diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-05-04 16:48:32 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-05-04 16:48:32 +0000 |
commit | c8c416db7e2fbba3ecb08bbcce6e0ff4616ab0b7 (patch) | |
tree | ac48eb36f89899d95c26547c403a1061cc027150 | |
parent | 447c8e03a1c0dc149fb29fdcd12913f595118590 (diff) | |
download | pfsense-c8c416db7e2fbba3ecb08bbcce6e0ff4616ab0b7.zip pfsense-c8c416db7e2fbba3ecb08bbcce6e0ff4616ab0b7.tar.gz |
further changes to 1.3 for pppoe server and pptp server. added to gui add radius acct and auth ports add acct update in seconds option for external radius servers add backup radius server changes
rearranges xml for better use moved radius specific features inside tags added options for additional server above 2 miner bug fixes
Ticket #1306
-rw-r--r-- | etc/inc/vpn.inc | 54 | ||||
-rwxr-xr-x | usr/local/www/vpn_pppoe.php | 172 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 188 |
3 files changed, 257 insertions, 157 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 2c8555d..6104319 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -678,10 +678,17 @@ EOD; EOD; } - if (isset($pptpdcfg["wins"])) - $mpdconf .= " set ipcp nbns {$pptpdcfg['wins']}\n"; - if (is_array($pptpdcfg['dnsserver']) && ($pptpdcfg['dnsserver'][0])) { - $mpdconf .= " set ipcp dns " . join(" ", $pptpdcfg['dnsserver']) . "\n"; + if (isset($pptpdcfg['wins'])) { + $mpdconf .= <<<EOD + set ipcp nbns {$pptpdcfg['wins']} + +EOD; + } + if (isset($pptpdcfg['dns1'])) { + $mpdconf .= <<<EOD + set ipcp dns {$pptpdcfg['dns1']} {$pptpdcfg['dns2']} + +EOD; } else if (isset($config['dnsmasq']['enable'])) { $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; if ($syscfg['dnsserver'][0]) @@ -691,29 +698,29 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - if (isset($pptpdcfg['radius']['enable'])) { + if (isset($pptpdcfg['radius']['server']['enable'])) { $mpdconf .= <<<EOD load radius radius: set radius retries 3 set radius timeout 3 - set radius me {$pptpdcfg['radius_nasip']} + set radius me {$pptpdcfg['radius']['nasip']} set auth enable radius-auth set radius enable message-authentic EOD; - if (isset($pptpdcfg['radius']['secenable'])) { + if (isset($pptpdcfg['radius']['server2']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pptpdcfg['radius']['server2']} "{$pptpdcfg['radius']['secret2']}" 1812 1813 + set radius server {$pptpdcfg['radius']['server2']['ip']} "{$pptpdcfg['radius']['server2']['secret']}" {$pptpdcfg['radius']['server2']['port']} {$pptpdcfg['radius']['server2']['acctport']} EOD; } - if (isset($pptpdcfg['radius']['enable'])) { + if (isset($pptpdcfg['radius']['server']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pptpdcfg['radius']['server']} "{$pptpdcfg['radius']['secret']}" 1812 1813 + set radius server {$pptpdcfg['radius']['server']['ip']} "{$pptpdcfg['radius']['server']['secret']}" {$pptpdcfg['radius']['server']['port']} {$pptpdcfg['radius']['server']['acctport']} EOD; } @@ -721,7 +728,7 @@ EOD; if (isset($pptpdcfg['radius']['accounting'])) { $mpdconf .= <<<EOD set auth enable radius-acct - set auth acct-update {$pptpdcfg['radius_acct_update']} + set auth acct-update {$pptpdcfg['radius']['acct_update']} EOD; } } else { @@ -868,7 +875,9 @@ function vpn_pppoe_configure() { /* wait for process to die */ sleep(2); - + unlink_if_exists("{$g['varetc_path']}/mpd-pppoe/mpd.conf"); + unlink_if_exists("{$g['varetc_path']}/mpd-pppoe/mpd.links"); + unlink_if_exists("{$g['varetc_path']}/mpd-pppoe/mpd.secret"); } /* make sure mpd-vpn directory exists */ @@ -949,8 +958,13 @@ pppoe_standart: set ipcp no vjcomp EOD; + if (isset($pppoecfg['dns1'])) { + $mpdconf .= <<<EOD + set ipcp dns {$pppoecfg['dns1']} {$pppoecfg['dns2']} + +EOD; - if (isset($config['dnsmasq']['enable'])) { + } else if (isset($config['dnsmasq']['enable'])) { $mpdconf .