diff --git a/net/l2tp/Makefile b/net/l2tp/Makefile new file mode 100644 index 000000000..2fc69b5ad --- /dev/null +++ b/net/l2tp/Makefile @@ -0,0 +1,8 @@ +PLUGIN_NAME= l2tp +PLUGIN_PRIVATE= yes +PLUGIN_VERSION= 0.1 +PLUGIN_DEPENDS= mpd5 +PLUGIN_COMMENT= LT2P server based on MPD5 +PLUGIN_MAINTAINER= franco@opnsense.org + +.include "../../Mk/plugins.mk" diff --git a/net/l2tp/src/etc/inc/plugins.inc.d/if_l2tp.inc b/net/l2tp/src/etc/inc/plugins.inc.d/if_l2tp.inc new file mode 100644 index 000000000..b8cd221f8 --- /dev/null +++ b/net/l2tp/src/etc/inc/plugins.inc.d/if_l2tp.inc @@ -0,0 +1,275 @@ + + * Copyright (C) 2008 Shrew Soft Inc + * Copyright (C) 2008 Ermal Luçi + * Copyright (C) 2004 Scott Ullrich + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +function if_l2tp_configure() +{ + return array('if_l2tp_configure_do'); +} + +function if_l2tp_services() +{ + global $config; + + $services = array(); + + if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == 'server') { + $services[] = array( + 'description' => gettext('L2TP Server'), + 'pidfile' => '/var/run/l2tp-vpn.pid', + 'php' => array( + 'restart' => array('if_l2tp_configure_do'), + 'start' => array('if_l2tp_configure_do'), + ), + 'name' => 'l2tpd', + ); + } + + return $services; +} + +/** + * request syslog facilities for this plugin + * @return array + */ +function if_l2tp_syslog() +{ + $logfacilities = array(); + + $logfacilities['l2tps'] = array('facility' => array('l2tps'), 'remote' => null); + + return $logfacilities; +} + +function if_l2tp_link_scripts($rootdir, $logtype = 'l2tp') +{ + $up = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "login,%s,$4,$5" + +EOD; + $down = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "logout,%s,$4,$5" + +/sbin/pfctl -i $1 -Fs +/sbin/pfctl -K $4/32 + +EOD; + + file_put_contents($rootdir . '/linkup', sprintf($up, $logtype)); + file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype)); + + chmod($rootdir . '/linkup', 0755); + chmod($rootdir . '/linkdown', 0755); +} + +function if_l2tp_configure_do() +{ + global $config; + + killbypid('/var/run/l2tp-vpn.pid', 'TERM', true); + mwexec('rm -rf /var/etc/l2tp-vpn'); + + $syscfg = $config['system']; + if (isset($config['l2tp'])) { + $l2tpcfg = $config['l2tp']; + } else { + return 0; + } + + if (!isset($l2tpcfg['mode']) || $l2tpcfg['mode'] != 'server') { + return 0; + } + + if (file_exists('/var/run/booting')) { + echo gettext('Configuring L2TP VPN service...'); + } + + switch ($l2tpcfg['mode']) { + case 'server': + + mkdir('/var/etc/l2tp-vpn'); + if_l2tp_link_scripts('/var/etc/l2tp-vpn'); + + $fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w"); + if (!$fd) { + printf(gettext("Error: cannot open mpd.conf in if_l2tp_configure().") . "\n"); + return 1; + } + + $iprange = $l2tpcfg['remoteip'] . ' '; + $iprange .= long2ip32(ip2long($l2tpcfg['remoteip']) + $l2tpcfg['n_l2tp_units'] - 1); + + $iptype = "ippool pool1"; + if (isset($l2tpcfg['radius']['enable']) && isset($l2tpcfg['radius']['radiusissueips'])) { + $iptype = "0.0.0.0/0"; + } + + $mpdconf = << true); + $oic['virtual'] = true; + $oic['networks'] = array(); + $oic['if'] = 'l2tp'; + $oic['descr'] = 'L2TP'; + $mask = !empty($config['l2tp']['l2tp_subnet']) ? $config['l2tp']['l2tp_subnet'] : 32; + $oic['networks'][] = array("network" => gen_subnet($config['l2tp']['remoteip'], $mask), "mask" => $mask); + $interfaces['l2tp'] = $oic; + } + + return $interfaces; +} diff --git a/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/ACL/ACL.xml b/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/ACL/ACL.xml new file mode 100644 index 000000000..32095ea26 --- /dev/null +++ b/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/ACL/ACL.xml @@ -0,0 +1,31 @@ + + + + WebCfg - Diagnostics: Logs: L2TP page + Allow access to the 'Diagnostics: Logs: L2TP' page. + + diag_logs_l2tp.php* + + + + WebCfg - VPN: L2TP page + Allow access to the 'VPN: L2TP' page. + + vpn_l2tp.php* + + + + WebCfg - VPN: L2TP: Users : Edit page + Allow access to the 'VPN: L2TP: Users : Edit' page. + + vpn_l2tp_users_edit.php* + + + + WebCfg - VPN: L2TP: Users page + Allow access to the 'VPN: L2TP : Users' page. + + vpn_l2tp_users.php* + + + diff --git a/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/Menu/Menu.xml b/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/Menu/Menu.xml new file mode 100644 index 000000000..774d3fdc7 --- /dev/null +++ b/net/l2tp/src/opnsense/mvc/app/models/OPNsense/L2TP/Menu/Menu.