Karena berbagai alasan yg mendesak dan sekedar penasaran untuk membikin anonymous network, maka saya putuskan untuk mencoba
VPN client di router
FreeBSD ini. Pertama aplikasi yang saya gunakan masih saya telaah dulu diantaranya
pptpclient-1.7.1,
mpd/mpd4/mpd5,
OpenVPN.
Saya analisa sendiri
pptpclient-1.7.1 lebih ke arah Linux-Style shg saya simpulkan setelah running seharian kurang stabil di
FreeBSD, untuk
OpenVPN saya belom sempat coba, untuk
mpd saya coba mulai dari
mpd/mpd4/mpd5 dan kelihatnya
mpd ini lebih BSD-Style.
Setelah 2 hari saya mencoba ternyata saya memilih
mpd dengan pertimbangan:
- Lebih BSD-Style karena pihak pengembang juga dari FreeBSD Project Team.
- Custom configurasi lebih teratur dan lebih banyak options dukungan yg lengkap.
- Lebih stabil running di FreeBSD.
Berikut langkah-langkahnya:
1. Install mpd dari port:
# cd /usr/port/net/mpd/
# make extract
# cd /usr/port/net/mpd/work/mpd-3.18/src/
# vim iface.c
/* Add loopback route */
ExecCmd(LG_IFACE, "%s add %s -iface lo0", PATH_ROUTE, inet_ntoa(iface->self_addr));
if (Enabled(&iface->options, IFACE_CONF_RADIUSROUTE)) {
for (i=0; (i < bund->radius.n_routes) && (bund->iface.n_routes < IFACE_MAX_ROUTES); i++) {
memcpy(&(iface->routes[iface->n_routes++]), &(bund->radius.routes[i]), sizeof(struct ifaceroute));
};
Log(LG_IFACE, ("[%s] IFACE: using %d RADIUS routes", bund->name, bund->radius.n_routes));
}
Dan:
/* Delete loopback route */
ExecCmd(LG_IFACE, "%s delete %s -iface lo0",
PATH_ROUTE, inet_ntoa(iface->self_addr));
Kasih block komentar untuk coding itu, untuk menghapus routing ke loopback interface (lo0) lalu save.
# make install clean
2. Konfigurasi mpd.conf & mpd.links:
# cat /usr/local/etc/mpd/mpd.conf
default:
load vpn01
vpn01:
new -i ng0 vpn01 vpn01
set bundle authname ******
set bundle password ******
set bundle disable multilink
set iface idle 0
set iface enable tcpmssfix
set iface disable on-demand
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set link no pap acfcomp protocomp
set link disable chap
set link accept chap
set link keep-alive 30 10
set link ident mpd
set link mtu 1460
set link max-redial 0
open
# cat /usr/local/etc/mpd/mpd.links
vpn01:
set link type pptp
set pptp mode active
set pptp enable originate outcall
set pptp disable incoming
set pptp peer IP_REMOTE_VPN
3. Testing jalanin mpd daemon & log file:
# rehash
# mpd
# fgrep -A1 mpd /etc/syslog.conf
!mpd
*.* /var/log/ppp.log
# fgrep ppp /etc/newsyslog.conf
/var/log/ppp.log root:network 640 3 500 * JC
# kill -HUP `cat /var/run/syslog.pid`
Sunting file² diatas, dan restart syslog daemon.
# tail /var/log/ppp.log
Feb 15 09:00:33 router mpd: IPADDR 12.12.13.78
Feb 15 09:00:33 router mpd: [vpn01] IPCP: rec'd Configure Ack #3 link 0 (Ack-Sent)
Feb 15 09:00:33 router mpd: IPADDR 12.12.13.78
Feb 15 09:00:33 router mpd: [vpn01] IPCP: state change Ack-Sent --> Opened
Feb 15 09:00:33 router mpd: [vpn01] IPCP: LayerUp
Feb 15 09:00:33 router mpd: 12.12.13.78 -> 10.0.0.1
Feb 15 09:00:33 router mpd: [vpn01] IFACE: Up event
Feb 15 09:00:33 router mpd: [vpn01] setting interface ng0 MTU to 1400 bytes
Feb 15 09:00:33 router mpd: [vpn01] exec: /sbin/ifconfig ng0 12.12.13.78 10.0.0.1 netmask 0xffffffff -link0
Feb 15 09:00:33 router mpd: [vpn01] IFACE: Up event
# ifconfig ng0
ng0: flags=88d1 metric 0 mtu 1400
inet 12.12.13.78 --> 10.0.0.1 netmask 0xffffffff
4. Pastikan protocol gre(4) di allow di firewall:
# grep GRE /etc/protocols
gre 47 GRE # Generic Routing Encapsulation
# grep gre /etc/rc.firewall
${fwcmd} add 400 allow gre from any to any
# grep gre /etc/ipf.rules
pass in quick proto gre from any to any
pass out quick proto gre from any to any
5. Bikin auto script untuk start/restart/stop daemon mpd:
# cat mpd.sh
#!/bin/sh
case "$1" in
start)
/usr/local/sbin/mpd -b -p /var/run/mpd.pid
echo 'Starting VPN...'
;;
stop)
/usr/local/sbin/mpd -k `cat /var/run/mpd.pid` > /dev/null
echo 'Shuting down VPN...'
;;
restart)
/usr/local/sbin/mpd -k `cat /var/run/mpd.pid` > /dev/null
/usr/local/sbin/mpd -b -p /var/run/mpd.pid
echo 'Restarting VPN...'
;;
*)
echo "Gunakan keyword: `basename $0` {start|stop|restart}" >&2
;;
esac
exit 0