1: #################################################################
2: #
3: # MPD configuration file
4: #
5: # This file defines the configuration for mpd: what the
6: # bundles are, what the links are in those bundles, how
7: # the interface should be configured, various PPP parameters,
8: # etc. It contains commands just as you would type them
9: # in at the console. Lines without padding are labels. Lines
10: # starting with a "#" are comments.
11: #
12: # $Id: mpd.conf.sample,v 1.1.1.6 2021/03/17 00:39:23 misho Exp $
13: #
14: #################################################################
15:
16: startup:
17: # configure mpd users
18: set user foo bar admin
19: set user foo1 bar1
20: # configure the console
21: set console self 127.0.0.1 5005
22: set console open
23: # configure the web server
24: set web self 0.0.0.0 5006
25: set web open
26:
27: #
28: # Default configuration is "dialup"
29:
30: default:
31: load dialup
32:
33: dialup:
34: #
35: # Example of a simple PPP dialup account using modem device.
36: # This will connect whenever there is outgoing demand (DoD), and hangup
37: # after a 15 minute idle time. It also connects and disconnects
38: # when signals SIGUSR1 and SIGUSR2 are received, respectively.
39: #
40: # Note the "set iface addrs ..." is needed because we're doing
41: # dial-on-demand and therefore can't wait for the peer to assign
42: # us IP addresses for the interface. These can be completely phoney
43: # IP addresses.
44: #
45: # We also enable the idle-script "Ringback", which means if we're
46: # not connected and we detect an incoming call, we don't answer it
47: # BUT we do initiate a call to the ISP to get connected. This is
48: # nice to connect yourself when you're away from home, etc.
49: #
50:
51: # Create static modem link named L1
52: create link static L1 modem
53: # Configure modem
54: set modem device /dev/cuau0
55: set modem var $DialPrefix "DT"
56: set modem var $Telephone "1-415-555-1212"
57: set modem script DialPeer
58: set modem idle-script Ringback
59: # We expect to be authenticated by peer using any protocol.
60: set link disable chap pap
61: set link accept chap pap
62: # Configure the account name. Password will be taken from mpd.secret.
63: set auth authname MyLogin
64: # To make Ringback work we should specify how to handle "incoming"
65: # calls originated by it.
66: set link action bundle B1
67: set link enable incoming
68:
69: # Create static bundle named B1
70: create bundle static B1
71: # Enumerate links participating in DoD
72: set bundle links L1
73: # Configure the interface: dial on demand, default route, idle timeout.
74: set iface addrs 1.1.1.1 2.2.2.2
75: set iface route default
76: set iface enable on-demand
77: set iface idle 900
78:
79: # "Open" interface (but don't actually dial until there's demand)
80: open iface
81:
82: dialin:
83: #
84: # This setup answers incoming calls from a remote peer,
85: # but is not intended for dialing out.
86: #
87: # The local IP address is 1.1.1.1 and the remote is 2.2.2.2.
88: #
89:
90: create bundle static B1
91: set iface idle 900
92: set ipcp ranges 1.1.1.1/32 2.2.2.2/32
93:
94: create link static L1 modem
95: # Set bundle to use
96: set link action bundle B1
97: # Authenticate peer with chap-md5
98: set link no pap chap eap
99: set link enable chap-md5
100: # Configure modem
101: set modem device /dev/cuau0
102: set modem var $DialPrefix "DT"
103: set modem idle-script AnswerCall
104: # Permit incoming calls using this link
105: set link enable incoming
106:
107: multi_dialup:
108: #
109: # Example of a multi-link dialup setup, using links "L1" and "L2"
110: # Similar to the first example, but uses two links together, and
111: # does not do dial-on-demand.
112: #
113:
114: # Create clonable bundle template
115: create bundle template B
116: set iface route default
117: set iface idle 900
118:
119: # Create links and open them
120: create link static L1 modem
121: load common
122: set modem device /dev/cuau0
123: open
124:
125: create link static L2 modem
126: load common
127: set modem device /dev/cuau1
128: open
129:
130: common:
131: # Enable multilink protocol
132: set link enable multilink
133: # Set bundle template to use
134: set link action bundle B
135: # Allow peer to authenticate us
136: set link disable chap pap
137: set link accept chap pap
138: set auth authname MyLogin
139: # Set inifinite redial attempts
140: set link max-redial 0
141: set modem var $DialPrefix "DT"
142: set modem var $Telephone "1-415-555-1212"
143: set modem script DialPeer
144:
145: sync:
146: #
147: # Dedicated synchronous line using netgraph link.
148: # The remote router is connected to the 192.168.2.0/24 subnet.
