summaryrefslogtreecommitdiffstats
path: root/usr/local/www/vpn_pptp.php
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-06-21 23:30:39 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-06-21 23:30:39 +0000
commite24118864179ac426ca9c9105263be7a3b9cfdc0 (patch)
tree4f851c44d5b7bcb74bcf9307f7b3525e69eb6f75 /usr/local/www/vpn_pptp.php
parent76f95b1e459651b1e1585283e2a9f7b544dd8114 (diff)
downloadpfsense-e24118864179ac426ca9c9105263be7a3b9cfdc0.zip
pfsense-e24118864179ac426ca9c9105263be7a3b9cfdc0.tar.gz
Import m0n0wall ipsec cert code
Diffstat (limited to 'usr/local/www/vpn_pptp.php')
-rwxr-xr-xusr/local/www/vpn_pptp.php212
1 files changed, 75 insertions, 137 deletions
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php
index acf3fd7..43a19e5 100755
--- a/usr/local/www/vpn_pptp.php
+++ b/usr/local/www/vpn_pptp.php
@@ -1,23 +1,22 @@
#!/usr/local/bin/php
<?php
-/* $Id$ */
/*
vpn_pptp.php
part of m0n0wall (http://m0n0.ch/wall)
-
- Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+
+ Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -30,6 +29,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
+$pgtitle = array("VPN", "PPTP");
require("guiconfig.inc");
if (!is_array($config['pptpd']['radius'])) {
@@ -56,15 +56,15 @@ if ($_POST) {
if ($_POST['mode'] == "server") {
$reqdfields = explode(" ", "localip remoteip");
$reqdfieldsn = explode(",", "Server address,Remote start address");
-
+
if ($_POST['radiusenable']) {
$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
- $reqdfieldsn = array_merge($reqdfieldsn,
+ $reqdfieldsn = array_merge($reqdfieldsn,
explode(",", "RADIUS server address,RADIUS shared secret"));
}
-
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
+
if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
$input_errors[] = "A valid server address must be specified.";
}
@@ -74,26 +74,26 @@ if ($_POST) {
if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
$input_errors[] = "A valid RADIUS server address must be specified.";
}
-
- if (!$input_errors) {
+
+ if (!$input_errors) {
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']);
$subnet_start = ip2long($_POST['remoteip']);
$subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1;
-
- if ((ip2long($_POST['localip']) >= $subnet_start) &&
+
+ if ((ip2long($_POST['localip']) >= $subnet_start) &&
(ip2long($_POST['localip']) <= $subnet_end)) {
- $input_errors[] = "The specified server address lies in the remote subnet.";
+ $input_errors[] = "The specified server address lies in the remote subnet.";
}
if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) {
- $input_errors[] = "The specified server address is equal to the LAN interface address.";
+ $input_errors[] = "The specified server address is equal to the LAN interface address.";
}
}
} else if ($_POST['mode'] == "redir") {
$reqdfields = explode(" ", "redir");
$reqdfieldsn = explode(",", "PPTP redirection target address");
-
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
+
if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
$input_errors[] = "A valid target address must be specified.";
}
@@ -109,25 +109,9 @@ if ($_POST) {
$pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false;
$pptpcfg['radius']['server'] = $_POST['radiusserver'];
$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
-
- if (($pconfig['mode'] == "server")) {
- /*
- * traverse ruleset. if no PPTP rule is found
- * install one.