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/net/l2tp/src/www/diag_logs_l2tp.inc b/net/l2tp/src/www/diag_logs_l2tp.inc new file mode 100644 index 000000000..aa7ae1f98 --- /dev/null +++ b/net/l2tp/src/www/diag_logs_l2tp.inc @@ -0,0 +1,126 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("system.inc"); +require_once('services.inc'); +require_once('plugins.inc'); +require_once("interfaces.inc"); + +if (empty($config['syslog']['nentries'])) { + $nentries = 50; +} else { + $nentries = $config['syslog']['nentries']; +} + +if ($_POST['clear']) { + clear_clog($logfile); +} + +function dump_clog_vpn($file, $tail, $type) +{ + global $config; + + $sort = isset($config['syslog']['reverse']) ? '-r' : ''; + $logarr = array(); + + exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split('/\s+/', $logent, 6); + $llent = explode(',', $logent[5]); + + if ($llent[1] !== $type) { + continue; + } + + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + + if ($llent[0] == "login") { + echo "\n"; + } else { + echo "\n"; + } + + echo "" . htmlspecialchars($llent[3]) . "\n"; + echo "" . htmlspecialchars($llent[2]) . " \n"; + echo "\n"; + } +} + +include("head.inc"); +?> + + + + +
+
+
+
+
+
+ + + + + + + + + + + + + + + + +
+
    + +
  • class="active">
    • + +
+
+
+ + " /> +
+
+
+
+
+
+
+
+ diff --git a/net/l2tp/src/www/diag_logs_l2tp.php b/net/l2tp/src/www/diag_logs_l2tp.php new file mode 100644 index 000000000..78b3bc6e7 --- /dev/null +++ b/net/l2tp/src/www/diag_logs_l2tp.php @@ -0,0 +1,25 @@ += $subnet_start) && + (ip2ulong($_POST['localip']) <= $subnet_end)) { + $input_errors[] = gettext("The specified server address lies in the remote subnet."); + } + } + } + + if (!$input_errors) { + $l2tpcfg['remoteip'] = $_POST['remoteip']; + $l2tpcfg['localip'] = $_POST['localip']; + $l2tpcfg['mode'] = $_POST['mode']; + $l2tpcfg['interface'] = $_POST['interface']; + $l2tpcfg['n_l2tp_units'] = $_POST['n_l2tp_units']; + + $l2tpcfg['radius']['server'] = $_POST['radiusserver']; + $l2tpcfg['radius']['secret'] = $_POST['radiussecret']; + $l2tpcfg['secret'] = $_POST['secret']; + + if ($_POST['wins']) { + $l2tpcfg['wins'] = $_POST['wins']; + } else { + unset($l2tpcfg['wins']); + } + + $l2tpcfg['paporchap'] = $_POST['paporchap']; + + + if ($_POST['l2tp_dns1'] == "") { + if (isset($l2tpcfg['dns1'])) { + unset($l2tpcfg['dns1']); + } + } else { + $l2tpcfg['dns1'] = $_POST['l2tp_dns1']; + } + + if ($_POST['l2tp_dns2'] == "") { + if (isset($l2tpcfg['dns2'])) { + unset($l2tpcfg['dns2']); + } + } else { + $l2tpcfg['dns2'] = $_POST['l2tp_dns2']; + } + + if ($_POST['radiusenable'] == "yes") { + $l2tpcfg['radius']['enable'] = true; + } else { + unset($l2tpcfg['radius']['enable']); + } + + if ($_POST['radacct_enable'] == "yes") { + $l2tpcfg['radius']['accounting'] = true; + } else { + unset($l2tpcfg['radius']['accounting']); + } + + if ($_POST['radiusissueips'] == "yes") { + $l2tpcfg['radius']['radiusissueips'] = true; + } else { + unset($l2tpcfg['radius']['radiusissueips']); + } + + write_config(); + + vpn_l2tp_configure(); + header("Location: vpn_l2tp.php"); + exit; + } +} + +$service_hook = 'l2tpd'; +legacy_html_escape_form_data($pconfig); +include("head.inc"); +?> + + + +
+
+
+ 0) { + print_input_errors($input_errors); + } + if (isset($savemsg)) { + print_info_box($savemsg); + } + ?> +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ /> + +   + /> +
+ +
+ + +
+ + +
+ + +
+ + +
+ + +
+
+ + +
+ +
+ /> +
+ + /> +
+ +
+ + +
+ + +
+ > + +
+ " /> +
+ +
+
+
+
+
+
+
+
+gettext("add user"), 'href'=>'vpn_l2tp_users_edit.php'), +); +?> + + + + +
+
+
+
+ " . gettext("You must apply the changes in order for them to take effect") . ".
