diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-06-21 23:30:39 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-06-21 23:30:39 +0000 |
commit | e24118864179ac426ca9c9105263be7a3b9cfdc0 (patch) | |
tree | 4f851c44d5b7bcb74bcf9307f7b3525e69eb6f75 /usr/local/www/vpn_pptp.php | |
parent | 76f95b1e459651b1e1585283e2a9f7b544dd8114 (diff) | |
download | pfsense-e24118864179ac426ca9c9105263be7a3b9cfdc0.zip pfsense-e24118864179ac426ca9c9105263be7a3b9cfdc0.tar.gz |
Import m0n0wall ipsec cert code
Diffstat (limited to 'usr/local/www/vpn_pptp.php')
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 212 |
1 files changed, 75 insertions, 137 deletions
diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index acf3fd7..43a19e5 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -1,23 +1,22 @@ #!/usr/local/bin/php <?php -/* $Id$ */ /* vpn_pptp.php part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['radius'])) { @@ -56,15 +56,15 @@ if ($_POST) { if ($_POST['mode'] == "server") { $reqdfields = explode(" ", "localip remoteip"); $reqdfieldsn = explode(",", "Server address,Remote start address"); - + if ($_POST['radiusenable']) { $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); - $reqdfieldsn = array_merge($reqdfieldsn, + $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "RADIUS server address,RADIUS shared secret")); } - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = "A valid server address must be specified."; } @@ -74,26 +74,26 @@ if ($_POST) { if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { $input_errors[] = "A valid RADIUS server address must be specified."; } - - if (!$input_errors) { + + if (!$input_errors) { $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); $subnet_start = ip2long($_POST['remoteip']); $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; - - if ((ip2long($_POST['localip']) >= $subnet_start) && + + if ((ip2long($_POST['localip']) >= $subnet_start) && (ip2long($_POST['localip']) <= $subnet_end)) { - $input_errors[] = "The specified server address lies in the remote subnet."; + $input_errors[] = "The specified server address lies in the remote subnet."; } if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { - $input_errors[] = "The specified server address is equal to the LAN interface address."; + $input_errors[] = "The specified server address is equal to the LAN interface address."; } } } else if ($_POST['mode'] == "redir") { $reqdfields = explode(" ", "redir"); $reqdfieldsn = explode(",", "PPTP redirection target address"); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { $input_errors[] = "A valid target address must be specified."; } @@ -109,25 +109,9 @@ if ($_POST) { $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; $pptpcfg['radius']['server'] = $_POST['radiusserver']; $pptpcfg['radius']['secret'] = $_POST['radiussecret']; - - if (($pconfig['mode'] == "server")) { - /* - * traverse ruleset. if no PPTP rule is found - * install one. - */ - $found_pptp_rule = 0; - foreach($config['filter']['rule'] as $rule) { - $pos = strpos($rule['descr'], "PPTP"); - if ( $pos <> false ) $found_pptp_rule = 1; - } - if($found_pptp_rule == 0) { - /* no PPTP rule found. craete one. */ - add_default_pptp_rule(); - } - } - + write_config(); - + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); @@ -135,15 +119,10 @@ if ($_POST) { config_unlock(); } $savemsg = get_std_save_message($retval); - if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section."; } } ?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head> -<title><?=gentitle("VPN: PPTP");?></title> -<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> -<link href="gui.css" rel="stylesheet" type="text/css"> +<?php include("fbegin.inc"); ?> <script language="JavaScript"> <!-- function get_radio_value(obj) @@ -161,7 +140,7 @@ function enable_change(enable_over) { document.iform.localip.disabled = 0; document.iform.req128.disabled = 0; document.iform.radiusenable.disabled = 0; - + if (document.iform.radiusenable.checked || enable_over) { document.iform.radacct_enable.disabled = 0; document.iform.radiusserver.disabled = 0; @@ -188,126 +167,124 @@ function enable_change(enable_over) { } //--> </script> -</head> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">VPN: PPTP</p> <form action="vpn_pptp.php" method="post" name="iform" id="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> <li class="tabact">Configuration</li> <li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li> </ul> </td></tr> - <tr> + <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <input name="mode" type="radio" onclick="enable_change(false)" value="off" <?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>> Off</td> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>> Redirect incoming PPTP connections to:</td> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">PPTP redirection</td> - <td width="78%" class="vtable"> - <input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>"> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>"> <br> - Enter the IP address of a host which will accept incoming + Enter the IP address of a host which will accept incoming PPTP connections.