gistfile1.txt

/etc/options
#debug
proxyarp
#+MSChap-V2 mppe-128 mppe-stateless
##require-mschap-v2
##require-mppe-128
ms-dns 192.168.100.1

/etc/options.pptpd
# Authentication
# noauth if your insane and want anybody to connect without authentication


# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name cerberus

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain

# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.)

# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}

# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
+chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40 # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}

# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# local dns on the remote domain -or- just set to some dns
#ms-dns 192.168.1.1
ms-dns 128.97.131.21
defaultroute
# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients. The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp

# Normally pptpd passes the IP address to pppd, but if pptpd has been
# given the delegate option in pptpd.conf or the --delegate command line
# option, then pppd will use chap-secrets or radius to allocate the
# client IP address. The default local IP address used at the server
# end is often the same as the address of the server. To override this,
# specify the local IP address here.
# (you must not use this unless you have used the delegate option)
#10.8.0.100

# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump

# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp

# Disable Van Jacobson compression
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
novj
novjccomp

# turn off logging to stderr, since this may be redirected to pptpd,
# which may trigger a loopback
nologfd

/etc/ppp.conf
loop:

      set timeout 0
      set log phase chat connect lcp ipcp command
      set device localhost:pptp
      set dial
      set login
      set mppe * stateful

      # Server (local) IP address, Range for Clients, and Netmask
      # Use the same IP addresses you specified in /etc/pppd.conf :
      set ifaddr 192.168.100.2 192.168.100.234-192.168.100.254 255.255.255.255
      set server /tmp/loop "" 0177

loop-in:

     set timeout 0
     set log phase lcp ipcp command
     allow mode direct

pptp:

     load loop
     # Disable unsecured auth
     disable pap
     disable chap
     enable mschapv2
     enable passwdauth
     disable deflate pred1
     deny deflate pred1
     disable ipv6
     accept mppe
    # enable proxy
     accept dns
     # DNS Servers to assign client
     # Use your own DNS server IP address :
     set dns 192.168.100.1
     set device !/etc/ppp/secure
     #enable mssfixup

default:
     set log Phase Chat LCP IPCP CCP tun command
     
vpn:
     set device "!/usr/local/sbin/pptp --nolaunchpppd vpn2.loni.ucla.edu"
     set authname jtrout
     set authkey ********* 
     set mppe 128 stateless

vpn_home:
     set device "!/usr/local/sbin/pptp --nolaunchpppd 76.176.88.219"
     set authname jdtrout
     set authkey ************
     set mppe 128 stateless

/etc/ppp.linkdown
vpn:
         ! sh -c "/sbin/pfctl -a vpn -F all"
         delete 10.0.0.0/8
         delete 128.97.134.0/24
         delete 128.97.131.0/24
         delete 128.97.133.0/24
         delete 128.97.129.0/24
         delete vpn2.loni.ucla.edu
vpn_home:
        ! sh -c "/sbin/pfctl -a vpn_home -F all"
        delete 192.168.0.0/24
        delete 76.176.88.219

/etc/ppp.linkup
vpn:
  add 10.0.0.0/8 HISADDR
  add 128.97.134.0/24 HISADDR
  add 128.97.131.0/24 HISADDR
  add 128.97.133.0/24 HISADDR
  add 128.97.129.0/24 HISADDR
  ! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"

vpn_home:
  add 192.168.0.0/24 HISADDR
  ! sh -c "/sbin/pfctl -a vpn_home -f /etc/pf.conf.vpn_home"

/etc/secure
#!/bin/sh

#exec /usr/sbin/ppp
exec /usr/sbin/ppp -direct loop-in