В сетке стоял терминальный сервер, на который народ ходил не только из локальной сети, но и из мира. Винда – это потенциальная дыра, посему решил как то обойти эту проблему.

Как один из вариантов выбрал доступ в сеть по ВПН. Так, как у меня уже вертелись ВПН между офисами, то проблемы особо не было. Но вот что делать с теми пользователями, которые не сидели в офисах?Для них решил тоже сделать ВПН на основе mpd.

Итак, приступим.

/usr/ports/>make search name=mpd4
Port:   mpd4-4.0b4
Path:   /usr/ports/net/mpd4
Info:   Multi-link PPP daemon based on netgraph(4) [development version]
Maint:  glebius@freebsd.org
B-deps: expat-2.0.0_1 libpdel-0.5.3_1
R-deps: expat-2.0.0_1 libpdel-0.5.3_1
WWW:    http://www.sourceforge.net/projects/mpd

/usr/ports/>cd /usr/ports/net/mpd4 && make install clean

Когда у нас все нормально установится, смотрим что у нас есть

/usr/ports/>cd /usr/local/etc/mpd4/
/usr/local/etc/mpd4/>ll
total 58
-r–r–r–  1 root  wheel  10999 Oct 20 13:50 mpd.conf.sample
-r–r–r–  1 root  wheel   3778 Oct 20 13:50 mpd.links.sample
-r–r–r–  1 root  wheel  39204 Oct 20 13:50 mpd.script.sample
-r–r–r–  1 root  wheel    834 Oct 20 13:50 mpd.secret.sample
/usr/local/etc/mpd4/>

И начинаем менять конфигурационные файлы "Smile” В самом начале меняем mpd.conf

/usr/local/etc/mpd4/>cat mpd.conf
startup:
default:
load pptp0
load pptp1

pptp0:
new -i ng00 pptp0 pptp0
set ipcp ranges 172.20.20.1/30 172.20.20.2/30
load pptp_standart

pptp1:
new -i ng01 pptp1 pptp1
set ipcp ranges 172.20.20.5/30 172.20.20.6/30
load pptp_standart

pptp_standart:
set iface disable on-demand
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set iface enable proxy-arp
set bundle enable compression
set ccp yes mppc
set pptp self ВАШ_ИП_АДРЕСС_ОТ_ПРОВАЙДЕРА
set ccp yes mpp-e40
set ccp yes mpp-e56
set ccp yes mpp-e128
set ccp yes mpp-stateless
set link keep-alive 10 60
set ipcp yes vjcomp
set ipcp ranges 172.20.20.0/30
set ipcp dns ВАШ_ИП_ДНС_СЕРВЕРА
set pptp enable incoming
set pptp disable originate
set iface mtu 1500
/usr/local/etc/mpd4/>

set pptp self ВАШ_ИП_АДРЕСС_ОТ_ПРОВАЙДЕРА и set ipcp dns ВАШ_ИП_ДНС_СЕРВЕРА не забываем поменять параметры "Smile”

Я указал 172.20.20.0/30 сетку, и уже на роутере сделал необходимые изменения для пропуска из одной сети в другую "Smile” Для примеру указал только 2 интерфейса: pptp0 и pptp1. Вы можете указать сколько угодно. У меня максимально было 35 – и работало "Smile”

Идем дальше. Меняем mpd.links. Пишем следующее:

pptp0:
set link type pptp
pptp1:
set link type pptp

И в заключение, меняем mpd.secret

user    user    *
user2   user2   *

Можно прикрутить так, чтоб пользователи получали ИП постоянные, но мне такой задачи не ставилось, да и не зачем мне было.

Вот собственно и все.