149: # No authentication required.
150: #
151:
152: create bundle static B1
153: set iface route 192.168.2.0/24
154: set ipcp ranges 192.168.1.153/32 192.168.2.1/24
155:
156: create link static L1 ng
157: set link action bundle B1
158: set link max-redial 0
159: set link no pap chap eap
160: set ng node sr0:
161: set ng hook rawdata
162: open
163:
164: pptp_server:
165: #
166: # Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
167: #
168: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
169: # machine running mpd is at 192.168.1.1, and also has an externally visible
170: # IP address of 1.2.3.4.
171: #
172: # We want to allow a client to connect to 1.2.3.4 from out on the Internet
173: # via PPTP. We will assign that client the address 192.168.1.50 and proxy-ARP
174: # for that address, so the virtual PPP link will be numbered 192.168.1.1 local
175: # and 192.168.1.50 remote. From the client machine's perspective, it will
176: # appear as if it is actually on the 192.168.1.0/24 network, even though in
177: # reality it is somewhere far away out on the Internet.
178: #
179: # Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
180: # If you don't have an NBNS server, leave that line out.
181: #
182:
183: # Define dynamic IP address pool.
184: set ippool add pool1 192.168.1.50 192.168.1.99
185:
186: # Create clonable bundle template named B
187: create bundle template B
188: set iface enable proxy-arp
189: set iface idle 1800
190: set iface enable tcpmssfix
191: set ipcp yes vjcomp
192: # Specify IP address pool for dynamic assigment.
193: set ipcp ranges 192.168.1.1/32 ippool pool1
194: set ipcp dns 192.168.1.3
195: set ipcp nbns 192.168.1.4
196: # The five lines below enable Microsoft Point-to-Point encryption
197: # (MPPE) using the ng_mppc(8) netgraph node type.
198: set bundle enable compression
199: set ccp yes mppc
200: set mppc yes e40
201: set mppc yes e128
202: set mppc yes stateless
203:
204: # Create clonable link template named L
205: create link template L pptp
206: # Set bundle template to use
207: set link action bundle B
208: # Multilink adds some overhead, but gives full 1500 MTU.
209: set link enable multilink
210: set link yes acfcomp protocomp
211: set link no pap chap eap
212: set link enable chap
213: # We can use use RADIUS authentication/accounting by including
214: # another config section with label 'radius'.
215: # load radius
216: set link keep-alive 10 60
217: # We reducing link mtu to avoid GRE packet fragmentation.
218: set link mtu 1460
219: # Configure PPTP
220: set pptp self 1.2.3.4
221: # Allow to accept calls
222: set link enable incoming
223:
224: pptp_vpn:
225: #
226: # Mpd using PPTP for LAN to LAN VPN, always connected.
227: #
228: # Suppose you have a private Office LAN numbered 192.168.1.0/24 and another
229: # remote private Office LAN numbered 192.168.2.0/24, and you wanted to route
230: # between these two private networks using a PPTP VPN over the Internet.
231: #
232: # You run mpd on dual-homed machines on either end. Say the local machine
233: # has internal address 192.168.1.1 and externally visible address 1.2.3.4,
234: # and the remote machine has internal address 192.168.2.1 and externally
235: # visible address 2.3.4.5.
236: #
237: # Note: mpd does not support the peer's "inside" IP address being the same
238: # as its "outside" IP address. In the above example, this means that
239: # 192.168.2.1 != 2.3.4.5.
240: #
241: # The "inside" IP addresses are configured by "set ipcp ranges ..."
242: # (in mpd.conf) while the "outside" IP addreses are configured by
243: # "set pptp self ..." and "set pptp peer ...".
