.
149: # No authentication required.
150: #
151:
152: create bundle static B1
153: set iface route 192.168.2.0/24
154: set ipcp ranges 192.168.1.153/32 192.168.2.1/24
155:
156: create link static L1 ng
157: set link action bundle B1
158: set link max-redial 0
159: set link no pap chap eap
160: set ng node sr0:
161: set ng hook rawdata
162: open
163:
164: pptp_server:
165: #
166: # Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
167: #
168: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
169: # machine running mpd is at 192.168.1.1, and also has an externally visible
170: # IP address of 1.2.3.4.
171: #
172: # We want to allow a client to connect to 1.2.3.4 from out on the Internet
173: # via PPTP. We will assign that client the address 192.168.1.50 and proxy-ARP
174: # for that address, so the virtual PPP link will be numbered 192.168.1.1 local
175: # and 192.168.1.50 remote. From the client machine's perspective, it will
176: # appear as if it is actually on the 192.168.1.0/24 network, even though in
177: # reality it is somewhere far away out on the Internet.
178: #
179: # Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
180: # If you don't have an NBNS server, leave that line out.
181: #
182:
183: # Define dynamic IP address pool.
184: set ippool add pool1 192.168.1.50 192.168.1.99
185:
186: # Create clonable bundle template named B
187: create bundle template B
188: set iface enable proxy-arp
189: set iface idle 1800
190: set iface enable tcpmssfix
191: set ipcp yes vjcomp
192: # Specify IP address pool for dynamic assigment.
193: set ipcp ranges 192.168.1.1/32 ippool pool1
194: set ipcp dns 192.168.1.3
195: set ipcp nbns 192.168.1.4
196: # The five lines below enable Microsoft Point-to-Point encryption
197: # (MPPE) using the ng_mppc(8) netgraph node type.
198: set bundle enable compression
199: set ccp yes mppc
200: set mppc yes e40
201: set mppc yes e128
202: set mppc yes stateless
203:
204: # Create clonable link template named L
205: create link template L pptp
206: # Set bundle template to use
207: set link action bundle B
208: # Multilink adds some overhead, but gives full 1500 MTU.
209: set link enable multilink
210: set link yes acfcomp protocomp
211: set link no pap chap eap
212: set link enable chap
213: # We can use use RADIUS authentication/accounting by including
214: # another config section with label 'radius'.
215: # load radius
216: set link keep-alive 10 60
217: # We reducing link mtu to avoid GRE packet fragmentation.
218: set link mtu 1460
219: # Configure PPTP
220: set pptp self 1.2.3.4
221: # Allow to accept calls
222: set link enable incoming
223:
224: pptp_vpn:
225: #
226: # Mpd using PPTP for LAN to LAN VPN, always connected.
227: #
228: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
229: # remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
230: # between these two private networks using a PPTP VPN over the Internet.
231: #
232: # You run mpd on dual-homed machines on either end. Say the local machine
233: # has internal address 192.168.1.1 and externally visible address 1.2.3.4,
234: # and the remote machine has internal address 192.168.2.1 and externally
235: # visible address 2.3.4.5.
236: #
237: # Note: mpd does not support the peer's "inside" IP address being the same
238: # as its "outside" IP address. In the above example, this means that
239: # 192.168.2.1 != 2.3.4.5.
240: #
241: # The "inside" IP addresses are configured by "set ipcp ranges ..."
242: # (in mpd.conf) while the "outside" IP addreses are configured by
243: # "set pptp self ..." and "set pptp peer ...".
