point to multipoint vpn

Posted on 2005-04-06
Last Modified: 2013-11-22
Is it possible and how would this be done to have a point to multipoint vpn on FreeBSD.

If I have an ADSL connection with a static IP I would like to be able to connect this box to more than one remote server and establish a VPN connection.

When a VPN is established is it still possible to have local Internet access through the local ADSL connection?

What would be the best way for a staff member using a Notebook to connect to the office as they travel around and access the office network via the internet?

Question by:icarey
    LVL 1

    Accepted Solution


    I have found that mpd located in the ports "/usr/ports/net/mpd/" works very well.  PPTP is built into almost every version of windows so extra software client does not need to be installed on the PC. The server and client are very easy to setup and would probably take 1hr tops to setup.

    You can find more info at

    Here is a feature list...

          Multi-link PPP capability
          PAP, CHAP, and MS-CHAP authentication
          PPP compression and encryption
          Point-to-Point Tunnelling Protocol (PPTP)
          PPP over Ethernet (PPPoE)
          RADIUS (authentication and accounting)

    Mpd also includes many additional features:

          Dial-on-demand with idle timeout
          Multiple active connections running simultaneously
          Dynamic demand based link management (also known as ``rubber bandwidth'')
          Powerful chat scripting language for asynchronous serial ports
          Pre-tested chat scripts for several common modems and ISDN TAs
          Clean device-type independent design
          Comprehensive logging

    LVL 5

    Assisted Solution

    FreeS/WAN: -
    IPSec: - Uses IPSec

    Each has it's own advantages.. for example, poptop is the best for windows compatability.
    LVL 3

    Assisted Solution

    I use and very strongly recommend OpenVPN, which is extremely fast, reliable, flexible, easy to configure, multiplatform, and uses OpenSSL based encryption.

    One particularly nifty thing about OpenVPN is that you can actually establish a working tunnel with a single command right from the shell prompt, with no config files whatsoever!  This is usually how I test out a new tunnel; just run the command right there at the prompt, and if it works, I kill the process and write the command up in an rc.d script and run it again from there.

    Note: openvpn is available in the ports tree, but the version there is 1.x and if you are going to be using this crossplatform (ie interfacing directly with windows machines, not just tying two BSD boxen together) you will need to instead download and build 2.x from source, from  When you do so, you'll need to pass arguments to ./configure either telling it not to bother building with LZO compression, or pointing it to the location of the headers and includes for LZO.
    LVL 2

    Expert Comment

    Sorry Ivan, None of those are a good choice. (except possibly openswan which I'm not sure runs on BSD)

    OpenVPN will NOT do what you want... And I quote from the site:

     "There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP. OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP." ... "OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP"

    No L2TP means no Windows client without buying software at 100 bucks a seat.

    Ivan, you need to cut to the chase and buy a hardware VPN endpoint. (Linksys DI-808HV is a good choice.) from 50 to 100 bucks depending on who makes it. LOOK FOR L2PT. That is the protocol you want. Also look for the number of tunnels. The 808HV will do 40 concurrently but (from memory) only 8 can be laptops (L2TP) at any one time. But 8 concurrent users will melt your DSL line anyway. ;-)

    Do not use pptp it is old and easy to break. Sorry I don't have better news but that's the way life works sometimes. ;-(
    LVL 5

    Expert Comment

    > No L2TP means no Windows client without buying software at 100 bucks a seat.

    Where do you get $100/seat figure?  OpenVPN is free and GPL, so is the Windows GUI..

    LVL 2

    Expert Comment

    OK point taken... If you want your average Windows user trying to figure out how to configure a VPN from their laptop then you have a solution....

    If you want a solution that your end users will not destroy, and -you know- can actually use, then you have another problem.

    There are "solutions" and then there are "solutions."
    LVL 5

    Expert Comment

    Poptop uses PPTP
    OpenVPN uses SSL tunnel
    FreeS/WAN uses L2TP+IPSec
    Pipsecd uses L2TP+IPSec

    There's one of each tunnel/encryption type there, and all are compatible with windows (some requiring extra software), if that is a requirement.

    Do NOT just use L2TP..  L2TP is a tunneling protocol that offers no encryption.  Most tunnels using L2TP use IPSec, which adds encryption, and a second level of overhead.  SSL is the cheapest on overhead, and PPTP is the most compatible for least overhead.

    For staff members using notebooks, PPTP is definitely the best way to go... it's compatable, easy to install and use, requiring no extra software installation on windows notebooks.

    For a more secure VPN, try SSL, which allows the use of certificates and other authentication technologies, and is cross-platform by providing a connectivity application for each platform.

    I would only recommend L2TP+IPSec for perminant installations, as it has the ability to re-establish lost connections, but relies on both ends using static IPs, unless it's in a road warrior configuration.
    LVL 2

    Expert Comment

    > For staff members using notebooks, PPTP is definitely the best way to go... it's compatable, easy to install and use, requiring no extra software installation on windows notebooks.

    PPTP can nearly be broken in real time today. If you want to keep people from reading your email or maybe some simple business correspondence OK.... BUT if you have real data (one of my clients is an investment banker) use L2TP+IPSec.
    LVL 3

    Expert Comment

    I'd say even split between first three commenters, all of whom provided workable solutions to fit the question.

    I do not include Bienville because of giving erroneous information leading the poster to believe he can't do what he wants.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. Please see for the updated article. It is avail…
    Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now