" . gettext("Warning: this will terminate all current l2tp sessions!") . "");?> + +
+
+
+
+ + + + + + + + + + + + + +
+ +   + + + +
+
+
+
+
+
+
+
+ + + + + +
+
+
+ + 0) { + print_input_errors($input_errors); + } ?> +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ +
+
+ +  () +
+
+ +
+ + +
  + + " onclick="window.location.href=''" /> + + + +
+
+
+
+
+
+
+
+ + * Copyright (C) 2008 Shrew Soft Inc + * Copyright (C) 2008 Ermal Luçi + * Copyright (C) 2004 Scott Ullrich + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +function if_pppoe_configure() +{ + return array('if_pppoe_configure_do'); +} + +function if_pppoe_services() +{ + global $config; + + $services = array(); + + if (isset($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoecfg) { + if (isset($pppoecfg['mode']) && $pppoecfg['mode'] == 'server') { + $services[] = array( + /* XXX clean up name printing */ + 'description' => gettext('PPPoE Server') . ': ' . htmlspecialchars($pppoecfg['descr']), + 'php' => array( + 'restart' => array('if_pppoe_configure_by_id'), + 'start' => array('if_pppoe_configure_by_id'), + 'args' => array('id'), + ), + 'pidfile' => "/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid", + 'id' => $pppoecfg['pppoeid'], + 'name' => 'pppoed', + ); + } + } + } + + return $services; +} + +/** + * request syslog facilities for this plugin + * @return array + */ +function if_pppoe_syslog() +{ + $logfacilities = array(); + + $logfacilities['poes'] = array('facility' => array('poes'), 'remote' => null); + + return $logfacilities; +} + +function if_pppoe_link_scripts($rootdir, $logtype = 'poes') +{ + $up = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "login,%s,$4,$5" + +EOD; + $down = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "logout,%s,$4,$5" + +/sbin/pfctl -i $1 -Fs +/sbin/pfctl -K $4/32 + +EOD; + + file_put_contents($rootdir . '/linkup', sprintf($up, $logtype)); + file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype)); + + chmod($rootdir . '/linkup', 0755); + chmod($rootdir . '/linkdown', 0755); +} + +function if_pppoe_configure_do() +{ + global $config; + + if (isset($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { + if_pppoe_configure_single($pppoe); + } + } +} + +function if_pppoe_configure_by_id($id) +{ + global $config; + + $found = null; + + if (isset($config['pppoes']['pppoe'])) { + foreach ($config['pppoes']['pppoe'] as $pppoe) { + if ($id != 0 && $id == $pppoe['pppoeid']) { + $found = $pppoe; + break; + } + } + } + + if ($found == null) { + return; + } + + if_pppoe_configure_single($found); +} + +function if_pppoe_configure_single(&$pppoecfg) +{ + global $config; + + $syscfg = $config['system']; + + killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid", 'TERM', true); + mwexec("rm -rf /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn"); + + if (!isset($pppoecfg['mode']) || $pppoecfg['mode'] != 'server') { + return 0; + } + + if (file_exists('/var/run/booting')) { + echo gettext("Configuring PPPoE VPN service..."); + } + + switch ($pppoecfg['mode']) { + case 'server': + mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn"); + if_pppoe_link_scripts("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn"); + + $pppoe_interface = get_real_interface($pppoecfg['interface']); + + $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w"); + if (!$fd) { + printf(gettext("Error: cannot open mpd.conf in if_pppoe_configure().") . "\n"); + return 1; + } + + $iprange = $pppoecfg['remoteip'] . ' '; + $iprange .= long2ip32(ip2long($pppoecfg['remoteip']) + $pppoecfg['n_pppoe_units'] - 1); + + $iptype = 'ippool pool1'; + if (isset($pppoecfg['radius']['server']['enable']) && isset($pppoecfg['radius']['radiusissueips'])) { + $iptype = '0.0.0.0/0'; + } + + $mpdconf = << array()); + foreach($config['pppoes']['pppoe'] as $pppoe) { + if ($pppoe['mode'] == "server") { + $mask = !empty($pppoe['pppoe_subnet']) ? $pppoe['pppoe_subnet'] : 32; + $pppoeifs['networks'][] = array("network" => gen_subnet($pppoe['remoteip'], $mask), "mask" => $mask); + } + } + if (count($pppoeifs['networks'])) { + $pppoeifs['enable'] = true; + $pppoeifs['virtual'] = true; + $pppoeifs['if'] = 'pppoe'; + $pppoeifs['descr'] = 'pppoe'; + $interfaces['pppoe'] = $pppoeifs; + } + } + + return $interfaces; +} diff --git a/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/ACL/ACL.xml b/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/ACL/ACL.xml new file mode 100644 index 000000000..1461b5889 --- /dev/null +++ b/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/ACL/ACL.xml @@ -0,0 +1,24 @@ + + + + WebCfg - Diagnostics: Logs: PPPoE page + Allow access to the 'Diagnostics: Logs: PPPoE' page. + + diag_logs_poes.php* + + + + WebCfg - Services: PPPoE Server page + Allow access to the 'Services: PPPoE Server' page. + + vpn_pppoe.php* + + + + WebCfg - Services: PPPoE Server: Edit page + Allow access to the 'Services: PPPoE Server: Edit' page. + + vpn_pppoe_edit.php* + + + diff --git a/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/Menu/Menu.xml b/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/Menu/Menu.xml new file mode 100644 index 000000000..1cfd5d311 --- /dev/null +++ b/net/pppoe/src/opnsense/mvc/app/models/OPNsense/PPPoE/Menu/Menu.