poloniumv's

Soekris net4511, GPRS и PPTP

10 ноября 2010 г. 16:20

Дано. Интернет, Soekris net4511, флеш-карта на 128 МБайт, PCMCIA GPRS-модем Huawei EG602, карточка от МТС, консольный шнурок, пинок.

Необходимо. Вставить карточку в модем, модем в Soekris, нарулить на эту железяку ОС, которая и карточку подхватит, и на 128 МБайтах поместится, выйдет в Интернет да построит с одним из серваков PPTP-тоннель.

Итак. Первым делом начал с выбора ОС. Естественно, выбор небольшой - GNU/Linux или FreeBSD (с Open- и NetBSD ни разу не работал, а времени разбираться нет). Для того, чтобы меньше работы пришлось делать, полез в гугл, искать уже готовое. Не нашел. Вернее нашел проект m0n0wall, стянул его, поставил, заценил веб-морду, снес. С Linux'ами тоже не сложилось. Решил собирать сам - nanoBSD на основе FreeBSD 8.1-RELEASE.

Нашел в Сети кучу всяких мануалов, конфигурационных файлов для сборки как ядра, так и nanoBSD системы. С последними долго не возился, а вот конфиг ядра пришлось составлять самому, т. к. ничто из найденного полностью не удовлетворяло потребности либо же не запускалось вообще.

Итак, первым делом надо приготовить конфиг для nanoBSD. Во избежание ошибок в процессе сборки системы (в случае ненайденных хидеров и/или исходников какой-либо мелочи) через sysinstall поставил дерево сорцов полностью.
В /usr/src/tools/tools/nanobsd/ сотворил soekris.conf:

NANO_NAME=net4511
NANO_IMAGES=1
NANO_KERNEL=SOEKRIS
NANO_DRIVE=ad0
NANO_PMAKE="make -j 1"

NANO_MEDIASIZE=`expr 128450560 / 512`
NANO_HEADS=8
NANO_SECTS=32

customize_cmd cust_comconsole
customize_cmd cust_allow_ssh_root
customize_cmd cust_install_files

CONF_INSTALL='
WITHOUT_TOOLCHAIN=YES
'

CONF_WORLD='
COMCONSOLE_SPEED=19200
NO_MODULES=YES
WITHOUT_ACPI=YES
WITHOUT_ASSERT_DEBUG=YES
WITHOUT_ATM=YES
WITHOUT_AUDIT=YES
WITHOUT_AUTHPF=YES
WITHOUT_BIND=YES
WITHOUT_BLUETOOTH=YES
WITHOUT_CALENDAR=YES
WITHOUT_CDDL=YES
WITHOUT_CPP=YES
WITHOUT_CVS=YES
WITHOUT_CXX=YES
WITHOUT_DICT=YES
WITHOUT_DYNAMICROOT=YES
WITHOUT_EXAMPLES=YES
#WITHOUT_FORTH=YES
WITHOUT_FORTRAN=YES
WITHOUT_GAMES=YES
WITHOUT_GCOV=YES
#WITHOUT_GDB=YES
WITHOUT_GPIB=YES
WITHOUT_GROFF=YES
WITHOUT_HTML=YES
WITHOUT_HESIOD=YES
WITHOUT_I4B=YES
WITHOUT_IDEA=YES
WITHOUT_INET6=YES
WITHOUT_INFO=YES
WITHOUT_IPFILTER=YES
WITHOUT_IPX=YES
WITHOUT_KERBEROS=YES
#WITHOUT_LIBPTHREAD=YES
#WITHOUT_LIBTHR=YES
#WITHOUT_LOCALES=YES
WITHOUT_LPR=YES
WITHOUT_MAILWRAPPER=YES
WITHOUT_MAN=YES
WITHOUT_NCP=YES
WITHOUT_NETCAT=YES
WITHOUT_NIS=YES
WITHOUT_NLS=YES
WITHOUT_NLS_CATALOGS=YES
WITHOUT_NS_CACHING=YES
WITHOUT_OBJC=YES
WITHOUT_PAM_SUPPORT=YES
WITHOUT_PF=YES
WITHOUT_PROFILE=YES
WITHOUT_RCMDS=YES
WITHOUT_RCS=YES
WITHOUT_RESCUE=YES
WITHOUT_SENDMAIL=YES
WITHOUT_SHAREDOCS=YES
WITHOUT_SPP=YES
WITHOUT_SYSCONS=YES
WITHOUT_USB=YES
WITHOUT_ZFS=YES
WITHOUT_ZONEINFO=YES
' 