244: #
245:
246: create bundle static B1
247: set ipcp ranges 192.168.1.1/32 192.168.2.1/32
248: set iface route 192.168.2.0/24
249: # Enable Microsoft Point-to-Point encryption (MPPE)
250: set bundle enable compression
251: set ccp yes mppc
252: set mppc yes e40
253: set mppc yes e128
254: set bundle enable crypt-reqd
255: set mppc yes stateless
256:
257: create link static L1 pptp
258: set link action bundle B1
259: # Enable both sides to authenticat each other with CHAP
260: set link no pap chap eap
261: set link yes chap
262: set auth authname "VpnLogin"
263: set auth password "VpnPassword"
264: set link mtu 1460
265: set link keep-alive 10 75
266: set link max-redial 0
267: # Configure PPTP and open link
268: set pptp self 1.2.3.4
269: set pptp peer 2.3.4.5
270: set link enable incoming
271: open
272:
273: pptp_client:
274: #
275: # PPTP client: only outgoing calls, auto reconnect,
276: # ipcp-negotiated address, one-sided authentication,
277: # default route points on ISP's end
278: #
279:
280: create bundle static B1
281: set iface route default
282: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
283:
284: create link static L1 pptp
285: set link action bundle B1
286: set auth authname MyLogin
287: set auth password MyPass
288: set link max-redial 0
289: set link mtu 1460
290: set link keep-alive 20 75
291: set pptp peer 1.2.3.4
292: set pptp disable windowing
293: open
294:
295: pppoe_server:
296: #
297: # Multihomed multilink PPPoE server
298: #
299:
300: # Create clonable bundle template
301: create bundle template B
302: # Set IP addresses. Peer address will be later replaced by RADIUS.
303: set ipcp ranges 192.168.0.1/32 127.0.0.2/32
304:
305: # Create link template with common info
306: create link template common pppoe
307: # Enable multilink protocol
308: set link enable multilink
309: # Set bundle template to use
310: set link action bundle B
311: # Enable peer authentication
312: set link disable chap pap eap
313: set link enable pap
314: load radius
315: set pppoe service "superisp"
316:
317: # Create templates for ifaces to listen using 'common' template and let them go
318: create link template fxp0 common
319: set link max-children 1000
320: set pppoe iface fxp0
321: set link enable incoming
322:
323: create link template fxp1 common
324: set link max-children 500
325: set pppoe iface fxp1
326: set link enable incoming
327:
328: pppoe_client:
329: #
330: # PPPoE client: only outgoing calls, auto reconnect,
331: # ipcp-negotiated address, one-sided authentication,
332: # default route points on ISP's end
333: #
334:
335: create bundle static B1
336: set iface route default
337: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
338:
339: create link static L1 pppoe
340: set link action bundle B1
341: set auth authname MyLogin
342: set auth password MyPass
343: set link max-redial 0
344: set link mtu 1460
345: set link keep-alive 10 60
346: set pppoe iface fxp0
347: set pppoe service ""
348: open
349:
350: radius:
351: # You can use radius.conf(5), its useful, because you can share the
352: # same config with userland-ppp and other apps.
353: set radius config /etc/radius.conf
354: # or specify the server directly here
355: set radius server localhost testing123 1812 1813
356: set radius retries 3
357: set radius timeout 3
358: # send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
359: set radius me 1.1.1.1
360: # send accounting updates every 5 minutes
361: set auth acct-update 300
362: # enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
363: set auth enable radius-auth
364: # enable RADIUS accounting
365: set auth enable radius-acct
366: # protect our requests with the message-authenticator
367: set radius enable message-authentic
368:
369: simple_lac:
370: #
371: # This is a simple L2TP access concentrator which receives PPPoE calls
372: # and forwards them to LNS on 1.2.3.4
373: #
374:
375: create link template L1 pppoe
376: set pppoe iface fxp0
377: set link action forward L2
378: set link enable incoming
379:
380: create link template L2 l2tp
381: set l2tp peer 1.2.3.4
382:
383: complete_lac:
384: #
385: # This is more complicated L2TP access concentrator which receives PPPoE calls
386: # and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
387: # if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
388: # all other connections processes itself localy using internal auth and
389: # assigning dynamic IP from specified pool.
390: #
391:
392: set ippool add pool1 192.168.1.50 192.168.1.99
393:
394: create link template L1 pppoe
395: set pppoe iface fxp0
396: # We must ask authentication to get peer login
397: set link no pap chap eap
398: set link enable pap
399: set link action forward L2 "@corp1\\.net$"
400: set link action forward L3 "@corp2\\.net$"
401: set link action bundle B1
402: set link enable incoming
403:
404: create link template L2 l2tp
405: set l2tp peer 1.2.3.4
406: set l2tp secret corp1secret
407:
408: create link template L3 l2tp
409: set l2tp peer 2.3.4.5
410: set l2tp secret corp2secret
411:
412: create bundle template B1
413: set ipcp ranges 192.168.1.1/32 ippool pool1
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>