= " set ipcp dns " . $config['interfaces']['lan']['ipaddr']; if ($syscfg['dnsserver'][0]) $mpdconf .= " " . $syscfg['dnsserver'][0]; @@ -959,28 +973,28 @@ EOD; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; } - if (isset($pppoecfg['radius']['enable'])) { + if (isset($pppoecfg['radius']['server']['enable'])) { $mpdconf .= <<<EOD load radius radius: set radius retries 3 set radius timeout 3 - set radius me {$pppoecfg['radius_nasip']} + set radius me {$pppoecfg['radius']['nasip']} set auth enable radius-auth set radius enable message-authentic EOD; - if (isset($pppoecfg['radius']['secenable'])) { + if (isset($pppoecfg['radius']['server2']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pppoecfg['radius']['server2']} "{$pppoecfg['radius']['secret2']}" 1812 1813 + set radius server {$pppoecfg['radius']['server2']['ip']} "{$pppoecfg['radius']['server2']['secret']}" {$pppoecfg['radius']['server2']['port']} {$pppoecfg['radius']['server2']['acctport']} EOD; } - if (isset($pppoecfg['radius']['enable'])) { + if (isset($pppoecfg['radius']['server']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" 1812 1813 + set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" {$pppoecfg['radius']['server']['port']} {$pppoecfg['radius']['server']['acctport']} EOD; } @@ -988,7 +1002,7 @@ EOD; if (isset($pppoecfg['radius']['accounting'])) { $mpdconf .= <<<EOD set auth enable radius-acct - set auth acct-update {$pppoecfg['radius_acct_update']} + set auth acct-update {$pppoecfg['radius']['acct_update']} EOD; } } else { diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index fa6252d..7d941c0 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -39,17 +39,26 @@ $pconfig['remoteip'] = $pppoecfg['remoteip']; $pconfig['localip'] = $pppoecfg['localip']; $pconfig['mode'] = $pppoecfg['mode']; $pconfig['interface'] = $pppoecfg['interface']; -$pconfig['radiusenable'] = isset($pppoecfg['radius']['enable']); -$pconfig['radacct_enable'] = isset($pppoecfg['radius']['accounting']); -$pconfig['radiusserver'] = $pppoecfg['radius']['server']; -$pconfig['radiussecret'] = $pppoecfg['radius']['secret']; -$pconfig['radiusserver2'] = $pppoecfg['radius']['server2']; -$pconfig['radiussecret2'] = $pppoecfg['radius']['secret2']; -$pconfig['radiusissueips'] = isset($pppoecfg['radius']['radiusissueips']); $pconfig['n_pppoe_units'] = $pppoecfg['n_pppoe_units']; $pconfig['pppoe_subnet'] = $pppoecfg['pppoe_subnet']; -$pconfig['radius_nasip'] = $pppoecfg['radius_nasip']; -$pconfig['radius_acct_update'] = $pppoecfg['radius_acct_update']; +$pconfig['pppoe_dns1'] = $pppoecfg['dns1']; +$pconfig['pppoe_dns2'] = $pppoecfg['dns2']; +$pconfig['radacct_enable'] = isset($pppoecfg['radius']['accounting']); +$pconfig['radiusissueips'] = isset($pppoecfg['radius']['radiusissueips']); +$pconfig['radiusenable'] = isset($pppoecfg['radius']['server']['enable']); +$pconfig['radiusserver'] = $pppoecfg['radius']['server']['ip']; +$pconfig['radiusserverport'] = $pppoecfg['radius']['server']['port']; +$pconfig['radiusserveracctport'] = $pppoecfg['radius']['server']['acctport']; +$pconfig['radiussecret'] = $pppoecfg['radius']['server']['secret']; +$pconfig['radiussecenable'] = isset($pppoecfg['radius']['server2']['enable']); +$pconfig['radiusserver2'] = $pppoecfg['radius']['server2']['ip']; +$pconfig['radiusserver2port'] = $pppoecfg['radius']['server2']['port']; +$pconfig['radiusserver2acctport'] = $pppoecfg['radius']['server2']['acctport']; +$pconfig['radiussecret2'] = $pppoecfg['radius']['server2']['secret2']; +$pconfig['radiusissueips'] = isset($pppoecfg['radius']['radiusissueips']); +$pconfig['radius_nasip'] = $pppoecfg['radius']['nasip']; +$pconfig['radius_acct_update'] = $pppoecfg['radius']['acct_update']; + if ($_POST) { @@ -111,22 +120,36 @@ if ($_POST) { $pppoecfg['interface'] = $_POST['interface']; $pppoecfg['n_pppoe_units'] = $_POST['n_pppoe_units']; $pppoecfg['pppoe_subnet'] = $_POST['pppoe_subnet']; - $pppoecfg['radius']['server'] = $_POST['radiusserver']; - $pppoecfg['radius']['secret'] = $_POST['radiussecret']; - $pppoecfg['radius']['server2'] = $_POST['radiusserver2']; - $pppoecfg['radius']['secret2'] = $_POST['radiussecret2']; - $pppoecfg['radius_nasip'] = $_POST['radius_nasip']; - $pppoecfg['radius_acct_update'] = $_POST['radius_acct_update']; + $pppoecfg['radius']['server']['ip'] = $_POST['radiusserver']; + $pppoecfg['radius']['server']['secret'] = $_POST['radiussecret']; + $pppoecfg['radius']['server']['port'] = $_POST['radiusserverport']; + $pppoecfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; + $pppoecfg['radius']['server2']['ip'] = $_POST['radiusserver2']; + $pppoecfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; + $pppoecfg['radius']['server2']['port'] = $_POST['radiusserver2port']; + $pppoecfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; + $pppoecfg['radius']['nasip'] = $_POST['radius_nasip']; + $pppoecfg['radius']['acct_update'] = $_POST['radius_acct_update']; + + if ($_POST['pppoe_dns1'] == "") + unset($pppoecfg['dns1']); + else + $pppoecfg['dns1'] = $_POST['pppoe_dns1']; + + if ($_POST['pppoe_dns2'] == "") + unset($pppoecfg['dns2']); + else + $pppoecfg['dns2'] = $_POST['pppoe_dns2']; if($_POST['radiusenable'] == "yes") - $pppoecfg['radius']['enable'] = true; + $pppoecfg['radius']['server']['enable'] = true; else - unset($pppoecfg['radius']['enable']); + unset($pppoecfg['radius']['server']['enable']); - if($_POST['radiussecondnas'] == "yes") - $pppoecfg['radius']['secenable'] = true; + if($_POST['radiussecenable'] == "yes") + $pppoecfg['radius']['server2']['enable'] = true; else - unset($pppoecfg['radius']['secenable']); + unset($pppoecfg['radius']['server2']['enable']); if($_POST['radacct_enable'] == "yes") $pppoecfg['radius']['accounting'] = true; @@ -174,34 +197,45 @@ function enable_change(enable_over) { document.iform.remoteip.disabled = 0; document.iform.localip.disabled = 0; document.iform.radiusenable.disabled = 0; - document.iform.radiusissueips.disabled = 0; document.iform.interface.disabled = 0; document.iform.n_pppoe_units.disabled = 0; document.iform.pppoe_subnet.disabled = 0; + document.iform.pppoe_dns1.disabled = 0; + document.iform.pppoe_dns2.disabled = 0; if (document.iform.radiusenable.checked || enable_over) { document.iform.radacct_enable.disabled = 0; document.iform.radiusserver.disabled = 0; document.iform.radiussecret.disabled = 0; + document.iform.radiusserverport.disabled = 0; + document.iform.radiusserveracctport.disabled = 0; document.iform.radiusissueips.disabled = 0; document.iform.radius_nasip.disabled = 0; - if (document.iform.radiussecondnas.checked || enable_over) { - document.iform.radiusserver2.disabled = 0; - document.iform.radiussecret2.disabled = 0; document.iform.radiusissueips.disabled = 0; document.iform.radius_nasip.disabled = 0; document.iform.radius_acct_update = 0; + document.iform.radiussecenable.disabled = 0; + if (document.iform.radiussecenable.checked || enable_over) { + document.iform.radiusserver2.disabled = 0; + document.iform.radiussecret2.disabled = 0; + document.iform.radiusserver2port.disabled = 0; + document.iform.radiusserver2acctport.disabled = 0; } else { document.iform.radiusserver2.disabled = 1; document.iform.radiussecret2.disabled = 1; + document.iform.radiusserver2port.disabled = 1; + document.iform.radiusserver2acctport.disabled = 1; } } else { document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; + document.iform.radiusserverport.disabled = 1; + document.iform.radiusserveracctport.disabled = 1; document.iform.radiusissueips.disabled = 