diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-07-30 20:37:32 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-07-30 20:37:32 +0000 |
| commit | 06e69b035b5af68fc99bb7a8549439e525abe47d (patch) | |
| tree | b6d681209529890452e84e206f06bdaaf63d35d9 | |
| parent | 270317025732f6e0458c043bda9ddd16af547ce0 (diff) | |
| download | pfsense-06e69b035b5af68fc99bb7a8549439e525abe47d.zip pfsense-06e69b035b5af68fc99bb7a8549439e525abe47d.tar.gz | |
Add PPPoE server hooks
| -rw-r--r-- | etc/inc/vpn.inc | 180 | ||||
| -rw-r--r-- | etc/version | 2 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pppoe_users.php | 132 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pppoe_users_edit.php | 160 |
4 files changed, 473 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 685713b..a5cf992 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -781,4 +781,184 @@ function vpn_endpoint_determine($tunnel, $curwanip) { return null; } +function vpn_pppoe_configure() { + global $config, $g; + + $syscfg = $config['system']; + $pppoecfg = $config['pppoe']; + + if ($g['booting']) { + if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off")) + return 0; + + echo "Configuring PPPoE VPN service... "; + } else { + /* kill mpd */ + killbypid("{$g['varrun_path']}/mpd-vpn.pid"); + + /* wait for process to die */ + sleep(2); + + vpn_pptp_configure(); + } + + /* make sure mpd-vpn directory exists */ + if (!file_exists("{$g['varetc_path']}/mpd-vpn")) + mkdir("{$g['varetc_path']}/mpd-vpn"); + + switch ($pppoecfg['mode']) { + + case 'server': + + /* write mpd.conf */ + $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "a"); + if (!$fd) { + printf("Error: cannot open mpd.conf in vpn_pppoe_configure().\n"); + return 1; + } + $mpdconf = "\n\n"; + $mpdconf .= <<<EOD +pppoe: + +EOD; + + for ($i = 0; $i < $g['n_pppoe_units']; $i++) { + $mpdconf .= " load pt{$i}\n"; + } + + for ($i = 0; $i < $g['n_pppoe_units']; $i++) { + + $clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i); + $ngif = "ng" . ($i+1); + + $mpdconf .= <<<EOD + +pppoe0: + new -i {$ngif} pppoe{i} pppoe{i} + set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32 + load pppoe_standart + +EOD; + } + + $mpdconf .= <<<EOD + +pppoe_standart: + #set link type pppoe + #set pppoe iface lnc0 + set pppoe service "*" + set pppoe disable originate + set pppoe enable incoming + set bundle no multilink + set bundle enable compression + set bundle accept encryption + set bundle max-logins 1 + set iface idle 0 + set iface disable on-demand + set iface disable proxy-arp + set iface enable tcpmssfix + set iface mtu 1500 + set link mtu 1500 + set link no pap chap + set link enable chap + set link keep-alive 60 180 + set ipcp yes vjcomp + set ipcp no vjcomp + set link max-redial -1 + set link mtu 1452 + set ccp yes mpp-e40 + set ccp yes mpp-e128 + set ccp yes mpp-stateless + set ipcp dns 10.10.1.3 + set link latency 1 + +EOD; + + if (isset($config['dnsmasq']['enable'])) { + $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; + if ($syscfg['dnsserver'][0]) + $mpdconf .= " " . $syscfg['dnsserver'][0]; + $mpdconf .= "\n"; + } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { + $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; + } + + if (isset($pppoecfg['radius']['enable'])) { + $mpdconf .= <<<EOD + set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" + set radius retries 3 + set radius timeout 10 + set bundle enable radius-auth + set bundle disable radius-fallback + +EOD; + + if (isset($pppoecfg['radius']['accounting'])) { + $mpdconf .= <<<EOD + set bundle enable radius-acct + +EOD; + } + } + + fwrite($fd, $mpdconf); + fclose($fd); + + /* write mpd.links */ + $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "a"); + if (!$fd) { + printf("Error: cannot open mpd.links in vpn_pppoe_configure().\n"); + return 1; + } + + $mpdlinks = ""; + + for ($i = 0; $i < $g['n_pppoe_units']; $i++) { + $mpdlinks .= <<<EOD + +pppoe: + set link type pppoe + #set pppoe iface lnc0 + +EOD; + } + + fwrite($fd, $mpdlinks); + fclose($fd); + + /* write mpd.secret */ + $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "a"); + if (!$fd) { + printf("Error: cannot open mpd.secret in vpn_pppoe_configure().\n"); + return 1; + } + + $mpdsecret = "\n\n"; + + if (is_array($pppoecfg['user'])) { + foreach ($pppoecfg['user'] as $user) + $mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n"; + } + + fwrite($fd, $mpdsecret); + fclose($fd); + chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600); + + /* fire up mpd */ + mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pppoe"); + + break; + + case 'redir': + break; + } + + touch("{$g["tmp_path"]}/filter_dirty"); + + if ($g['booting']) + echo "done\n"; + + return 0; +} + ?>
\ No newline at end of file diff --git a/etc/version b/etc/version index b0d230e..eecd809 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -0.71.12
\ No newline at end of file +0.72