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/net/pppoe/src/www/diag_logs_poes.inc b/net/pppoe/src/www/diag_logs_poes.inc new file mode 100644 index 000000000..aa7ae1f98 --- /dev/null +++ b/net/pppoe/src/www/diag_logs_poes.inc @@ -0,0 +1,126 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("system.inc"); +require_once('services.inc'); +require_once('plugins.inc'); +require_once("interfaces.inc"); + +if (empty($config['syslog']['nentries'])) { + $nentries = 50; +} else { + $nentries = $config['syslog']['nentries']; +} + +if ($_POST['clear']) { + clear_clog($logfile); +} + +function dump_clog_vpn($file, $tail, $type) +{ + global $config; + + $sort = isset($config['syslog']['reverse']) ? '-r' : ''; + $logarr = array(); + + exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split('/\s+/', $logent, 6); + $llent = explode(',', $logent[5]); + + if ($llent[1] !== $type) { + continue; + } + + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + + if ($llent[0] == "login") { + echo "\n"; + } else { + echo "\n"; + } + + echo "" . htmlspecialchars($llent[3]) . "\n"; + echo "" . htmlspecialchars($llent[2]) . " \n"; + echo "\n"; + } +} + +include("head.inc"); +?> + + + + +
+
+
+
+
+
+ + + + + + + + + + + + + + + + +
+
    + +
  • class="active">
    • + +
+
+
+ + " /> +
+
+
+
+
+
+
+
+ diff --git a/net/pppoe/src/www/diag_logs_poes.php b/net/pppoe/src/www/diag_logs_poes.php new file mode 100644 index 000000000..59c7a7e91 --- /dev/null +++ b/net/pppoe/src/www/diag_logs_poes.php @@ -0,0 +1,23 @@ +gettext("add a new pppoe instance"), 'href'=>'vpn_pppoe_edit.php'), +); + +?> + + + + +
+
+
+
+ " . gettext("You must apply the changes in order for them to take effect."));?> + +
+
+
+
+ + + + + + + + + + + + + + + + + +
+
+ " class="btn btn-default btn-xs"> + + + +
+
+
+
+
+
+
+
+ $usr) { + if (empty($pconfig['users_password'][$item_idx])) { + $input_errors[] = sprintf(gettext("No password specified for username %s"), $usr); + } + if ($pconfig['users_ip'][$item_idx] <> "" && !is_ipaddr($pconfig['users_ip'][$item_idx])) { + $input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $usr); + } + } + + if ($pconfig['mode'] == "server") { + $reqdfields = explode(" ", "localip remoteip"); + $reqdfieldsn = array(gettext("Server address"),gettext("Remote start address")); + + if (!empty($pconfig['radiusenable'])) { + $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); + $reqdfieldsn = array_merge( + $reqdfieldsn, + array(gettext("RADIUS server address"),gettext("RADIUS shared secret")) + ); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (!empty($pconfig['localip']) && !is_ipaddr($pconfig['localip'])) { + $input_errors[] = gettext("A valid server address must be specified."); + } + if (!empty($pconfig['pppoe_subnet']) && !is_ipaddr($pconfig['remoteip'])) { + $input_errors[] = gettext("A valid remote start address must be specified."); + } + if (!empty($pconfig['radiusserver']) && !is_ipaddr($pconfig['radiusserver'])) { + $input_errors[] = gettext("A valid RADIUS server address must be specified."); + } + + $subnet_start = ip2ulong($pconfig['remoteip']); + $subnet_end = ip2ulong($pconfig['remoteip']) + $pconfig['pppoe_subnet'] - 1; + if ((ip2ulong($pconfig['localip']) >= $subnet_start) && + (ip2ulong($pconfig['localip']) <= $subnet_end)) { + $input_errors[] = gettext("The specified server address lies in the remote subnet."); + } + } + + if (!empty($pconfig['pppoeid']) && !is_numeric($_POST['pppoeid'])) { + $input_errors[] = gettext("Wrong data submitted"); + } + + if (count($input_errors) == 0) { + $pppoecfg = array(); + // convert user/pass/ip combination + $pconfig['username'] = array(); + foreach ($pconfig['users_username'] as $item_idx => $usr) { + $user_item = $usr . ":" . base64_encode($pconfig['users_password'][$item_idx]) ; + if (!empty($pconfig['users_ip'][$item_idx])) { + $user_item .= ":".