Brett Glass wrote:
I've been asked to work on a PPTP server for a large company which has
up to 100 users tunneling in at once. They currently have a FreeBSD
machine set up to use FreeBSD's userland PPP together with the PoPToP
pptp daemon. (They have a hacked version of PoPToP which allows
different instances of the daemon to invoke PPP with different labels,
letting them set up for different sorts of connections on different
IPs.) But as the number of users has grown, PoPToP has started to act
strangely. It's giving them odd errors, saying that it's out of buffer
space and such. I think it's stretched to the limit.
I'm looking at building a VPN server for them using FreeBSD and mpd.
But I've never used mpd before, primarily because it seems to work in
mysterious ways. Its configuration is a bit odd, and it lacks some of
the features of userland PPP. For example, you must put a separate
entry for each incoming connection (or "link") in the configuration
file. But since you don't know which incoming user is going to get
which connection, you have to create dozens and dozens of identical
links -- a tremendous waste of space! (Userland PPP lets you specify a
single label to which all PPTP connections must go and creates "tun"
devices on the fly as needed for the link.)
It will be much easier if you can write some script to generate mpd
config files. I'm generating config files such way for PPPoE.
What's more, you have to allocate Netgraph nodes for all of them in
advance. You also do not have the ability to change the configuration
for different users, because you don't know which user will get which
of the links -- and the mpd.secret file, unlike the ppp.secret file,
doesn't let you jump to a label once you find out the user's identity.
The company wants to throttle bandwidth by user, so I need to be able
to distinguish between users to do this.
Did you try Radius?
This company wants some users to have unroutable addresses that can't
escape their network without NAT, and others to have routable
addresses. I'm experimenting with what happens if you create two sets
of links which "listen" on different IP addresses, but this will make
the configuration file yet larger.
Are there any mpd gurus out there who can give me a quick opinion as
to whether it's feasible to use mpd for this application -- and spend
some consulting time telling me how so that I don't have to flail
around experimenting? If I can't use mpd and PoPToP isn't working,
what other options are there for a good PPTP server?
--Brett Glass
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