\ No newline at end of file diff --git a/usr/local/www/vpn_pppoe_users.php b/usr/local/www/vpn_pppoe_users.php new file mode 100755 index 0000000..7fb7f92 --- /dev/null +++ b/usr/local/www/vpn_pppoe_users.php @@ -0,0 +1,132 @@ +#!/usr/local/bin/php +<?php +/* + vpn_pppoe_users.php + part of pfSense + + Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com) + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pppoe']['user'])) { + $config['pppoe']['user'] = array(); +} +pppoe_users_sort(); +$a_secret = &$config['pppoe']['user']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_pppoe_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_pppoeuserdirty_path)) + unlink($d_pppoeuserdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_pppoeuserdirty_path); + header("Location: vpn_pppoe_users.php"); + exit; + } +} + +$pgtitle = "VPN: PPTP: Users"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<form action="vpn_pppoe_users.php" method="post"> +<?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (isset($config['pppoe']['radius']['enable'])) + print_info_box("Warning: RADIUS is enabled. The local user database will not be used."); ?> +<?php if (file_exists($d_pppoeuserdirty_path)): ?><p> +<?php print_info_box_np("The PPTP user list has been modified.<br>You must apply the changes in order for them to take effect.<br><b>Warning: this will terminate all current PPTP sessions!</b>");?><br> +<?php endif; ?> +<div id="mainarea"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabnavtbl"> +<?php + $tab_array = array(); + $tab_array[0] = array("Configuration", false, "vpn_pppoe.php"); + $tab_array[1] = array("Users", true, "vpn_pppoe_users.php"); + display_top_tabs($tab_array); +?> </td></tr> + <tr> + <td colspan="3" class="tabcont"> + <table width="80%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Username</td> + <td class="listhdr">IP address</td> + <td class="list"></td> + </tr> + <?php $i = 0; foreach ($a_secret as $secretent): ?> + <tr> + <td class="listlr"> + <?=htmlspecialchars($secretent['name']);?> + </td> + <td class="listr"> + <?=htmlspecialchars($secretent['ip']);?> + </td> + <td class="list" nowrap> <a href="vpn_pppoe_users_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit user" width="17" height="17" border="0"></a> + <a href="vpn_pppoe_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete user" width="17" height="17" border="0"></a></td> + </tr> + <?php $i++; endforeach; ?> + <tr> + <td class="list" colspan="2"></td> + <td class="list"> <a href="vpn_pppoe_users_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add user" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> + </tr> +</table> +</div> +</form> +<?php include("fend.inc"); ?> +<script type="text/javascript"> +NiftyCheck(); +Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth"); +</script> + +</body> +</html> + + diff --git a/usr/local/www/vpn_pppoe_users_edit.php b/usr/local/www/vpn_pppoe_users_edit.php new file mode 100755 index 0000000..aa8fc02 --- /dev/null +++ b/usr/local/www/vpn_pppoe_users_edit.php @@ -0,0 +1,160 @@ +#!/usr/local/bin/php +<?php +/* + vpn_pppoe_users_edit.php + part of pfSense + + Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com) + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pppoe']['user'])) { + $config['pppoe']['user'] = array(); +} +pppoe_users_sort(); +$a_secret = &$config['pppoe']['user']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_secret[$id]) { + $pconfig['username'] = $a_secret[$id]['name']; + $pconfig['ip'] = $a_secret[$id]['ip']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_secret[$id])) { + $reqdfields = explode(" ", "username"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) + $input_errors[] = "The username contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password'])) + $input_errors[] = "The password contains invalid characters."; + + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { + $input_errors[] = "The passwords do not match."; + } + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { + $input_errors[] = "The IP address entered is not valid."; + } + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['name'] == $_POST['username']) { + $input_errors[] = "Another entry with the same username already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_secret[$id]) + $secretent = $a_secret[$id]; + + $secretent['name'] = $_POST['username']; + $secretent['ip'] = $_POST['ip']; + + if ($_POST['password']) + $secretent['password'] = $_POST['password']; + + if (isset($id) && $a_secret[$id]) + $a_secret[$id] = $secretent; + else + $a_secret[] = $secretent; + + write_config(); + touch($d_pppoeuserdirty_path); + + header("Location: vpn_pppoe_users.php"); + exit; + } +} + +$pgtitle = "VPN: PPTP: User: Edit"; +include("head.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <form action="vpn_pppoe_users_edit.php" method="post" name="iform" id="iform"> + <?display_topbar()?> + <div id="mainarea"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Username</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="username" type="text" class="formfld" id="username" size="20" value="<?=htmlspecialchars($pconfig['username']);?>"> + </td> + <tr> + <td width="22%" valign="top" class="vncellreq">Password</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="password" type="password" class="formfld" id="password" size="20"> + <br><?=$mandfldhtml;?><input name="password2" type="password" class="formfld" id="password2" size="20"> + (confirmation)<?php if (isset($id) && $a_secret[$id]): ?><br> + <span class="vexpl">If you want to change the users' password, + enter it here twice.</span><?php endif; ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">IP address</td> + <td width="78%" class="vtable"> + <input name="ip" type="text" class="formfld" id="ip" size="20" value="<?=htmlspecialchars($pconfig['ip']);?>"> + <br><span class="vexpl">If you want the user to be assigned a specific IP address, enter it here.</span></td> + </tr> + <tr> + <td class="vncell" width="22%" valign="top"> </td> + <td class="vncell" width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_secret[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> + </div> +</form> +<?php include("fend.inc"); ?> +</body> +</html> + + |