/usr/local/etc/mpd4/>cat /etc/rc.conf | grep mpd
mpd_enable=”YES”
/usr/local/etc/mpd4/>/usr/local/etc/rc.d/mpd4 start
Starting mpd4.
/usr/local/etc/mpd4/>sockstat | grep mpd
root     mpd4       53191 3  dgram  -> /var/run/logpriv
root     mpd4       53191 16 tcp4   213.25.15.74:1723    *:*
/usr/local/etc/mpd4/>tail -f /var/log/mpd.log
Nov  9 16:19:48 proxy mpd: PPTP: Incoming control connection from 192.168.0.4 2048 to 213.25.15.74 1723
Nov  9 16:19:48 proxy mpd: pptp0: attached to connection with 192.168.0.4 2048
Nov  9 16:19:48 proxy mpd: [pptp0] Accepting PPTP connection
Nov  9 16:19:48 proxy mpd: [pptp0] opening link "pptp0″…
Nov  9 16:19:48 proxy mpd: [pptp0] link: OPEN event
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: Open event
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: state change Initial –> Starting
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: LayerStart
Nov  9 16:19:48 proxy mpd: [pptp0] PPTP: attaching to peer’s outgoing call
Nov  9 16:19:48 proxy mpd: [pptp0] link: UP event
Nov  9 16:19:48 proxy mpd: [pptp0] link: origination is remote
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: Up event
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: state change Starting –> Req-Sent
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: SendConfigReq #5
Nov  9 16:19:48 proxy mpd:  ACFCOMP
Nov  9 16:19:48 proxy mpd:  PROTOCOMP
Nov  9 16:19:48 proxy mpd:  MRU 1500
Nov  9 16:19:48 proxy mpd:  MAGICNUM 84daf0a4
Nov  9 16:19:48 proxy mpd:  AUTHPROTO CHAP MSOFTv2
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: rec’d Configure Request #0 (Req-Sent)
Nov  9 16:19:48 proxy mpd:  MRU 1400
Nov  9 16:19:48 proxy mpd:  MAGICNUM 1ac768d0
Nov  9 16:19:48 proxy mpd:  PROTOCOMP
Nov  9 16:19:48 proxy mpd:  ACFCOMP
Nov  9 16:19:48 proxy mpd:  CALLBACK 6
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: SendConfigRej #0
Nov  9 16:19:48 proxy mpd:  CALLBACK 6
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: rec’d Configure Request #1 (Req-Sent)
Nov  9 16:19:48 proxy mpd:  MRU 1400
Nov  9 16:19:48 proxy mpd:  MAGICNUM 1ac768d0
Nov  9 16:19:48 proxy mpd:  PROTOCOMP
Nov  9 16:19:48 proxy mpd:  ACFCOMP
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: SendConfigAck #1
Nov  9 16:19:48 proxy mpd:  MRU 1400
Nov  9 16:19:48 proxy mpd:  MAGICNUM 1ac768d0
Nov  9 16:19:48 proxy mpd:  PROTOCOMP
Nov  9 16:19:48 proxy mpd:  ACFCOMP
Nov  9 16:19:48 proxy mpd: [pptp0] LCP: state change Req-Sent –> Ack-Sent
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: SendConfigReq #6
Nov  9 16:19:50 proxy mpd:  ACFCOMP
Nov  9 16:19:50 proxy mpd:  PROTOCOMP
Nov  9 16:19:50 proxy mpd:  MRU 1500
Nov  9 16:19:50 proxy mpd:  MAGICNUM 84daf0a4
Nov  9 16:19:50 proxy mpd:  AUTHPROTO CHAP MSOFTv2
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: rec’d Configure Ack #6 (Ack-Sent)
Nov  9 16:19:50 proxy mpd:  ACFCOMP
Nov  9 16:19:50 proxy mpd:  PROTOCOMP
Nov  9 16:19:50 proxy mpd:  MRU 1500
Nov  9 16:19:50 proxy mpd:  MAGICNUM 84daf0a4
Nov  9 16:19:50 proxy mpd:  AUTHPROTO CHAP MSOFTv2
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: state change Ack-Sent –> Opened
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP
Nov  9 16:19:50 proxy mpd: [pptp0] CHAP: sending CHALLENGE len:17
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: LayerUp
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: rec’d Ident #2 (Opened)
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: rec’d Ident #3 (Opened)
Nov  9 16:19:50 proxy mpd: [pptp0] CHAP: rec’d RESPONSE #1
Nov  9 16:19:50 proxy mpd:  Name: "user”
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Auth-Thread started
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Trying INTERNAL
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: INTERNAL returned undefined
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Auth-Thread finished normally
Nov  9 16:19:50 proxy mpd: [pptp0] CHAP: ChapInputFinish: status undefined
Nov  9 16:19:50 proxy mpd:  Response is valid
Nov  9 16:19:50 proxy mpd:  Reply message: S=408F3223DECCAF7F8CA863E53E47509D17588ABE