244: #
245:
246: create bundle static B1
247: set ipcp ranges 192.168.1.1/32 192.168.2.1/32
248: set iface route 192.168.2.0/24
249: # Enable Microsoft Point-to-Point encryption (MPPE)
250: set bundle enable compression
251: set ccp yes mppc
252: set mppc yes e40
253: set mppc yes e128
254: set bundle enable crypt-reqd
255: set mppc yes stateless
256:
257: create link static L1 pptp
258: set link action bundle B1
259: # Enable both sides to authenticat each other with CHAP
260: set link no pap chap eap
261: set link yes chap
262: set auth authname "VpnLogin"
263: set auth password "VpnPassword"
264: set link mtu 1460
265: set link keep-alive 10 75
266: set link max-redial 0
267: # Configure PPTP and open link
268: set pptp self 1.2.3.4
269: set pptp peer 2.3.4.5
270: set link enable incoming
271: open
272:
273: pptp_client:
274: #
275: # PPTP client: only outgoing calls, auto reconnect,
276: # ipcp-negotiated address, one-sided authentication,
277: # default route points on ISP's end
278: #
279:
280: create bundle static B1
281: set bundle enable compression
282: set ccp yes mppc
283: set mppc no e40
284: set mppc yes e128
285: set mppc yes stateless
286: set iface route default
287: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
288: # Enable network Address Translation (NAT)
289: # and forward tcp port 80 to the internal network machine with IP 192.168.0.1
290: set iface enable nat
291: set nat red-port tcp 0.0.0.0 80 192.168.0.1 80
292:
293: create link static L1 pptp
294: set link action bundle B1
295: set auth authname MyLogin
296: set auth password MyPass
297: set link max-redial 0
298: set link mtu 1460
299: set link keep-alive 20 75
300: set pptp peer 1.2.3.4
301: set pptp disable windowing
302: open
303:
304: pppoe_server:
305: #
306: # Multihomed multilink PPPoE server
307: #
308:
309: # Create clonable bundle template
310: create bundle template B
311: # Set IP addresses. Peer address will be later replaced by RADIUS.
312: set ipcp ranges 192.168.0.1/32 127.0.0.2/32
313:
314: # Create link template with common info
315: create link template common pppoe
316: # Enable multilink protocol
317: set link enable multilink
318: # Set bundle template to use
319: set link action bundle B
320: # Enable peer authentication
321: set link disable chap pap eap
322: set link enable pap
323: load radius
324: set pppoe service "superisp"
325:
326: # Create templates for ifaces to listen using 'common' template and let them go
327: create link template fxp0 common
328: set link max-children 1000
329: set pppoe iface fxp0
330: set link enable incoming
331:
332: create link template fxp1 common
333: set link max-children 500
334: set pppoe iface fxp1
335: set link enable incoming
336:
337: pppoe_client:
338: #
339: # PPPoE client: only outgoing calls, auto reconnect,
340: # ipcp-negotiated address, one-sided authentication,
341: # default route points on ISP's end
342: #
343:
344: create bundle static B1
345: set iface route default
346: set ipcp ranges 0.0.0.0/0 0.0.0.0/0
347:
348: create link static L1 pppoe
349: set link action bundle B1
350: set auth authname MyLogin
351: set auth password MyPass
352: set link max-redial 0
353: set link mtu 1460
354: set link keep-alive 10 60
355: set pppoe iface fxp0
356: set pppoe service ""
357: open
358:
359: radius:
360: # You can use radius.conf(5), its useful, because you can share the
361: # same config with userland-ppp and other apps.
362: set radius config /etc/radius.conf
363: # or specify the server directly here
364: set radius server localhost testing123 1812 1813
365: set radius retries 3
366: set radius timeout 3
367: # send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
368: set radius me 1.1.1.1
369: # send accounting updates every 5 minutes
370: set auth acct-update 300
371: # enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
372: set auth enable radius-auth
373: # enable RADIUS accounting
374: set auth enable radius-acct
375: # protect our requests with the message-authenticator
376: set radius enable message-authentic
377:
378: simple_lac:
379: #
380: # This is a simple L2TP access concentrator which receives PPPoE calls
381: # and forwards them to LNS on 1.2.3.4
382: #
383:
384: create link template L1 pppoe
385: set pppoe iface fxp0
386: set link action forward L2
387: set link enable incoming
388:
389: create link template L2 l2tp
390: set l2tp peer 1.2.3.4
391:
392: complete_lac:
393: #
394: # This is more complicated L2TP access concentrator which receives PPPoE calls
395: # and if peer auth name includes @corp1.net forwards them to LNS on 1.2.3.4,
396: # if peer auth name includes @corp2.net forwards them to LNS on 2.3.4.5
397: # all other connections processes itself localy using internal auth and
398: # assigning dynamic IP from specified pool.
399: #
400:
401: set ippool add pool1 192.168.1.50 192.168.1.99
402:
403: create link template L1 pppoe
404: set pppoe iface fxp0
405: # We must ask authentication to get peer login
406: set link no pap chap eap
407: set link enable pap
408: set link action forward L2 "@corp1\\.net$"
409: set link action forward L3 "@corp2\\.net$"
410: set link action bundle B1
411: set link enable incoming
412:
413: create link template L2 l2tp
414: set l2tp peer 1.2.3.4
415: set l2tp secret corp1secret
416:
417: create link template L3 l2tp
418: set l2tp peer 2.3.4.5
419: set l2tp secret corp2secret
420:
421: create bundle template B1
422: set ipcp ranges 192.168.1.1/32 ippool pool1
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd.conf.sample CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / conf