$pconfig['users_ip'][$item_idx]; + } + $pconfig['username'][] = $user_item ; + } + if (count($pconfig['username']) > 0) { + $pppoecfg['username'] = implode(' ', $pconfig['username']); + } + + // copy simple fields + foreach ($copy_fields as $fieldname) { + if (isset($pconfig[$fieldname]) && $pconfig[$fieldname] != "") { + $pppoecfg[$fieldname] = $pconfig[$fieldname]; + } + } + + // radius settings (array) + if (!empty($pconfig['radiusserver']) || !empty($pconfig['radiusserver2'])) { + $pppoecfg['radius'] = array(); + $pppoecfg['radius']['server']['enable'] = !empty($pconfig['radiusenable']); + $pppoecfg['radius']['server2']['enable'] = !empty($pconfig['radiussecenable']); + $pppoecfg['radius']['accounting'] = !empty($pconfig['radacct_enable']); + $pppoecfg['radius']['radiusissueips'] = !empty($pconfig['radiusissueips']); + $pppoecfg['radius']['nasip'] = $pconfig['radius_nasip']; + $pppoecfg['radius']['acct_update'] = $pconfig['radius_acct_update']; + } + if (!empty($pconfig['radiusserver'])) { + $pppoecfg['radius']['server'] = array(); + $pppoecfg['radius']['server']['ip'] = $pconfig['radiusserver']; + $pppoecfg['radius']['server']['secret'] = $pconfig['radiussecret']; + $pppoecfg['radius']['server']['port'] = $pconfig['radiusserverport']; + $pppoecfg['radius']['server']['acctport'] = $pconfig['radiusserveracctport']; + } + if (!empty($pconfig['radiusserver2'])) { + $pppoecfg['radius']['server2'] = array(); + $pppoecfg['radius']['server2']['ip'] = $pconfig['radiusserver2']; + $pppoecfg['radius']['server2']['secret2'] = $pconfig['radiussecret2']; + $pppoecfg['radius']['server2']['port'] = $pconfig['radiusserver2port']; + $pppoecfg['radius']['server2']['acctport'] = $pconfig['radiusserver2acctport']; + } + + if (!isset($pconfig['pppoeid'])) { + $pppoecfg['pppoeid'] = vpn_pppoe_get_id(); + } + + if (file_exists('/tmp/.vpn_pppoe.apply')) { + $toapplylist = unserialize(file_get_contents('/tmp/.vpn_pppoe.apply')); + } else { + $toapplylist = array(); + } + + $toapplylist[] = $pppoecfg['pppoeid']; + if (!isset($id)) { + $a_pppoes[] = $pppoecfg; + } else { + $a_pppoes[$id] = $pppoecfg; + } + + write_config(); + mark_subsystem_dirty('vpnpppoe'); + file_put_contents('/tmp/.vpn_pppoe.apply', serialize($toapplylist)); + header("Location: vpn_pppoe.php"); + exit; + } +} + +include("head.inc"); +legacy_html_escape_form_data($pconfig); +?> + + + + + +
+
+
+ 0) { + print_input_errors($input_errors); + }?> +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ /> + +   + /> +
+ +
+ + +
+ + +
+ + +
+ + +
+ +
+ +
+ + +
+ /> +
+ + /> +
+ + /> +
+ +
+ + +
+ + +
+ /> + +
+ + + + + + + + + + + + + + + +
+ +
+ + +
+ + + + + + + + + + + + + + + +
+ +
+ + +
+ + + + + + + + + + + $user):?> + + + + + + + + + + + + + +
+
+ 		+ + + + + +
+
+
+
  +"; + } + if (!empty($pconfig['pppoeid'])) { + echo ""; + } + ?> + " /> + " /> +
+ +
+
+
+
+
+
+
+
+ + * Copyright (C) 2008 Shrew Soft Inc + * Copyright (C) 2008 Ermal Luçi + * Copyright (C) 2004 Scott Ullrich + * Copyright (C) 2003-2004 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +function if_pptp_configure() +{ + return array('if_pptp_configure_do'); +} + +function if_pptp_services() +{ + global $config; + + $services = array(); + + if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == 'server') { + $services[] = array( + 'description' => gettext('PPTP Server'), + 'pidfile' => '/var/run/pptp-vpn.pid', + 'php' => array( + 'restart' => array('if_pptp_configure_do'), + 'start' => array('if_pptp_configure_do'), + ), + 'name' => 'pptpd', + ); + } + + return $services; +} + +/** + * request syslog facilities for this plugin + * @return array + */ +function if_pptp_syslog() +{ + $logfacilities = array(); + + $logfacilities['pptps'] = array('facility' => array('pptps'), 'remote' => null); + + return $logfacilities; +} + +function if_pptp_link_scripts($rootdir, $logtype = 'pptp') +{ + $up = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "login,%s,$4,$5" + +EOD; + $down = <<<'EOD' +#!/bin/sh + +/usr/bin/logger -p local3.info "logout,%s,$4,$5" + +/sbin/pfctl -i $1 -Fs +/sbin/pfctl -K $4/32 + +EOD; + + file_put_contents($rootdir . '/linkup', sprintf($up, $logtype)); + file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype)); + + chmod($rootdir . '/linkup', 0755); + chmod($rootdir . '/linkdown', 0755); +} + +function if_pptp_configure_do() +{ + global $config; + + $syscfg = $config['system']; + $pptpdcfg = $config['pptpd']; + + killbypid('/var/run/pptp-vpn.pid', 'TERM', true); + mwexec('rm -rf /var/etc/pptp-vpn'); + + if (!isset($pptpdcfg['mode']) || $pptpdcfg['mode'] != 'server') { + return 0; + } + + if (file_exists('/var/run/booting')) { + echo gettext("Configuring PPTP VPN service..."); + } + + switch ($pptpdcfg['mode']) { + case 'server': + mkdir('/var/etc/pptp-vpn'); + if_pptp_link_scripts('/var/etc/pptp-vpn'); + + $fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w'); + if (!