</td> - <tr> + <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>> Enable PPTP server</td> - <tr> - <td width="22%" valign="top" class="vncellreq">Max. concurrent + <tr> + <td width="22%" valign="top" class="vncellreq">Max. concurrent connections</td> - <td width="78%" class="vtable"> + <td width="78%" class="vtable"> <?=$g['n_pptp_units'];?> </td> - <tr> + <tr> <td width="22%" valign="top" class="vncellreq">Server address</td> - <td width="78%" class="vtable"> - <input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> <br> - Enter the IP address the PPTP server should use on its side + Enter the IP address the PPTP server should use on its side for all clients.</td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Remote address + <tr> + <td width="22%" valign="top" class="vncellreq">Remote address range</td> - <td width="78%" class="vtable"> - <input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>"> - / + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>"> + / <?=$g['pptp_subnet'];?> <br> Specify the starting address for the client IP address subnet.<br> - The PPTP server will assign + The PPTP server will assign <?=$g['n_pptp_units'];?> addresses, starting at the address entered above, to clients.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS</td> - <td width="78%" class="vtable"> - <p> - <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"> + <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>> <strong>Use a RADIUS server for authentication<br> - </strong>When set, all users will be authenticated using - the RADIUS server specified below. The local user database + </strong>When set, all users will be authenticated using + the RADIUS server specified below. The local user database will not be used.<br> <br> - <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>> + <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>> <strong>Enable RADIUS accounting <br> - </strong>Send accounting packets to the RADIUS server. </p></td> + </strong>Sends accounting packets to the RADIUS server.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS server </td> <td width="78%" class="vtable"> - <p> <input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> <br> - Enter the IP address of the RADIUS server.</p></td> + Enter the IP address of the RADIUS server.</td> </tr> - <tr> + <tr> <td width="22%" valign="top" class="vncell">RADIUS shared secret</td> <td width="78%" valign="top" class="vtable"> - <p> <input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>"> <br> - Enter the shared secret that will be used to authenticate - to the RADIUS server.</p></td> + Enter the shared secret that will be used to authenticate + to the RADIUS server.</td> </tr> - <tr> + <tr> <td height="16" colspan="2" valign="top"></td> </tr> - <tr> + <tr> <td width="22%" valign="middle"> </td> - <td width="78%" class="vtable"> - <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>> + <td width="78%" class="vtable"> + <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>> <strong>Require 128-bit encryption</strong><br> - When set, 128-bit encryption will be required. Otherwise - 40-bit and 56-bit encryption will also be accepted. Note that - encryption will always be forced on PPTP connections ( + When set, 128-bit encryption will be accepted. Otherwise, + 40-bit and 56-bit encryption will be accepted, too. Note that + encryption will always be forced on PPTP connections (i.e. unencrypted connections will not be accepted).</td> </tr> - <tr> + <tr> <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> </td> </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span>don't forget to add a firewall rule to permit + traffic from PPTP clients!</span></td> + </tr> </table> - </td> + </td> </tr> </table> </form> @@ -317,42 +294,3 @@ enable_change(false); //--> </script> <?php include("fend.inc"); ?> -</body> -</html> - -<?php - -function add_default_pptp_rule() { - global $config; - - $specialsrcdst = explode(" ", "any lan pptp"); - if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array(); - filter_rules_sort(); - $a_filter = &$config['filter']['rule']; - $filterent = array(); - $filterent['type'] = "pass"; - $filterent['interface'] = "pptp"; - - unset($filterent['max-src-nodes']); - unset($filterent['max-src-states']); - unset($filterent['protocol']); - unset($filterent['icmptype']); - - pconfig_to_address($filterent['source'], "any", - $_POST['srcmask'], $_POST['srcnot'], - $_POST['srcbeginport'], $_POST['srcendport']); - - pconfig_to_address($filterent['destination'], "any", - $_POST['dstmask'], $_POST['dstnot'], - $_POST['dstbeginport'], $_POST['dstendport']); - - $filterent['disabled'] = false; - $filterent['log'] = false; - $filterent['frags'] = false; - $filterent['descr'] = "Default PPTP -> any"; - $a_filter[] = $filterent; - write_config(); - -} - -?>
\ No newline at end of file |