diff options
-rw-r--r-- | etc/inc/interfaces.inc | 29 | ||||
-rw-r--r-- | etc/inc/vpn.inc | 189 | ||||
-rwxr-xr-x | usr/local/www/vpn_pppoe.php | 73 | ||||
-rwxr-xr-x | usr/local/www/vpn_pptp.php | 134 |
4 files changed, 339 insertions, 86 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 63d8d0e..2c0c86b 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1140,8 +1140,9 @@ function interfaces_wan_pppoe_configure() { } $mpdconf = <<<EOD -pppoe: - new -i ng0 pppoe pppoe +startup: +pppoeclient: + new -i ng0 pppoeclient pppoeclient set iface route default set iface {$ondemand} on-demand set iface idle {$idle} @@ -1175,8 +1176,8 @@ EOD; $mpdconf .= <<<EOD set bundle disable multilink - set bundle authname "{$pppoecfg['username']}" - set bundle password "{$pppoecfg['password']}" + set auth authname "{$pppoecfg['username']}" + set auth password "{$pppoecfg['password']}" set link keep-alive 10 60 set link max-redial 0 set link no acfcomp protocomp @@ -1186,6 +1187,8 @@ EOD; set ipcp yes vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 + + EOD; if (isset($config['system']['dnsallowoverride'])) { @@ -1203,7 +1206,7 @@ EOD; } $mpdconf .= <<<EOD - open iface + open EOD; @@ -1218,7 +1221,7 @@ EOD; } $mpdconf = <<<EOD -pppoe: +pppoeclient: set link type pppoe set pppoe iface {$wancfg['if']} set pppoe service "{$pppoecfg['provider']}" @@ -1230,16 +1233,16 @@ EOD; fwrite($fd, $mpdconf); fclose($fd); - if(file_exists("{$g['varrun_path']}/mpd.pid") and $g['booting']) { + if(file_exists("{$g['varrun_path']}/mpdpppoe.pid") and $g['booting']) { /* if we are booting and mpd has already been started then don't start again. */ } else { /* if mpd is active, lets take it down */ - if(file_exists("{$g['varrun_path']}/mpd.pid")) { - killbypid("{$g['varrun_path']}/mpd.pid"); + if(file_exists("{$g['varrun_path']}/mpdpppoe.pid")) { + killbypid("{$g['varrun_path']}/mpdpppoe.pid"); sleep(3); } /* fire up mpd */ - mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']} -p {$g['varrun_path']}/mpd.pid pppoe"); + mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']} -p {$g['varrun_path']}/mpdpppoe.pid pppoeclient"); } /* sleep until wan is up - or 30 seconds, whichever comes first */ @@ -1263,13 +1266,13 @@ function interfaces_wan_pppoe_restart() { function interfaces_wan_pppoe_down() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR2"); + sigkillbypid("{$g['varrun_path']}/mpdpppoe.pid", "SIGUSR2"); sleep(1); } function interfaces_wan_pppoe_up() { global $g; - sigkillbypid("{$g['varrun_path']}/mpd.pid", "SIGUSR1"); + sigkillbypid("{$g['varrun_path']}/mpdpppoe.pid", "SIGUSR1"); sleep(1); } @@ -1650,4 +1653,4 @@ function get_interface_mac($interface) { return $mac; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 0434b14..2c8555d 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -578,6 +578,8 @@ function vpn_pptpd_configure() { $syscfg = $config['system']; $pptpdcfg = $config['pptpd']; + $starting_ng = get_number_of_wan_netgraph_interfaces_needed(); + if ($g['booting']) { if (!$pptpdcfg['mode'] || ($pptpdcfg['mode'] == "off")) return 0; @@ -585,75 +587,81 @@ function vpn_pptpd_configure() { echo "Configuring PPTP VPN service... "; } else { /* kill mpd */ - killbypid("{$g['varrun_path']}/mpd-vpn.pid"); + killbypid("{$g['varrun_path']}/mpd-pptpd.pid"); /* wait for process to die */ sleep(3); - if(is_process_running("mpd -b")) { - killbypid("{$g['varrun_path']}/mpd-vpn.pid"); + if (is_process_running("mpd4 -b")) { + killbypid("{$g['varrun_path']}/mpd-pptpd.pid"); log_error("Could not kill mpd within 3 seconds. Trying again."); } /* remove mpd.conf, if it exists */ - unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.conf"); - unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.links"); - unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.secret"); + unlink_if_exists("{$g['varetc_path']}/mpd-pptpd/mpd.conf"); + unlink_if_exists("{$g['varetc_path']}/mpd-pptpd/mpd.links"); + unlink_if_exists("{$g['varetc_path']}/mpd-pptpd/mpd.secret"); } /* make sure mpd-vpn directory exists */ - if (!file_exists("{$g['varetc_path']}/mpd-vpn")) - mkdir("{$g['varetc_path']}/mpd-vpn"); + if (!file_exists("{$g['varetc_path']}/mpd-pptpd")) + mkdir("{$g['varetc_path']}/mpd-pptpd"); switch ($pptpdcfg['mode']) { case 'server': /* write mpd.conf */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "w"); + $fd = fopen("{$g['varetc_path']}/mpd-pptpd/mpd.conf", "w"); if (!