Nov  9 16:19:50 proxy mpd: [pptp0] CHAP: sending SUCCESS len:42
Nov  9 16:19:50 proxy mpd: [pptp0] LCP: authorization successful
Nov  9 16:19:50 proxy mpd: [pptp0] Bundle up: 1 link, total bandwidth 64000 bps
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: Open event
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: state change Initial –> Starting
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: LayerStart
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: Open event
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: state change Initial –> Starting
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: LayerStart
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: Up event
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: state change Starting –> Req-Sent
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: SendConfigReq #4
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.1
Nov  9 16:19:50 proxy mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: Up event
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: state change Starting –> Req-Sent
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: SendConfigReq #4
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×010000e0:MPPE(40, 56, 128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: rec’d Configure Request #4 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×010000e1:MPPC, MPPE(40, 56, 128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: SendConfigNak #4
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: rec’d Configure Request #5 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  IPADDR 0.0.0.0
Nov  9 16:19:50 proxy mpd:    NAKing with 172.20.20.2
Nov  9 16:19:50 proxy mpd:  PRIDNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:    NAKing with 192.168.4.254
Nov  9 16:19:50 proxy mpd:  PRINBNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:  SECDNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:  SECNBNS 0.0.0.0
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: SendConfigRej #5
Nov  9 16:19:50 proxy mpd:  PRINBNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:  SECDNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:  SECNBNS 0.0.0.0
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: rec’d Configure Reject #4 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: SendConfigReq #5
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.1
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: rec’d Configure Nak #4 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: SendConfigReq #5
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: rec’d Configure Request #6 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: SendConfigAck #6
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: state change Req-Sent –> Ack-Sent
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: rec’d Configure Request #7 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  IPADDR 0.0.0.0
Nov  9 16:19:50 proxy mpd:    NAKing with 172.20.20.2
Nov  9 16:19:50 proxy mpd:  PRIDNS 0.0.0.0
Nov  9 16:19:50 proxy mpd:    NAKing with 192.168.4.254
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: SendConfigNak #7
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.2
Nov  9 16:19:50 proxy mpd:  PRIDNS 192.168.4.254
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: rec’d Configure Ack #5 (Req-Sent)
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.1
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: state change Req-Sent –> Ack-Rcvd
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: rec’d Configure Ack #5 (Ack-Sent)
Nov  9 16:19:50 proxy mpd:  MPPC
Nov  9 16:19:50 proxy mpd:    0×01000040:MPPE(128 bits), stateless
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: state change Ack-Sent –> Opened
Nov  9 16:19:50 proxy mpd: [pptp0] CCP: LayerUp
Nov  9 16:19:50 proxy mpd:   Compress using: mppc (MPPE(128 bits), stateless)
Nov  9 16:19:50 proxy mpd: Decompress using: mppc (MPPE(128 bits), stateless)
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: rec’d Configure Request #8 (Ack-Rcvd)