1; document.iform.radius_nasip.disabled = 1; document.iform.radius_acct_update = 1; + document.iform.radiussecenable.disabled = 1; } } else { document.iform.interface.disabled = 1; @@ -209,12 +243,19 @@ function enable_change(enable_over) { document.iform.pppoe_subnet.disabled = 1; document.iform.remoteip.disabled = 1; document.iform.localip.disabled = 1; + document.iform.pppoe_dns1.disabled = 1; + document.iform.pppoe_dns2.disabled = 1; document.iform.radiusenable.disabled = 1; + document.iform.radiussecenable.disabled = 1; document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; + document.iform.radiusserverport.disabled = 1; + document.iform.radiusserveracctport.disabled = 1; document.iform.radiusserver2.disabled = 1; document.iform.radiussecret2.disabled = 1; + document.iform.radiusserver2port.disabled = 1; + document.iform.radiusserver2acctport.disabled = 1; document.iform.radiusissueips.disabled = 1; document.iform.radius_nasip.disabled = 1; document.iform.radius_acct_update = 1; @@ -323,7 +364,16 @@ function enable_change(enable_over) { Specify the starting address for the client IP address subnet.<br> </td> </tr> - + <tr> + <td width="22%" valign="top" class="vncellreq">DNS servers</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="pppoe_dns1" type="text" class="formfld" id="pppoe_dns1" size="20" value="<?=htmlspecialchars($pconfig['pppoe_dns1']);?>"> + <br> + <input name="pppoe_dns2" type="text" class="formfld" id="pppoe_dns2" size="20" value="<?=htmlspecialchars($pconfig['pppoe_dns2']);?>"> + <br> + If entered they will be given to all pppoe clients else lan dns and one wan dns will go to all clients<br> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS</td> <td width="78%" class="vtable"> @@ -335,36 +385,56 @@ function enable_change(enable_over) { <br> <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>> <strong>Enable RADIUS accounting <br> - </strong>Sends accounting packets to the RADIUS server.</td> + <br> + </strong>Sends accounting packets to the RADIUS server.<br> + <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked"; ?>> + <strong>Use Backup Radius Server</strong><br> + When set, if primary server fails all requests will be sent via backup server</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">NAS IP ADDRESS</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="radius_nasip" type="text" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> + <br>radius server NAS ip Address<br> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Radius Accounting Update</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="radius_acct_update" type="text" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> + <br>Radius accounting update period in seconds + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> + <td width="78%" valign="top" class="vtable"> + <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " CHECKED"; ?>> + <br>Issue IP Addresses via RADIUS server.</td> </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS server Primary</td> <td width="78%" class="vtable"> <input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> - <br> - Enter the IP address of the RADIUS server.</td> + <input name="radiusserverport" type="text" class="formfld" id="radiusserverport" size="4" value="<?=htmlspecialchars($pconfig['radiusserverport']);?>"> + <input name="radiusserveracctport" type="text" class="formfld" id="radiusserveracctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserveracctport']);?>"> + <br>Enter the IP address and portof the RADIUS server. Format ip auth_port acct_port<br> + <br> standard port 1812 and 1813 accounting</td> </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS primary shared secret</td> <td width="78%" valign="top" class="vtable"> <input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>"> - <br> - Enter the shared secret that will be used to authenticate + <br>Enter the shared secret that will be used to authenticate to the RADIUS server.