$Id: HOWTO_PIPEX_NPPPD.txt,v 1.8 2012/01/18 03:21:28 yasuoka Exp $

How to test npppd and pipex
---------------------------

  client ------ server
                A.B.C.D

on server

  1. update your source tree

  2. build and update kernel

  3. build npppd

	% cd /usr/src/usr.sbin/npppd
	% make
	% sudo make install

  4. install npppd.conf and npppd-users.csv to /etc/npppd/
     sample npppd.conf and npppd-user.csv attached below on this file.

	% sudo mkdir -m 0755 /etc/npppd
	% sudo cp npppd.conf /etc/npppd/
	% sudo cp npppd-users.csv /etc/npppd/

  5. enable PIPEX and GRE by sysctl

	% sudo sysctl net.inet.gre.allow=1  (for PPTP)
	% sudo sysctl net.pipex.enable=1    (for PIPEX)

  6. run npppd

	% sudo /usr/sbin/npppd -d

  NOTE:

  * Previous version required to create `_npppd' user and group, but
    now it uses '_ppp' instead.  Delete `_npppd' if you created.

	% sudo userdel _npppd
	% sudo groupdel _npppd

  * Previous version has `npppdctl', but it was replaced by `npppctl'.
    So please remove `npppdctl' related files.

	% sudo rm /usr/sbin/npppdctl
	% sudo rm /usr/share/man/cat8/npppdctl.0
	% sudo rm /usr/share/man/man8/npppdctl.8


on client

  1. install 'pptp' from ports.
  2. edit /etc/ppp/ppp.conf
     -------------------------------
     test_pptp:
       set device "!/usr/local/sbin/pptp --nolaunchpppd A.B.C.D"
       set authname test
       set authkey hogehoge
       set mppe 128 stateless
       disable protocomp
       deny protocomp
       disable ipv6cp
     -------------------------------
     modify "A.B.C.D" to actual IP address.
  3. dial test_pptp
     % sudo ppp -ddial test_pptp


How to test L2TP/IPsec
----------------------

  1. run isakmpd
     % sudo isakmpd -Kv
  2. append below lines to /etc/ipsec.conf
     -------------------------------
     ike passive esp transport \
         proto udp from A.B.C.D to any port 1701 \
         main auth "hmac-sha" enc "3des" group modp1024 \
         quick auth "hmac-sha" enc "aes" \
         psk "secret"
     -------------------------------
     - change A.B.C.D to actual IP address
     - change "secret" to actual shared secret

   3. exec ipsecctl to notice isakmpd
     % sudo ipsecctl -f /etc/ipsec.conf

   4. connect from iPhone, MacOS or Windows


[npppd.conf]
-------------------------------------------------------------------------------
#
# Simplest npppd.conf sample
#
# $Id: HOWTO_PIPEX_NPPPD.txt,v 1.8 2012/01/18 03:21:28 yasuoka Exp $

interface_list:                         tun0
interface.tun0.ip4addr:                 10.0.0.1

# IP address pool
pool.dyna_pool:                         10.0.0.0/25
pool.pool:                              10.0.0.128/25

# Local file authentication
auth.local.realm_list:                  local
auth.local.realm.acctlist:              /etc/npppd/npppd-users.csv
realm.local.concentrate:                tun0

# RADIUS authentication / accounting
#auth.radius.realm_list:                radius
#auth.radius.realm.server.address:	127.0.0.1:1812
#auth.radius.realm.server.secret:	hogehoge
#auth.radius.realm.acct_server.address:	127.0.0.1:1813
#auth.radius.realm.acct_server.secret:	hogehoge
#realm.radius.concentrate:		tun0

lcp.mru:                                1400
auth.method:                            mschapv2 chap
#auth.method:                           mschapv2 chap pap
#ipcp.dns_primary:                      192.168.4.20
#ipcp.dns_secondary:                    192.168.6.20
#ipcp.nbns_primary:                     192.168.4.20
#ipcp.nbns_secondary:                   192.168.6.20
#ipcp.assign_fixed:                     true
#ipcp.assign_userselect:                true

pptpd.enabled:                          true
pptpd.ip4_allow:                        0.0.0.0/0
#pptpd.listener_in:                     PPTP 192.168.0.1

# L2TP daemon
l2tpd.enabled:                          true
l2tpd.ip4_allow:                        0.0.0.0/0
#l2tpd.listener_in:                     L2TP 192.168.0.1
#l2tpd.purge_ipsec_sa:                  true
l2tpd.require_ipsec:                    false

# PPPoE daemon
#pppoed.enabled:                                true
#pppoed.interface:                      PPPoE vic0

#pipex.enabled:				false
-------------------------------------------------------------------------------

[npppd-users.csv]
  - First line of the CSV is *IGNORED*.  It is treated as a title line.
-------------------------------------------------------------------------------
Username,Password,Framed-IP-Address,Framed-IP-Netmask,Description,Calling-Id
user1,user1's secret,10.0.0.129,,memo for user1
-------------------------------------------------------------------------------