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.2
Nov  9 16:19:50 proxy mpd:    172.20.20.2 is OK
Nov  9 16:19:50 proxy mpd:  PRIDNS 192.168.4.254
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: SendConfigAck #8
Nov  9 16:19:50 proxy mpd:  IPADDR 172.20.20.2
Nov  9 16:19:50 proxy mpd:  PRIDNS 192.168.4.254
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: state change Ack-Rcvd –> Opened
Nov  9 16:19:50 proxy mpd: [pptp0] IPCP: LayerUp
Nov  9 16:19:50 proxy mpd:   172.20.20.1 -> 172.20.20.2
Nov  9 16:19:50 proxy mpd: [pptp0] IFACE: Up event
Nov  9 16:19:50 proxy mpd: [pptp0] no interface to proxy arp on for 172.20.20.2
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: rec’d Terminate Request #9 (Opened)
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: state change Opened –> Stopping
Nov  9 16:19:53 proxy mpd: [pptp0] AUTH: Accounting data for user user: 5 seconds, 1168 octets in, 296 octets out
Nov  9 16:19:53 proxy mpd: [pptp0] Bundle up: 0 links, total bandwidth 9600 bps
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: Close event
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: state change Opened –> Closing
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: SendTerminateReq #6
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: LayerDown
Nov  9 16:19:53 proxy mpd: [pptp0] IFACE: Down event
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: Close event
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: state change Opened –> Closing
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: SendTerminateReq #6
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: LayerDown
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: Down event
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: LayerFinish
Nov  9 16:19:53 proxy mpd: [pptp0] No NCPs left. Closing links…
Nov  9 16:19:53 proxy mpd: [pptp0] closing link "pptp0″…
Nov  9 16:19:53 proxy mpd: [pptp0] IPCP: state change Closing –> Initial
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: Down event
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: LayerFinish
Nov  9 16:19:53 proxy mpd: [pptp0] CCP: state change Closing –> Initial
Nov  9 16:19:53 proxy mpd: [pptp0] AUTH: Cleanup
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: SendTerminateAck #7
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: LayerDown
Nov  9 16:19:53 proxy mpd: [pptp0] link: CLOSE event
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: Close event
Nov  9 16:19:53 proxy mpd: [pptp0] LCP: state change Stopping –> Closing
Nov  9 16:19:53 proxy mpd: [pptp0] rec’d proto IP during terminate phase
Nov  9 16:19:54 proxy mpd: last message repeated 2 times
Nov  9 16:19:54 proxy mpd: [pptp0] LCP: rec’d Terminate Request #10 (Closing)
Nov  9 16:19:54 proxy mpd: [pptp0] LCP: SendTerminateAck #8
Nov  9 16:19:55 proxy mpd: [pptp0] rec’d proto IP during terminate phase
Nov  9 16:19:55 proxy mpd: [pptp0] LCP: state change Closing –> Closed
Nov  9 16:19:55 proxy mpd: [pptp0] LCP: LayerFinish
Nov  9 16:19:55 proxy mpd: pptp0-0: clearing call
Nov  9 16:19:55 proxy mpd: pptp0-0: killing channel
Nov  9 16:19:55 proxy mpd: [pptp0] PPTP call terminated
Nov  9 16:19:55 proxy mpd: [pptp0] link: DOWN event
Nov  9 16:19:55 proxy mpd: [pptp0] LCP: Down event
Nov  9 16:19:55 proxy mpd: [pptp0] LCP: state change Closed –> Initial
Nov  9 16:19:55 proxy mpd: pptp0: closing connection with 192.168.0.4 2048
Nov  9 16:19:55 proxy mpd: pptp0: killing connection with 192.168.0.4 2048

Вот собственно и все. Коннект пошел. Были правда сначала проблемы, решил открытием на фаере gre и порта 1723. Шифрование проходит

Nov  9 16:19:50 proxy mpd:  Name: "user”
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Auth-Thread started
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Trying INTERNAL
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: INTERNAL returned undefined
Nov  9 16:19:50 proxy mpd: [pptp0] AUTH: Auth-Thread finished normally
Nov  9 16:19:50 proxy mpd: [pptp0] CHAP: ChapInputFinish: status undefined