FreeBSD PPTP server

cd /usr/ports/net/mpd5
make config
make install clean

mpd_enable="YES"

sysctl net.inet.ip.forwarding=1
sysctl net.inet.ip.forwarding

startup:
    set user ${admin_username} password ${admin_password}
    set console self 127.0.0.1 5005
    set console open
    set web self 0.0.0.0 5006
    set web open
default:
    load pptp_server
pptp_server:
    set ippool add pool1 ${pool_start_ip} ${pool_end_ip}
    create bundle template B
    set iface enable proxy-arp
    set iface idle 1800
    set iface enable tcpmssfix
    set iface route ${pool_gateway_ip}
    set ipcp yes vjcomp
    set ipcp ranges ${pool_gateway_ip}/32 ippool pool1
    set ipcp dns ${pool_dns_1} ${pool_dns_2}
    set ipcp nbns ${pool_wins_server}
    set bundle enable compression
    set ccp yes mppc
    set mppc yes e40
    set mppc yes e128
    set mppc yes stateless
    create link template L pptp
    set link fsm-timeout 5
    set link action bundle B
    set link enable multilink
    set link yes acfcomp protocomp
    set link no pap chap eap chap-msv2
    set link enable chap chap-msv2 eap
    set link accept chap-msv2 
    set link keep-alive 10 60
    set link mtu 1460
    set pptp self ${external_ip}
    set link enable incoming

${username}     "${password}"

gateway_enable="YES"

sysctl net.inet.ip.forwarding=1
sysctl net.inet.ip.forwarding

${pool_ip} ${ext_if_max} pub

/usr/sbin/arp -f /etc/arp.table

allow = "{ x.x.x.x }"
vpn_ip= "x.x.x.x/y"
ext_ip= "x.x.x.x"

#private ip only(NAT to public IP)
#nat on vmx0 from $vpn_ip to any -> $ext_ip

set skip on lo
block in log all 
pass out all keep state
pass in quick proto icmp

pass inet proto {tcp, udp} from $allow to any keep state
pass in on vmx0 proto tcp from any to any port 1723 keep state
pass in proto gre all keep state

pass from $vpn_ip to any
pass from any to $vpn_ip

pfctl -vnf /etc/pf.conf # check pf config, not load
pfctl -f /etc/pf.conf
/usr/sbin/arp -f /etc/arp.table
service mpd5 restart