После этого создал там же конфигурационный файл ядра SOEKRIS:

cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident GENERIC

options HZ=1000
options CPU_ELAN
options CPU_GEODE
options CPU_SOEKRIS

makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols

options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
#options INET6 # IPv6 communications protocols
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options MD_ROOT # MD is a potential root device
#options NFSCLIENT # Network Filesystem Client
#options NFSSERVER # Network Filesystem Server
#options NFSLOCKD # Network Lock Manager
#options NFS_ROOT # NFS usable as /, requires NFSCLIENT
#options MSDOSFS # MSDOS Filesystem
#options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_43TTY # BSD 4.3 TTY compat (sgtty)
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options COMPAT_FREEBSD5 # Compatible with FreeBSD5
options COMPAT_FREEBSD6 # Compatible with FreeBSD6
options COMPAT_FREEBSD7 # Compatible with FreeBSD7
options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI
options KTRACE # ktrace(1) support
options STACK # stack(9) support
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options P1003_1B_SEMAPHORES # POSIX-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options MAC # TrustedBSD MAC Framework
options FLOWTABLE # per-cpu routing cache
#options KDTRACE_HOOKS # Kernel DTrace hooks
options INCLUDE_CONFIG_FILE # Include this file in kernel

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPFILTER
options DUMMYNET


# To make an SMP kernel, the next two lines are needed
#options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC

# CPU frequency control
device cpufreq

# Bus support.
device acpi
device eisa
device pci

# Floppy drives
#device fdc

# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
#device ataraid # ATA RAID drives
#device atapicd # ATAPI CDROM drives
#device atapifd # ATAPI floppy drives
#device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering

# SCSI Controllers
#device ahb # EISA AHA1742 family
#device ahc # AHA2940 and onboard AIC7xxx devices
#options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
#device ahd # AHA39320/29320 and onboard AIC79xx devices
#options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
#device amd # AMD 53C974 (Tekram DC-390(T))
#device hptiop # Highpoint RocketRaid 3xxx series
#device isp # Qlogic family
#device ispfw # Firmware for QLogic HBAs- normally a module
#device mpt # LSI-Logic MPT-Fusion
#device ncr # NCR/Symbios Logic
#device sym # NCR/Symbios Logic (newer chipsets + those of `ncr')
#device trm # Tekram DC395U/UW/F DC315U adapters

#device adv # Advansys SCSI adapters
#device adw # Advansys wide SCSI adapters
#device aha # Adaptec 154x SCSI adapters
#device aic # Adaptec 15[012]x SCSI adapters, AIC-6[23]60.
#device bt # Buslogic/Mylex MultiMaster SCSI adapters

#device ncv # NCR 53C500
#device nsp # Workbit Ninja SCSI-3
#device stg # TMC 18C30/18C50

# SCSI peripherals
device scbus # SCSI bus (required for SCSI)
#device ch # SCSI media changers
device da # Direct Access (disks)
#device sa # Sequential Access (tape etc)
#device cd # CD
#device pass # Passthrough device (direct SCSI access)
#device ses # SCSI Environmental Services (and SAF-TE)

# RAID controllers interfaced to the SCSI subsystem
#device amr # AMI MegaRAID
#device arcmsr # Areca SATA II RAID
#device asr # DPT SmartRAID V, VI and Adaptec SCSI RAID
#device ciss # Compaq Smart RAID 5*
#device dpt # DPT Smartcache III, IV - See NOTES for options
#device hptmv # Highpoint RocketRAID 182x
#device hptrr # Highpoint RocketRAID 17xx, 22xx, 23xx, 25xx
#device iir # Intel Integrated RAID
#device ips # IBM (Adaptec) ServeRAID
#device mly # Mylex AcceleRAID/eXtremeRAID
#device twa # 3ware 9000 series PATA/SATA RAID