- */
- $found_pptp_rule = 0;
- foreach($config['filter']['rule'] as $rule) {
- $pos = strpos($rule['descr'], "PPTP");
- if ( $pos <> false ) $found_pptp_rule = 1;
- }
- if($found_pptp_rule == 0) {
- /* no PPTP rule found. craete one. */
- add_default_pptp_rule();
- }
- }
-
+
write_config();
-
+
$retval = 0;
if (!file_exists($d_sysrebootreqd_path)) {
config_lock();
@@ -135,15 +119,10 @@ if ($_POST) {
config_unlock();
}
$savemsg = get_std_save_message($retval);
- if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section.";
}
}
?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html><head>
-<title><?=gentitle("VPN: PPTP");?></title>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<link href="gui.css" rel="stylesheet" type="text/css">
+<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function get_radio_value(obj)
@@ -161,7 +140,7 @@ function enable_change(enable_over) {
document.iform.localip.disabled = 0;
document.iform.req128.disabled = 0;
document.iform.radiusenable.disabled = 0;
-
+
if (document.iform.radiusenable.checked || enable_over) {
document.iform.radacct_enable.disabled = 0;
document.iform.radiusserver.disabled = 0;
@@ -188,126 +167,124 @@ function enable_change(enable_over) {
}
//-->
</script>
-</head>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
-<?php include("fbegin.inc"); ?>
-<p class="pgtitle">VPN: PPTP</p>
<form action="vpn_pptp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr><td>
+ <tr><td class="tabnavtbl">
<ul id="tabnav">
<li class="tabact">Configuration</li>
<li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li>
</ul>
</td></tr>
- <tr>
+ <tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<input name="mode" type="radio" onclick="enable_change(false)" value="off"
<?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>>
Off</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
<td width="78%" class="vtable">
<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>>
Redirect incoming PPTP connections to:</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">PPTP redirection</td>
- <td width="78%" class="vtable">
- <input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
<br>
- Enter the IP address of a host which will accept incoming
+ Enter the IP address of a host which will accept incoming
PPTP connections.</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vtable">&nbsp;</td>
<td width="78%" class="vtable">
<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>>
Enable PPTP server</td>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Max. concurrent
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Max. concurrent
connections</td>
- <td width="78%" class="vtable">
+ <td width="78%" class="vtable">
<?=$g['n_pptp_units'];?>
</td>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncellreq">Server address</td>
- <td width="78%" class="vtable">
- <input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
<br>
- Enter the IP address the PPTP server should use on its side
+ Enter the IP address the PPTP server should use on its side
for all clients.</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq">Remote address
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Remote address
range</td>
- <td width="78%" class="vtable">
- <input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
- /
+ <td width="78%" class="vtable">
+ <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
+ /
<?=$g['pptp_subnet'];?>
<br>
Specify the starting address for the client IP address subnet.<br>
- The PPTP server will assign
+ The PPTP server will assign
<?=$g['n_pptp_units'];?>
addresses, starting at the address entered above, to clients.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS</td>
- <td width="78%" class="vtable">
- <p>
- <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable">
+ <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>>
<strong>Use a RADIUS server for authentication<br>
- </strong>When set, all users will be authenticated using
- the RADIUS server specified below. The local user database
+ </strong>When set, all users will be authenticated using
+ the RADIUS server specified below. The local user database
will not be used.<br>
<br>
- <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>>
+ <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>>
<strong>Enable RADIUS accounting <br>
- </strong>Send accounting packets to the RADIUS server. </p></td>
+ </strong>Sends accounting packets to the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS server </td>
<td width="78%" class="vtable">
- <p>
<input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>">
<br>
- Enter the IP address of the RADIUS server.</p></td>
+ Enter the IP address of the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top" class="vncell">RADIUS shared secret</td>
<td width="78%" valign="top" class="vtable">
- <p>
<input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>">
<br>
- Enter the shared secret that will be used to authenticate
- to the RADIUS server.</p></td>
+ Enter the shared secret that will be used to authenticate
+ to the RADIUS server.</td>
</tr>
- <tr>
+ <tr>
<td height="16" colspan="2" valign="top"></td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="middle">&nbsp;</td>
- <td width="78%" class="vtable">
- <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable">
+ <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>>
<strong>Require 128-bit encryption</strong><br>
- When set, 128-bit encryption will be required. Otherwise
- 40-bit and 56-bit encryption will also be accepted. Note that
- encryption will always be forced on PPTP connections (
+ When set, 128-bit encryption will be accepted. Otherwise,
+ 40-bit and 56-bit encryption will be accepted, too. Note that
+ encryption will always be forced on PPTP connections (i.e.
unencrypted connections will not be accepted).</td>
</tr>
- <tr>
+ <tr>
<td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>don't forget to add a firewall rule to permit
+ traffic from PPTP clients!</span></td>
+ </tr>
</table>
- </td>
+ </td>
</tr>
</table>
</form>
@@ -317,42 +294,3 @@ enable_change(false);
//-->
</script>
<?php include("fend.inc"); ?>
-</body>
-</html>
-
-<?php
-
-function add_default_pptp_rule() {
- global $config;
-
- $specialsrcdst = explode(" ", "any lan pptp");
- if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array();
- filter_rules_sort();
- $a_filter = &$config['filter']['rule'];
- $filterent = array();
- $filterent['type'] = "pass";
- $filterent['interface'] = "pptp";
-
- unset($filterent['max-src-nodes']);
- unset($filterent['max-src-states']);
- unset($filterent['protocol']);
- unset($filterent['icmptype']);
-
- pconfig_to_address($filterent['source'], "any",
- $_POST['srcmask'], $_POST['srcnot'],
- $_POST['srcbeginport'], $_POST['srcendport']);
-
- pconfig_to_address($filterent['destination'], "any",
- $_POST['dstmask'], $_POST['dstnot'],
- $_POST['dstbeginport'], $_POST['dstendport']);
-
- $filterent['disabled'] = false;
- $filterent['log'] = false;
- $filterent['frags'] = false;
- $filterent['descr'] = "Default PPTP -> any";
- $a_filter[] = $filterent;
- write_config();
-
-}
-
-?> \ No newline at end of file
OpenPOWER on IntegriCloud