$fd) { printf("Error: cannot open mpd.conf in vpn_pptpd_configure().\n"); return 1; } $mpdconf = <<<EOD +startup: pptpd: EOD; - for ($i = 0; $i < $g['n_pptp_units']; $i++) { + for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { $mpdconf .= " load pt{$i}\n"; } - for ($i = 0; $i < $g['n_pptp_units']; $i++) { + for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { $clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i); $ngif = "ng" . ($i+1); + if(isset($pptpdcfg['radius']['radiusissueips']) && isset($pptpdcfg['radius']['enable'])) { + $isssue_ip_type = "set ipcp ranges {$pptpdcfg['localip']}/32 0.0.0.0/0"; + } else { + $isssue_ip_type = "set ipcp ranges {$pptpdcfg['localip']}/32 {$clientip}/32"; + } + $mpdconf .= <<<EOD pt{$i}: new -i {$ngif} pt{$i} pt{$i} - set ipcp ranges {$pptpdcfg['localip']}/32 {$clientip}/32 - load pts + {$isssue_ip_type} + load pptpd_standard EOD; } $mpdconf .= <<<EOD -pts: +pptpd_standard: + set iface up-script /usr/local/sbin/vpn-linkup + set iface down-script /usr/local/sbin/vpn-linkdown set iface disable on-demand set iface enable proxy-arp - set iface enable tcpmssfix set iface idle 1800 - set iface up-script /usr/local/sbin/vpn-linkup - set iface down-script /usr/local/sbin/vpn-linkdown + set iface enable tcpmssfix set bundle enable multilink - set bundle enable crypt-reqd set link yes acfcomp protocomp set link no pap chap - set link enable chap-msv2 + set link enable chap set link mtu 1460 set link keep-alive 10 60 set ipcp yes vjcomp @@ -667,7 +675,6 @@ EOD; if (!isset($pptpdcfg['req128'])) { $mpdconf .= <<<EOD set ccp yes mpp-e40 - set ccp yes mpp-e56 EOD; } @@ -686,27 +693,50 @@ EOD; if (isset($pptpdcfg['radius']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pptpdcfg['radius']['server']} "{$pptpdcfg['radius']['secret']}" + load radius + +radius: set radius retries 3 - set radius timeout 10 - set bundle enable radius-auth - set bundle disable radius-fallback + set radius timeout 3 + set radius me {$pptpdcfg['radius_nasip']} + set auth enable radius-auth + set radius enable message-authentic EOD; - if (isset($pptpdcfg['radius']['accounting'])) { + if (isset($pptpdcfg['radius']['secenable'])) { $mpdconf .= <<<EOD - set bundle enable radius-acct + set radius server {$pptpdcfg['radius']['server2']} "{$pptpdcfg['radius']['secret2']}" 1812 1813 EOD; } + + if (isset($pptpdcfg['radius']['enable'])) { + $mpdconf .= <<<EOD + set radius server {$pptpdcfg['radius']['server']} "{$pptpdcfg['radius']['secret']}" 1812 1813 + +EOD; } + if (isset($pptpdcfg['radius']['accounting'])) { + $mpdconf .= <<<EOD + set auth enable radius-acct + set auth acct-update {$pptpdcfg['radius_acct_update']} +EOD; + } + } else { + $mpdconf .= <<<EOD + set auth enable system + set auth timeout 30 + +EOD; + + } fwrite($fd, $mpdconf); fclose($fd); /* write mpd.links */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "w"); + $fd = fopen("{$g['varetc_path']}/mpd-pptpd/mpd.links", "w"); if (!$fd) { printf("Error: cannot open mpd.links in vpn_pptpd_configure().\n"); return 1; @@ -719,10 +749,9 @@ EOD; pt{$i}: set link type pptp + set pptp self 127.0.0.1 set pptp enable incoming set pptp disable originate - set pptp disable windowing - set pptp self 127.0.0.1 EOD; } @@ -731,7 +760,7 @@ EOD; fclose($fd); /* write mpd.secret */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "w"); + $fd = fopen("{$g['varetc_path']}/mpd-pptpd/mpd.secret", "w"); if (!$fd) { printf("Error: cannot open mpd.secret in vpn_pptpd_configure().