Ipredator and FreeBSD

Ipredator is a very fast and reliable VPN service provider in Sweden. It’s quite easy to setup ipredator VPN connection under Windows and Linux, while it’s a little bit trickier to use it under FreeBSD since the default settings of several ppp client implementation for FreeBSD doesn’t quite meet the requirements of a Windows VPN(pptp) server. Below is my setup examples for this VPN service:

The powerful FreeBSD ppp damon mpd is our first choice here. To install mpd:

# cd /usr/ports/net/mpd5 && make install clean

Add following configuration lines to your /usr/local/etc/mpd5/mpd.conf for ipredator VPN. (You should of course change USERNAME and PASSWORD)

ipredator:
create bundle static B1
set bundle yes compression
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
set ccp yes mppc
set mppc yes e128
set mppc yes stateless
set iface up-script /usr/local/etc/mpd5/ip-up.sh
set iface down-script /usr/local/etc/mpd5/ip-down.sh
create link static L1 pptp
set link action bundle B1
set auth authname USERNAME
set auth password PASSWORD
set link max-redial 0
set link mtu 1460
set link keep-alive 20 75
set pptp peer vpn.ipredator.se
set pptp disable windowing
open

The tricky part is that ipredator VPN server requires MPPE 128-bit session key support with stateless mode. The ppp session negotiation will fail if you don’t have the required MPPE stuff enabled in your ppp client configuration.

ip-up.sh and ip-down.sh is used to setup the route after VPN connection established/destroyed. ip-up.sh changes the default route to the ppp remote address, so all outgoing traffic will route through the VPN instead. (The script also properly setup route for packets with ppp peer address as destination; these are encapsulated GRE packets that should be routed through the real default router)

#!/bin/sh
# ip-up.sh
. /etc/rc.conf
/sbin/route del $4
/sbin/route add $4 $defaultrouter
/sbin/route del default
/sbin/route add default $4

ip-down.sh restores the old default router:

#!/bin/sh
# ip-down.sh
. /etc/rc.conf
/sbin/route del $4
/sbin/route del default
/sbin/route add default $defaultrouter

Now you can use the command below to actually start the VPN connection:

# mpd5 ipredator

mpd outputs verbose connection log when running in foreground, usually you should be able to find some details in the log when a connection fails to establish. Packet sniffers like Wireshark can provide additional information in the ppp protocol level, which greatly helps diagnosing connection problems.