# RAID controllers
#device aac # Adaptec FSA RAID
#device aacp # SCSI passthrough for aac (requires CAM)
#device ida # Compaq Smart RAID
#device mfi # LSI MegaRAID SAS
#device mlx # Mylex DAC960 family
#device pst # Promise Supertrak SX6000
#device twe # 3ware ATA RAID

# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
#device psm # PS/2 mouse

device kbdmux # keyboard multiplexer

device vga # VGA video card driver

#device splash # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device sc

device agp # support several AGP chipsets

# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer

# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
device cbb # cardbus (yenta) bridge
device pccard # PC Card (16-bit) bus
device cardbus # CardBus (32-bit) bus

# Serial (COM) ports
device uart # Generic UART driver

# Parallel port
#device ppc
#device ppbus # Parallel port bus (required)
#device lpt # Printer
#device plip # TCP/IP over parallel
#device ppi # Parallel port interface device
#device vpo # Requires scbus and da

# If you've got a "dumb" serial or parallel PCI card that is
# supported by the puc(4) glue driver, uncomment the following
# line to enable it (connects to sio, uart and/or ppc drivers):
#device puc

# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
#device em # Intel PRO/1000 Gigabit Ethernet Family
#device igb # Intel PRO/1000 PCIE Server Gigabit Family
#device ixgb # Intel PRO/10GbE Ethernet Card
#device le # AMD Am7900 LANCE and Am79C9xx PCnet
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
#device ae # Attansic/Atheros L2 FastEthernet
#device age # Attansic/Atheros L1 Gigabit Ethernet
#device alc # Atheros AR8131/AR8132 Ethernet
#device ale # Atheros AR8121/AR8113/AR8114 Ethernet
#device bce # Broadcom BCM5706/BCM5708 Gigabit Ethernet
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
#device et # Agere ET1310 10/100/Gigabit Ethernet
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device jme # JMicron JMC250 Gigabit/JMC260 Fast Ethernet
#device lge # Level 1 LXT1001 gigabit Ethernet
#device msk # Marvell/SysKonnect Yukon II Gigabit Ethernet
#device nfe # nVidia nForce MCP on-board Ethernet
#device nge # NatSemi DP83820 gigabit Ethernet
#device nve # nVidia nForce MCP on-board Ethernet Networking
#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'le')
#device re # RealTek 8139C+/8169/8169S/8110S
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sge # Silicon Integrated Systems SiS190/191
device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device stge # Sundance/Tamarack TC9021 gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit Ethernet
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')

# ISA Ethernet NICs. pccard NICs included.
#device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device ex # Intel EtherExpress Pro/10 and Pro/10+
#device ep # Etherlink III based cards
#device fe # Fujitsu MB8696x based cards
#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device sn # SMC's 9000 series of Ethernet chips
#device xe # Xircom pccard Ethernet

# Wireless NIC cards
#device wlan # 802.11 support
#options IEEE80211_DEBUG # enable debug msgs
#options IEEE80211_AMPDU_AGE # age frames in AMPDU reorder q's
#options IEEE80211_SUPPORT_MESH # enable 802.11s draft support
#device wlan_wep # 802.11 WEP support
#device wlan_ccmp # 802.11 CCMP support
#device wlan_tkip # 802.11 TKIP support
#device wlan_amrr # AMRR transmit rate control algorithm
#device an # Aironet 4500/4800 802.11 wireless NICs.
#device ath # Atheros pci/cardbus NIC's
#device ath_hal # pci/cardbus chip support
#options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors
#device ath_rate_sample # SampleRate tx rate control for ath
#device ral # Ralink Technology RT2500 wireless NICs.
#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.

# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device ether # Ethernet support
device vlan # 802.1Q VLAN support
device tun # Packet tunnel.
device pty # BSD-style compatibility pseudo ttys
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device firmware # firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter

# USB support
options USB_DEBUG # enable debug msgs
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
#device udbp # USB Double Bulk Pipe devices
#device uhid # "Human Interface Devices"
#device ukbd # Keyboard
#device ulpt # Printer
#device umass # Disks/Mass storage - Requires scbus and da
#device ums # Mouse
#device urio # Diamond Rio 500 MP3 player
# USB Serial devices
device u3g # USB-based 3G modems (Option, Huawei, Sierra)
#device uark # Technologies ARK3116 based serial adapters
device ubsa # Belkin F5U103 and compatible serial adapters
#device uftdi # For FTDI usb serial adapters
#device uipaq # Some WinCE based devices
device uplcom # Prolific PL-2303 serial adapters
device uslcom # SI Labs CP2101/CP2102 serial adapters
device uvisor # Visor and Palm devices
device uvscom # USB serial support for DDI pocket's PHS
# USB Ethernet, requires miibus
#device aue # ADMtek USB Ethernet
#device axe # ASIX Electronics USB Ethernet
#device cdce # Generic USB over Ethernet
#device cue # CATC USB Ethernet
#device kue # Kawasaki LSI USB Ethernet
#device rue # RealTek RTL8150 USB Ethernet
#device udav # Davicom DM9601E USB
# USB Wireless
#device rum # Ralink Technology RT2501USB wireless NICs
#device uath # Atheros AR5523 wireless NICs
#device ural # Ralink Technology RT2500USB wireless NICs
#device zyd # ZyDAS zb1211/zb1211b wireless NICs

# FireWire support
#device firewire # FireWire bus code
#device sbp # SCSI over FireWire (Requires scbus and da)
#device fwe # Ethernet over FireWire (non-standard!)
#device fwip # IP over FireWire (RFC 2734,3146)
#device dcons # Dumb console driver
#device dcons_crom # Configuration ROM for dcons

options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_SOCKET
options NETGRAPH_TEE
options NETGRAPH_MPPC_ENCRYPTION
#options NETGRAPH_MPPC_COMPRESSION
options NETGRAPH_BPF
options NETGRAPH_IFACE
options NETGRAPH_KSOCKET
options NETGRAPH_PPP
options NETGRAPH_PPTPGRE
options NETGRAPH_TCPMSS
options NETGRAPH_VJC
options NETGRAPH_ONE2MANY
options NETGRAPH_RFC1490
options NETGRAPH_TEE
options NETGRAPH_TTY
options NETGRAPH_UI
options NETGRAPH_ASYNC
#options NETGRAPH_TTY 

И "хинты" для ядра SOEKRIS.hints:

hint.fdc.0.at="isa"
hint.fdc.0.port="0x3F0"
hint.fdc.0.irq="6"
hint.fdc.0.drq="2"
hint.fd.0.at="fdc0"
hint.fd.0.drive="0"
hint.fd.1.at="fdc0"
hint.fd.1.drive="1"
hint.ata.0.at="isa"
hint.ata.0.port="0x1F0"
hint.ata.0.irq="14"
hint.ata.1.at="isa"
hint.ata.1.port="0x170"
hint.ata.1.irq="15"
hint.adv.0.at="isa"
hint.adv.0.disabled="1"
hint.bt.0.at="isa"
hint.bt.0.disabled="1"
hint.aha.0.at="isa"
hint.aha.0.disabled="1"
hint.aic.0.at="isa"
hint.aic.0.disabled="1"
hint.atkbdc.0.at="isa"
hint.atkbdc.0.port="0x060"
hint.atkbd.0.at="atkbdc"
hint.atkbd.0.irq="1"
hint.psm.0.at="atkbdc"
hint.psm.0.irq="12"
hint.vga.0.at="isa"
hint.sc.0.at="isa"
hint.sc.0.flags="0x100"
hint.vt.0.at="isa"
hint.vt.0.disabled="1"
hint.apm.0.disabled="1"
hint.apm.0.flags="0x20"
hint.sio.0.at="isa"
hint.sio.0.port="0x3F8"
hint.sio.0.flags="0x10"
hint.sio.0.irq="4"
hint.sio.1.at="isa"
hint.sio.1.port="0x2F8"
hint.sio.1.irq="3"
hint.sio.2.at="isa"
hint.sio.2.disabled="1"
hint.sio.2.port="0x3E8"
hint.sio.2.irq="5"
hint.sio.3.at="isa"
hint.sio.3.disabled="1"
hint.sio.3.port="0x2E8"
hint.sio.3.irq="9"
hint.ppc.0.at="isa"
hint.ppc.0.irq="7"
hint.ed.0.at="isa"
hint.ed.0.disabled="1"
hint.ed.0.port="0x280"
hint.ed.0.irq="10"
hint.ed.0.maddr="0xd8000"
hint.cs.0.at="isa"
hint.cs.0.disabled="1"
hint.cs.0.port="0x300"
hint.sn.0.at="isa"
hint.sn.0.disabled="1"
hint.sn.0.port="0x300"
hint.sn.0.irq="10"
hint.ie.0.at="isa"
hint.ie.0.disabled="1"
hint.ie.0.port="0x300"
hint.ie.0.irq="10"
hint.ie.0.maddr="0xd0000"
hint.fe.0.at="isa"
hint.fe.0.disabled="1"
hint.fe.0.port="0x300"
hint.lnc.0.at="isa"
hint.lnc.0.disabled="1"
hint.lnc.0.port="0x280"
hint.lnc.0.irq="10"
hint.lnc.0.drq="0" 