$fd) { + printf(gettext("Error: cannot open mpd.conf in if_pptp_configure().") . "\n"); + return 1; + } + + $iprange = $pptpdcfg['remoteip'] . ' '; + $iprange .= long2ip32(ip2long($pptpdcfg['remoteip']) + $pptpdcfg['n_pptp_units'] - 1); + + $mpdconf = << 1) ? $pptpdcfg['radius']['server']['port'] : 1812; + $acctport = $authport + 1; + $mpdconf .=<< 1) ? $pptpdcfg['radius']['server2']['port'] : 1812; + $acctport = $authport + 1; + $mpdconf .=<< true); + $oic['networks'] = array(); + $oic['virtual'] = true; + $oic['if'] = 'pptp'; + $oic['descr'] = 'pptp'; + $mask = !empty($config['pptpd']['pptp_subnet']) ? $config['pptpd']['pptp_subnet'] : 32; + if (isset($config['pptpd']['n_pptp_units']) && is_numeric($config['pptpd']['n_pptp_units'])) { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], + long2ip32(ip2long($config['pptpd']['remoteip'])+($config['pptpd']['n_pptp_units']-1))); + } else { + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], + long2ip32(ip2long($config['pptpd']['remoteip']))); + } + foreach ($pptp_subnets as $pptp_subnet) { + $snparts = explode("/", $pptp_subnet); + $oic['networks'][] = array("network" => $snparts[0], "mask" => $snparts[1]); + } + $interfaces['pptp'] = $oic; + } + + return $interfaces; +} diff --git a/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/ACL/ACL.xml b/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/ACL/ACL.xml new file mode 100644 index 000000000..b32bd4733 --- /dev/null +++ b/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/ACL/ACL.xml @@ -0,0 +1,31 @@ + + + + WebCfg - Diagnostics: Logs: PPTP page + Allow access to the 'Diagnostics: Logs: PPTP' page. + + diag_logs_pptp.php* + + + + WebCfg - VPN: PPTP page + Allow access to the 'VPN: PPTP' page. + + vpn_pptp.php* + + + + WebCfg - VPN: PPTP: User: Edit page + Allow access to the 'VPN: PPTP: User: Edit' page. + + vpn_pptp_users_edit.php* + + + + WebCfg - VPN: PPTP: Users page + Allow access to the 'VPN: PPTP: Users' page. + + vpn_pptp_users.php* + + + diff --git a/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/Menu/Menu.xml b/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/Menu/Menu.xml new file mode 100644 index 000000000..7f2ebae21 --- /dev/null +++ b/net/pptp/src/opnsense/mvc/app/models/OPNsense/PPTP/Menu/Menu.xml @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/net/pptp/src/www/diag_logs_pptp.inc b/net/pptp/src/www/diag_logs_pptp.inc new file mode 100644 index 000000000..aa7ae1f98 --- /dev/null +++ b/net/pptp/src/www/diag_logs_pptp.inc @@ -0,0 +1,126 @@ + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once("guiconfig.inc"); +require_once("system.inc"); +require_once('services.inc'); +require_once('plugins.inc'); +require_once("interfaces.inc"); + +if (empty($config['syslog']['nentries'])) { + $nentries = 50; +} else { + $nentries = $config['syslog']['nentries']; +} + +if ($_POST['clear']) { + clear_clog($logfile); +} + +function dump_clog_vpn($file, $tail, $type) +{ + global $config; + + $sort = isset($config['syslog']['reverse']) ? '-r' : ''; + $logarr = array(); + + exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split('/\s+/', $logent, 6); + $llent = explode(',', $logent[5]); + + if ($llent[1] !== $type) { + continue; + } + + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + + if ($llent[0] == "login") { + echo "\n"; + } else { + echo "\n"; + } + + echo "" . htmlspecialchars($llent[3]) . "\n"; + echo "" . htmlspecialchars($llent[2]) . " \n"; + echo "\n"; + } +} + +include("head.inc"); +?> + + + + +
+
+
+
+
+
+ + + + + + + + + + + + + + + + +
+
    + +
  • class="active">
    • + +
+
+
+ + " /> +
+
+
+
+
+
+
+
+ diff --git a/net/pptp/src/www/diag_logs_pptp.php b/net/pptp/src/www/diag_logs_pptp.php new file mode 100644 index 000000000..4a08e2f73 --- /dev/null +++ b/net/pptp/src/www/diag_logs_pptp.php @@ -0,0 +1,25 @@ +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once('guiconfig.inc'); +require_once('interfaces.inc'); +require_once('filter.inc'); +require_once('services.inc'); +require_once("system.inc"); +require_once("plugins.inc"); +require_once("pfsense-utils.inc"); +require_once('plugins.inc.d/vpn.inc'); + +if (!is_array($config['pptpd']['radius'])) { + $config['pptpd']['radius'] = array(); +} +$pptpcfg = &$config['pptpd']; + +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + $pconfig['remoteip'] = $pptpcfg['remoteip']; + $pconfig['localip'] = $pptpcfg['localip']; + $pconfig['mode'] = $pptpcfg['mode']; + $pconfig['wins'] = $pptpcfg['wins']; + $pconfig['req128'] = isset($pptpcfg['req128']); + $pconfig['n_pptp_units'] = $pptpcfg['n_pptp_units']; + $pconfig['pptp_dns1'] = $pptpcfg['dns1']; + $pconfig['pptp_dns2'] = $pptpcfg['dns2']; + $pconfig['radiusenable'] = isset($pptpcfg['radius']['server']['enable']); + $pconfig['radiusissueips'] = isset($pptpcfg['radius']['radiusissueips']); + $pconfig['radiussecenable'] = isset($pptpcfg['radius']['server2']['enable']); + $pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); + $pconfig['radiusserver'] = $pptpcfg['radius']['server']['ip']; + $pconfig['radiusserverport'] = $pptpcfg['radius']['server']['port']; + $pconfig['radiusserveracctport'] = $pptpcfg['radius']['server']['acctport']; + $pconfig['radiussecret'] = $pptpcfg['radius']['server']['secret']; + $pconfig['radiusserver2'] = $pptpcfg['radius']['server2']['ip']; + $pconfig['radiusserver2port'] = $pptpcfg['radius']['server2']['port']; + $pconfig['radiusserver2acctport'] = $pptpcfg['radius']['server2']['acctport']; + $pconfig['radiussecret2'] = $pptpcfg['radius']['server2']['secret2']; + $pconfig['radius_acct_update'] = $pptpcfg['radius']['acct_update']; + $pconfig['radius_nasip'] = $pptpcfg['radius']['nasip']; +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (isset($input_errors) && count($input_errors) > 0) { + unset($input_errors); + } + $pconfig = $_POST; + + /* input validation */ + if ($_POST['mode'] == "server") { + $reqdfields = explode(" ", "localip remoteip"); + $reqdfieldsn = array(gettext("Server address"),gettext("Remote start address")); + + if ($_POST['radiusenable']) { + $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); + $reqdfieldsn = array_merge( + $reqdfieldsn, + array(gettext("RADIUS server address"),gettext("RADIUS shared secret")) + ); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { + $input_errors[] = gettext("A valid server address must be specified."); + } + if ($_POST['remoteip'] && !is_ipaddr($_POST['remoteip'])) { + $input_errors[] = gettext("A valid remote start address must be specified."); + } + if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { + $input_errors[] = gettext("A valid RADIUS server address must be specified."); + } + + if (!$input_errors) { + $subnet_start = ip2ulong($_POST['remoteip']); + $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_pptp_units'] - 1; + + if ((ip2ulong($_POST['localip']) >= $subnet_start) && + (ip2ulong($_POST['localip']) <= $subnet_end)) { + $input_errors[] = gettext("The specified server address lies in the remote subnet."); + } + } + } elseif (isset($config['pptpd']['mode'])) { + unset($config['pptpd']['mode']); + } + + if (!$input_errors) { + $pptpcfg['remoteip'] = $_POST['remoteip']; + $pptpcfg['localip'] = $_POST['localip']; + $pptpcfg['mode'] = $_POST['mode']; + $pptpcfg['wins'] = $_POST['wins']; + $pptpcfg['n_pptp_units'] = $_POST['n_pptp_units']; + $pptpcfg['radius']['server']['ip'] = $_POST['radiusserver']; + $pptpcfg['radius']['server']['port'] = $_POST['radiusserverport']; + $pptpcfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; + $pptpcfg['radius']['server']['secret'] = $_POST['radiussecret']; + $pptpcfg['radius']['server2']['ip'] = $_POST['radiusserver2']; + $pptpcfg['radius']['server2']['port'] = $_POST['radiusserver2port']; + $pptpcfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; + $pptpcfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; + $pptpcfg['radius']['nasip'] = $_POST['radius_nasip']; + $pptpcfg['radius']['acct_update'] = $_POST['radius_acct_update']; + + if ($_POST['pptp_dns1'] == "") { + if (isset($pptpcfg['dns1'])) { + unset($pptpcfg['dns1']); + } + } else { + $pptpcfg['dns1'] = $_POST['pptp_dns1']; + } + + if ($_POST['pptp_dns2'] == "") { + if (isset($pptpcfg['dns2'])) { + unset($pptpcfg['dns2']); + } + } else { + $pptpcfg['dns2'] = $_POST['pptp_dns2']; + } + + if ($_POST['req128'] == "yes") { + $pptpcfg['req128'] = true; + } elseif (isset($pptpcfg['req128'])) { + unset($pptpcfg['req128']); + } + + if ($_POST['radiusenable'] == "yes") { + $pptpcfg['radius']['server']['enable'] = true; + } elseif (isset($pptpcfg['radius']['server']['enable'])) { + unset($pptpcfg['radius']['server']['enable']); + } + + if ($_POST['radiussecenable'] == "yes") { + $pptpcfg['radius']['server2']['enable'] = true; + } elseif (isset($pptpcfg['radius']['server2']['enable'])) { + unset($pptpcfg['radius']['server2']['enable']); + } + + if ($_POST['radacct_enable'] == "yes") { + $pptpcfg['radius']['accounting'] = true; + } elseif (isset($pptpcfg['radius']['accounting'])) { + unset($pptpcfg['radius']['accounting']); + } + + if ($_POST['radiusissueips'] == "yes") { + $pptpcfg['radius']['radiusissueips'] = true; + } elseif (isset($pptpcfg['radius']['radiusissueips'])) { + unset($pptpcfg['radius']['radiusissueips']); + } + + write_config(); + $savemsg = get_std_save_message(); + vpn_pptpd_configure(); + filter_configure(); + } +} + +$service_hook = 'pptpd'; +legacy_html_escape_form_data($pconfig); +include("head.inc"); + +?> + + + +