</td> </tr> - <td width="78%" class="vtable"> - <input name="radiussecondnas" type="checkbox" id="radiussecondnas" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecondnas']) echo "checked"; ?>> - <strong>Use Backup Radius Server<br> - </strong>When set, all users will be authenticated using - the RADIUS server specified below. The local user database - will not be used.</td> - </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS server Secondary</td> <td width="78%" class="vtable"> <input name="radiusserver2" type="text" class="formfld" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>"> - <br> - Enter the IP address of the RADIUS server.</td> + <input name="radiusserver2port" type="text" class="formfld" id="radiusserver2port" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2port']);?>"> + <input name="radiusserver2acctport" type="text" class="formfld" id="radiusserver2acctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2acctport']);?>"> + <br>Enter the IP address and port of the BACKUP RADIUS server. Format ip auth_port acct_port<br> + <br> standard port 1812 and 1813 accounting</td> </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS secondary shared secret</td> @@ -375,29 +445,6 @@ function enable_change(enable_over) { to the RADIUS server.</td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">NAS IP ADDRESS</td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="radius_nasip" type="text" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> - <br> - radius server NAS ip Address<br> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Radius Accounting Update</td> - <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="radius_acct_update" type="text" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> - <br>Radius accounting update period in seconds<br> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> - <td width="78%" valign="top" class="vtable"> - <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " CHECKED"; ?>> - <br>Issue IP Addresses via RADIUS server. - - </td> - </tr> - <tr> <td height="16" colspan="2" valign="top"></td> </tr> <tr> @@ -426,4 +473,3 @@ enable_change(false); <?php include("fend.inc"); ?> </body> </html> - diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index fe5f230..ae54418 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -41,18 +41,24 @@ $pconfig['redir'] = $pptpcfg['redir']; $pconfig['mode'] = $pptpcfg['mode']; $pconfig['wins'] = $pptpcfg['wins']; $pconfig['req128'] = isset($pptpcfg['req128']); -$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); -$pconfig['radiusissueips'] = isset($pptpdcfg['radius']['radiusissueips']); -$pconfig['radiussecenable'] = isset($pptpcfg['radius']['secenable']); -$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); -$pconfig['radiusserver'] = $pptpcfg['radius']['server']; -$pconfig['radiussecret'] = $pptpcfg['radius']['secret']; -$pconfig['radiusserver2'] = $pptpcfg['radius']['server2']; -$pconfig['radiussecret2'] = $pptpcfg['radius']['secret2']; $pconfig['n_pptp_units'] = $pptpcfg['n_pptp_units']; $pconfig['pptp_subnet'] = $pptpcfg['pptp_subnet']; -$pconfig['radius_acct_update'] = $pptpcfg['radius_acct_update']; -$pconfig['radius_nasip'] = $pptpcfg['radius_nasip']; +$pconfig['pptp_dns1'] = $pptpcfg['dns1']; +$pconfig['pptp_dns2'] = $pptpcfg['dns2']; +$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); +$pconfig['radiusissueips'] = isset($pptpcfg['radius']['radiusissueips']); +$pconfig['radiussecenable'] = isset($pptpcfg['radius']['server2']['enable']); +$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