Сборку начал стандартным способом:

/bin/sh nanobsd.sh -c soekris.conf

После запуска сборки ушел курить/пить_кофе/курить/пить_кофе и, еще чуть-чуть подождав, получил образ диска в /usr/obj/nanobsd.net4511/_.disk.full и скинул его на песочницу.
Присоединенная к песочнице (с GNU/Linux на борту) флеш-карта у меня определилась как /dev/sdb, вот туда, собственно, я и залил образ диска:

dd if=/usr/obj/nanobsd.net4511/_.disk.full of=/dev/sdb

В течении минуты потушил компьютер, на котором собирал систему, вытащил флеш-карту с песочницы и вставил ее в Soekris. Консольным (RS232) шнуром присоединил к рабочей машине и PuTTY'ком присоединился к железке (/dev/ttyUSB0, 9600 (сама железяка работает на 19200, но свежесобранная система именно на 9600), без управления потоком).
Для того, чтобы работал PPTP, необходимо доставить еще два пакета:

mount -o rw /dev/ad0s1a /
mount /cfg
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.1-RELEASE/packages/devel/libp11-0.2.7.tbz
pkg_add libp11-0.2.7.tbz
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/8.1-RELEASE/packages/net/mpd-5.5.tbz
pkg_add mpd-5.5.tbz
touch /usr/local/etc/mpd5/mpd.conf 

В /cfg создал несколько файлов и каталогов, которые должны будут после перезагрузки присутствовать в /etc (rc.conf, rc.local ppp/ppp.conf и пр.)
В ppp.conf внес настройки для подключения GPRS:

default:
 set log Phase Chat LCP IPCP CCP tun command

gprs:
 disable pred1 deflate deflate24 protocomp acfcomp shortseq vj
 deny pred1 deflate deflate24 protocomp acfcomp shortseq vj
 set speed 921600
 set mtu maximum 576
 set timeout 0
 set redial 10 10
 enable dns
 set device /dev/cuaU0.0
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK ATE0V1 OK  AT+CGDCONT=1,\\\"IP\\\",\\\"www.umc.ua\\\",\\\"0.0.0.0\\\",0,0 OK \\dATDT\\T TIMEOUT 400 CONNECT"
 set logout "ABORT BUSY ABORT ERROR TIMEOUT 300 \"\" +++ATH OK-ATH-OK ATZ OK"
 set phone "*99***1#"
 set login
 set authname ""
 set authkey ""
 set timeout 0
 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255
 add default HISADDR 

А в mpd.conf для построения тоннеля:

default:
 load vpn

vpn:
 create bundle static B1
 set ipcp ranges 0.0.0.0/0 0.0.0.0/0
 create link static L1 pptp
 set link action bundle B1
 set auth authname "Логин"
 set auth password "Пароль"
 set link max-redial 0
 set link mtu 1460
 set link keep-alive 20 75
 set pptp peer PPTP-сервер
 set pptp disable windowing
 open 

Так же в процессе "подстройки" под себя, сменил пароль да скопировал passwd, pwd.db, spwd.db в /cfg, сгенерировал ключи для ssh и тоже туда слил, и т. д и т. п. Проверил систему после ребута - все работает. Вот и славно.

"Девственно" чистый образ для 128 МБайт флешки и дальнейшей настройки можно взять здесь.
А еще вот конфиги ядра, "подсказок" для него и конфиг для nanoBSD.