+
+
+ 0) { + print_input_errors($input_errors); +} ?> + + ' . + gettext('Read more') . '.', + 'warning' + ); ?> +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
+ /> + +   + /> + +
+ + +
+ + +
+ + +
+
+ + +
+ +
+ /> +
+ + /> +
+ + /> +
+ + /> + + +
+ +
+ + +
+ + + + + + + + + + + + + + + +
+ +
+ + +
+ + + + + + + + + + + + + + + +
+ +
+ + +
+ /> + + +
+ " /> +
+
+
+
+
+
+
+
+. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once('guiconfig.inc'); +require_once('services.inc'); +require_once("system.inc"); +require_once("plugins.inc"); +require_once('plugins.inc.d/vpn.inc'); + +if (!is_array($config['pptpd']['user'])) { + $config['pptpd']['user'] = array(); +} +$a_secret = &$config['pptpd']['user']; + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + // delete entry + if (isset($_POST['act']) && $_POST['act'] == "del" && isset($_POST['id'])) { + if (!empty($a_secret[$_POST['id']])) { + unset($a_secret[$_POST['id']]); + mark_subsystem_dirty('pptpusers'); + write_config(); + } + exit; + } elseif (!empty($_POST['apply'])) { + vpn_pptpd_configure(); + clear_subsystem_dirty('pptpusers'); + header("Location: vpn_pptp_users.php"); + exit; + + } +} + +$service_hook = 'pptpd'; +include("head.inc"); +$main_buttons = array( + array('label'=>gettext("add user"), 'href'=>'vpn_pptp_users_edit.php'), +); + +?> + + + + + +
+
+
+
+ ".gettext("You must apply the changes in order for them to take effect").".
".gettext("Warning: this will terminate all current PPTP sessions")."!");?>
+ +
+
+
+
+ + + + + + + + + + + + + +
+ + +
+
+
+
+
+
+
+
+ +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function pptpusercmp($a, $b) +{ + return strcasecmp($a['name'], $b['name']); +} + +function pptpd_users_sort() +{ + global $config; + + if (!is_array($config['ppptpd']['user'])) { + return; + } + + usort($config['pptpd']['user'], "pptpusercmp"); +} + +require_once('guiconfig.inc'); +require_once('services.inc'); +require_once("system.inc"); +require_once("plugins.inc"); +require_once('plugins.inc.d/vpn.inc'); + +if (!is_array($config['pptpd']['user'])) { + $config['pptpd']['user'] = array(); +} +$a_secret = &$config['pptpd']['user']; + +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + if (isset($_GET['id']) && !empty($a_secret[$_GET['id']])) { + $id = $_GET['id']; + } + if (isset($id)) { + $pconfig['username'] = $a_secret[$id]['name']; + $pconfig['ip'] = $a_secret[$id]['ip']; + } else { + $pconfig['username'] = null; + $pconfig['ip'] = null; + } +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (isset($_POST['id']) && !empty($a_secret[$_POST['id']])) { + $id = $_POST['id']; + } + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_secret[$id])) { + $reqdfields = explode(" ", "username"); + $reqdfieldsn = array(gettext("Username")); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = array(gettext("Username"),gettext("Password")); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) { + $input_errors[] = gettext("The username contains invalid characters."); + } + + if (preg_match("/^!/", $_POST['password'])) { + $input_errors[] = gettext("The password cannot start with '!'."); + } + + if (!preg_match("/^[\x20-\x7E]*$/", $_POST['password'])) { + $input_errors[] = gettext("The password contains invalid characters."); + } + + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { + $input_errors[] = gettext("The passwords do not match."); + } + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { + $input_errors[] = gettext("The IP address entered is not valid."); + } + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['name'] == $_POST['username']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; + } + } + } + + if (!$input_errors) { + if (isset($id) && $a_secret[$id]) { + $secretent = $a_secret[$id]; + } + + $secretent['name'] = $_POST['username']; + $secretent['ip'] = $_POST['ip']; + + if ($_POST['password']) { + $secretent['password'] = $_POST['password']; + } + + if (isset($id) && $a_secret[$id]) { + $a_secret[$id] = $secretent; + } else { + $a_secret[] = $secretent; + } + + pptpd_users_sort(); + write_config(); + vpn_pptpd_configure(); + + header("Location: vpn_pptp_users.php"); + exit; + } +} + + +$service_hook = 'pptpd'; +legacy_html_escape_form_data($pconfig); +include("head.inc"); +?> + + + +
+
+
+ 0) { + print_input_errors($input_errors); + } ?> +
+
+
+
+ + + + + + + + + + + + + + + + + + + + + +
+ + + + +
+ +
+ +
+  () +
+ + +
+ + +
  + " /> + + + +
+
+
+
+
+
+
+
+