faded.org

I had previously setup a few FreeBSD systems to act as PPTP servers for places that I had them acting as firewalls using mpd. However, I was constantly running into problems with “No buffer space available” and packets would drop, connections would be sluggish, etc.
I was just doing some system upgrades and decided to look at other options. I found a port called poptop “the pptp server for linux” in the ports distribution, and even a howto online detailing what my configs should look like. So I gave it a shot:

cd /usr/ports/net/poptop

make install

That’s when things basically started breaking. I messed around with it for hours before I was able to get it working. I ran into all kinds of errors such as:

Warning: Local: bind: Address already in use

Warning: set server: Failed 2

ppp: Warning: Local: bind: Address already in use

ppp: Warning: set server: Failed 2

pptpd: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

pptpd: GRE: read(fd=7,buffer=8058760,len=8196) from PTY failed: status = 0 error = No error

pptpd: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)

After trying multiple configurations without success, I finally found what was ultimately keeping it from working. All of tutorials that I ran across gave examples of the /etc/ppp.conf as follows:

set ifaddr 192.168.0.1 192.168.0.100-192.168.0.105 255.255.255.0

Even with the description: “Again, be sure to replace “192.168.0.1″ with your server’s IP address”. This made sense… I had everything changed over, but it just wasn’t working.
Evidently, if you already have that IP address bound to an internal NIC, you can’t use that IP, you have to use another available IP address in the same subnet. For those of you who are interested, here is my final working implementation of poptop-1.3.4_2 on FreeBSD 7.1-RELEASE with a system running 1 public and 1 private NIC:
Added to /etc/rc.conf:
pptpd_enable=”YES”
/usr/local/etc/pptpd.conf:
debug
noipparam
localip 192.168.0.3
remoteip 192.168.0.201-205
pidfile /var/run/pptpd.pid

The localip can’t already be bound to the private side NIC, you have to select another IP in the same subnet in that case.
/etc/ppp/ppp.conf:
pptp:
  set timeout 0
  set log phase chat connect lcp ipcp command
  set dial
  set login
  set ifaddr 192.168.0.3 192.168.0.201-192.168.0.205 255.255.255.0
  set server /tmp/loop “” 0177
  set accmap ffffffff
  enable proxy
  enable proxyall
  enable mschapv2
  accept mschapv2
  enable mppe
  enable lqr
  enable dns
  accept dns
  set dns 192.168.0.1
  allow mode direct
Note: the spaces in front of the config lines matter for every line after the “pptp:”
/etc/ppp/ppp.secret:
user1 password1
user2 password2
user3 password3
/etc/ppp/secure:
#!/bin/sh
I just left this file empty. Some examples show content here, but I was never able to get those examples to function.
I then ran across FreeBSD bug 122068 / 130159. Until this patch was applied, I was limited to one connection at a time. Any additional connections get their IP addresses incorrectly added to the server’s route table. Example:

netstat -rn | grep tun

192.168.0.201 192.168.0.3 UGH 0 4 tun0

192.168.0.202 192.168.0.3 UGH 0 4 tun0 <- This should be tun1

I grabbed the patch provided and dumped it in /usr/src/usr.sbin/ppp/. Then did a:

make obj && make depend && make && make install

in the same /usr/src/usr.sbin/ppp/ directory. After this, I was able to successfully establish more than one pptp session at a time. The routing table shows the correct entries:

netstat -rn | grep tun

192.168.0.201 192.168.0.3 UGH 0 105 tun0

192.168.0.202 192.168.0.3 UGH 0 68 tun1

Hopefully these examples will save some people some time! This configuration seems to be working quite well and all of the latency and dropped packets from mpd are history.