); +$pconfig['radiusserver'] = $pptpcfg['radius']['server']['ip']; +$pconfig['radiusserverport'] = $pptpcfg['radius']['server']['port']; +$pconfig['radiusserveracctport'] = $pptpcfg['radius']['server']['acctport']; +$pconfig['radiussecret'] = $pptpcfg['radius']['server']['secret']; +$pconfig['radiusserver2'] = $pptpcfg['radius']['server2']['ip']; +$pconfig['radiusserver2port'] = $pptpcfg['radius']['server2']['port']; +$pconfig['radiusserver2acctport'] = $pptpcfg['radius']['server2']['acctport']; +$pconfig['radiussecret2'] = $pptpcfg['radius']['server2']['secret2']; +$pconfig['radius_acct_update'] = $pptpcfg['radius']['acct_update']; +$pconfig['radius_nasip'] = $pptpcfg['radius']['nasip']; if ($_POST) { @@ -120,17 +126,31 @@ if ($_POST) { if (!$input_errors) { $pptpcfg['remoteip'] = $_POST['remoteip']; $pptpcfg['redir'] = $_POST['redir']; - $pptp['localip'] = $_POST['localip']; + $pptpcfg['localip'] = $_POST['localip']; $pptpcfg['mode'] = $_POST['mode']; $pptpcfg['wins'] = $_POST['wins']; $pptpcfg['n_pptp_units'] = $_POST['n_pptp_units']; $pptpcfg['pptp_subnet'] = $_POST['pptp_subnet']; - $pptpcfg['radius']['server'] = $_POST['radiusserver']; - $pptpcfg['radius']['secret'] = $_POST['radiussecret']; - $pptpcfg['radius']['server2'] = $_POST['radiusserver2']; - $pptpcfg['radius']['secret2'] = $_POST['radiussecret2']; - $pptpcfg['radius_nasip'] = $_POST['radius_nasip']; - $pptpcfg['radius_acct_update'] = $_POST['radius_acct_update']; + $pptpcfg['radius']['server']['ip'] = $_POST['radiusserver']; + $pptpcfg['radius']['server']['port'] = $_POST['radiusserverport']; + $pptpcfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; + $pptpcfg['radius']['server']['secret'] = $_POST['radiussecret']; + $pptpcfg['radius']['server2']['ip'] = $_POST['radiusserver2']; + $pptpcfg['radius']['server2']['port'] = $_POST['radiusserver2port']; + $pptpcfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; + $pptpcfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; + $pptpcfg['radius']['nasip'] = $_POST['radius_nasip']; + $pptpcfg['radius']['acct_update'] = $_POST['radius_acct_update']; + + if ($_POST['pptp_dns1'] == "") + unset($pptpcfg['dns1']); + else + $pptpcfg['dns1'] = $_POST['pptp_dns1']; + + if ($_POST['pptp_dns2'] == "") + unset($pptpcfg['dns2']); + else + $pptpcfg['dns2'] = $_POST['pptp_dns2']; if($_POST['req128'] == "yes") $pptpcfg['req128'] = true; @@ -138,14 +158,14 @@ if ($_POST) { unset($pptpcfg['req128']); if($_POST['radiusenable'] == "yes") - $pptpcfg['radius']['enable'] = true; + $pptpcfg['radius']['server']['enable'] = true; else - unset($pptpcfg['radius']['enable']); + unset($pptpcfg['radius']['server']['enable']); if($_POST['radiussecenable'] == "yes") - $pptpcfg['radius']['secenable'] = true; + $pptpcfg['radius']['server']['enable'] = true; else - unset($pptpcfg['radius']['secenable']); + unset($pptpcfg['radius']['server2']['enable']); if($_POST['radacct_enable'] == "yes") $pptpcfg['radius']['accounting'] = true; @@ -199,46 +219,62 @@ function enable_change(enable_over) { document.iform.wins.disabled = 0; document.iform.n_pptp_units.disabled = 0; document.iform.pptp_subnet.disabled = 0; + document.iform.pptp_dns1.disabled = 0; + document.iform.pptp_dns2.disabled = 0; if (document.iform.radiusenable.checked || enable_over) { document.iform.radiussecenable.disabled = 0; document.iform.radacct_enable.disabled = 0; document.iform.radiusserver.disabled = 0; + document.iform.radiusserverport.disabled = 0; + document.iform.radiusserveracctport.disabled = 0; document.iform.radiussecret.disabled = 0; document.iform.radius_nasip.disabled = 0; document.iform.radius_acct_update.disabled = 0; document.iform.radiusissueips.disabled = 0; + if (document.iform.radiussecenable.checked || enable_over) { + document.iform.radiusserver2.disabled = 0; + document.iform.radiussecret2.disabled = 0; + document.iform.radiusserver2port.disabled = 0; + document.iform.radiusserver2acctport.disabled = 0; + } else { + + document.iform.radiusserver2.disabled = 1; + document.iform.radiussecret2.disabled = 1; + document.iform.radiusserver2port.disabled = 1; + document.iform.radiusserver2acctport.disabled = 1; + } } else { document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; + document.iform.radiusserverport.disabled = 1; + document.iform.radiusserveracctport.disabled = 1; document.iform.radiussecret.disabled = 1; document.iform.radius_nasip.disabled = 1; document.iform.radius_acct_update.disabled = 1; document.iform.radiusissueips.disabled = 1; } - if (document.iform.radiussecenable.checked || enable_over) { - document.iform.radiusserver2.disabled = 0; - document.iform.radiussecret2.disabled = 0; - } else { - - document.iform.radiusserver2.disabled = 1; - document.iform.radiussecret2.disabled = 1; - } } else { document.iform.remoteip.disabled = 1; document.iform.localip.disabled = 1; document.iform.req128.disabled = 1; document.iform.n_pptp_units.disabled = 1; document.iform.pptp_subnet.disabled = 1; + document.iform.pptp_dns1.disabled = 1; + document.iform.pptp_dns2.disabled = 1; document.iform.radiusenable.disabled = 1; document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; + document.iform.radiusserverport.disabled = 1; + document.iform.radiusserveracctport.disabled = 1; document.iform.radiussecret.disabled = 1; document.iform.radius_nasip.disabled = 1; document.iform.radius_acct_update.disabled = 1; document.iform.radiussecenable.disabled = 1; document.iform.radiusserver2.disabled = 1; + document.iform.radiusserver2port.disabled = 1; + document.iform.radiusserver2acctport.disabled = 1; document.iform.radiussecret2.disabled = 1; document.iform.wins.disabled = 1; document.iform.radiusissueips.disabled = 1; @@ -276,7 +312,7 @@ function enable_change(enable_over) { <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> -<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>> + <input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>> Redirect incoming PPTP connections to:</td> <tr> <td width="22%" valign="top" class="vncellreq">PPTP redirection</td> @@ -288,14 +324,9 @@ function enable_change(enable_over) { <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> -<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>> + <input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>> Enable PPTP server</td> - <tr> - <td width="22%" valign="top" class="vncellreq">Max. concurrent - connections</td> - <td width="78%" class="vtable"> - <?=$g['n_pptp_units'];?> - </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Server address</td> <td width="78%" class="vtable"> @@ -347,22 +378,63 @@ function enable_change(enable_over) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq">PPTP DNS Servers</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="pptp_dns1" type="text" class="formfld" id="pptp_dns1" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns1']);?>"> + <br> + <input name="pptp_dns2" type="text" class="formfld" id="pptp_dns2" size="20" value="<?=htmlspecialchars($pconfig['pptp_dns2']);?>"> + <br> + + primary and secondary dns servers for pptp clients<br> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">WINS Server</td> + <td width="78%" valign="top" class="vtable"> + <input name="wins" class="formfld" id="wins" size="20" value="<?=htmlspecialchars($pconfig['wins']);?>"> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS</td> <td width="78%" class="vtable"> <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>> - <strong>Use a RADIUS server for authentication<br> - </strong>When set, all users will be authenticated using + <strong>Use a RADIUS server for authentication</strong><br> + When set, all users will be authenticated using the RADIUS server specified below. The local user database will not be used.<br> <br> <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>> <strong>Enable RADIUS accounting <br> - </strong>Sends accounting packets to the RADIUS server.</td> + </strong>Sends accounting packets to the RADIUS server.<br> + <br> + <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked"; ?>> + <strong>backup RADIUS server for failover authentication</strong><br> + When set, if primary radius fails all request will go to the backup server</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Radius NAS IP</td> + <td width="78%" valign="top" class="vtable"> + <input name="radius_nasip" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Radius Accounting Update</td> + <td width="78%" valign="top" class="vtable"> + <input name="radius_acct_update" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> + <td width="78%" valign="top" class="vtable"> + <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " CHECKED"; ?>> + <br>Issue IP Addresses via RADIUS server. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS server </td> <td width="78%" class="vtable"> <input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> + <input name="radiusserverport" type="text" class="formfld" id="radiusserverport" size="4" value="<?=htmlspecialchars($pconfig['radiusserverport']);?>"> + <input name="radiusserveracctport" type="text" class="formfld" id="radiusserveracctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserveracctport']);?>"> <br> Enter the IP address of the RADIUS server.</td> </tr> @@ -374,17 +446,12 @@ function enable_change(enable_over) { Enter the shared secret that will be used to authenticate to the RADIUS server.</td> </tr> - <td width="78%" class="vtable"> - <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked"; ?>> - <strong>Use a backup RADIUS server for failover authentication<br> - </strong>When set, all users will be authenticated using - the RADIUS server specified below. The local user database - will not be used</td> - </tr> <tr> <td width="22%" valign="top" class="vncell">BACKUP RADIUS server </td> <td width="78%" class="vtable"> <input name="radiusserver2" type="text" class="formfld" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>"> + <input name="radiusserver2port" type="text" class="formfld" id="radiusserver2port" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2port']);?>"> + <input name="radiusserver2acctport" type="text" class="formfld" id="radiusserver2acctport" size="4" value="<?=htmlspecialchars($pconfig['radiusserver2acctport']);?>"> <br> Enter the IP address of the RADIUS server.</td> </tr> @@ -397,32 +464,6 @@ function enable_change(enable_over) { to the RADIUS server.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Radius NAS IP</td> - <td width="78%" valign="top" class="vtable"> - <input name="radius_nasip" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Radius Accounting Update</td> - <td width="78%" valign="top" class="vtable"> - <input name="radius_acct_update" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> - <td width="78%" valign="top" class="vtable"> - <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " CHECKED"; ?>> - <br>Issue IP Addresses via RADIUS server. - - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">WINS Server</td> - <td width="78%" valign="top" class="vtable"> - <input name="wins" class="formfld" id="wins" size="20" value="<?=htmlspecialchars($pconfig['wins']);?>"> - </td> - </tr> - <tr> <td height="16" colspan="2" valign="top"></td> </tr> <tr> @@ -461,4 +502,3 @@ enable_change(false); <?php include("fend.inc"); ?> </body> </html> - |