\n"); return 1; @@ -746,10 +775,10 @@ EOD; fwrite($fd, $mpdsecret); fclose($fd); - chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600); + chmod("{$g['varetc_path']}/mpd-pptpd/mpd.secret", 0600); /* fire up mpd */ - mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pptpd"); + mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/mpd-pptpd -p {$g['varrun_path']}/mpd-pptpd.pid pptpd"); break; @@ -822,20 +851,29 @@ function vpn_pppoe_configure() { $syscfg = $config['system']; $pppoecfg = $config['pppoe']; + $starting_ng = get_number_of_wan_netgraph_interfaces_needed(); + /* create directory if it does not exist */ - if(!is_dir("{$g['varetc_path']}/mpd-vpn")) - mkdir("{$g['varetc_path']}/mpd-vpn"); + if (!is_dir("{$g['varetc_path']}/mpd-pppoe")) + mkdir("{$g['varetc_path']}/mpd-pppoe"); if ($g['booting']) { if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off")) return 0; echo "Configuring PPPoE VPN service... "; + } else { + /* kill mpd */ + killbypid("{$g['varrun_path']}/mpd-pppoe.pid"); + + /* wait for process to die */ + sleep(2); + } /* make sure mpd-vpn directory exists */ - if (!file_exists("{$g['varetc_path']}/mpd-vpn")) - mkdir("{$g['varetc_path']}/mpd-vpn"); + if (!file_exists("{$g['varetc_path']}/mpd-pppoe")) + mkdir("{$g['varetc_path']}/mpd-pppoe"); switch ($pppoecfg['mode']) { @@ -844,13 +882,14 @@ function vpn_pppoe_configure() { $pppoe_interface = filter_translate_type_to_real_interface($pppoecfg['interface']); /* write mpd.conf */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "a"); + $fd = fopen("{$g['varetc_path']}/mpd-pppoe/mpd.conf", "a"); if (!$fd) { printf("Error: cannot open mpd.conf in vpn_pppoe_configure().\n"); return 1; } $mpdconf = "\n\n"; $mpdconf .= <<<EOD +startup: pppoe: EOD; @@ -866,7 +905,6 @@ EOD; if(isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['enable'])) { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; - $isssue_ip_type .="\n\tset ipcp yes radius-ip"; } else { $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; } @@ -887,30 +925,28 @@ pppoe_standart: set link type pppoe set pppoe iface {$pppoe_interface} set pppoe service "*" - set pppoe disable originate - set pppoe enable incoming - set bundle no multilink + set iface up-script /usr/local/sbin/vpn-linkup + set iface down-script /usr/local/sbin/vpn-linkdown set bundle enable compression - set bundle max-logins 1 - set iface idle 0 + set auth max-logins 1 + set link max-redial -1 + set pppoe enable incoming + set pppoe disable originate set iface disable on-demand set iface disable proxy-arp + set iface idle 0 set iface enable tcpmssfix - set iface mtu 1500 + set bundle no multilink + set link no acfcomp + set link no protocomp set link no pap chap set link enable chap - set link keep-alive 60 180 - set ipcp yes vjcomp - set ipcp no vjcomp - set link max-redial -1 - set link mtu 1492 - set link mru 1492 + set link keep-alive 30 100 + set link mtu 1460 set ccp yes mpp-e40 set ccp yes mpp-e128 set ccp yes mpp-stateless - set link latency 1 - #set ipcp dns 10.10.1.3 - #set bundle accept encryption + set ipcp no vjcomp EOD; @@ -925,27 +961,48 @@ EOD; if (isset($pppoecfg['radius']['enable'])) { $mpdconf .= <<<EOD - set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" + load radius + +radius: set radius retries 3 - set radius timeout 10 - set bundle enable radius-auth - set bundle disable radius-fallback + set radius timeout 3 + set radius me {$pppoecfg['radius_nasip']} + set auth enable radius-auth + set radius enable message-authentic EOD; + if (isset($pppoecfg['radius']['secenable'])) { + $mpdconf .= <<<EOD + set radius server {$pppoecfg['radius']['server2']} "{$pppoecfg['radius']['secret2']}" 1812 1813 - if (isset($pppoecfg['radius']['accounting'])) { +EOD; + } + + if (isset($pppoecfg['radius']['enable'])) { $mpdconf .= <<<EOD - set bundle enable radius-acct - set radius acct-update 300 + set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}" 1812 1813 + EOD; } + + if (isset($pppoecfg['radius']['accounting'])) { + $mpdconf .= <<<EOD + set auth enable radius-acct + set auth acct-update {$pppoecfg['radius_acct_update']} +EOD; } + } else { + $mpdconf .= <<<EOD + set auth enable system + set auth timeout 30 +EOD; + } fwrite($fd, $mpdconf); fclose($fd); /* write mpd.links */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "a"); + $fd = fopen("{$g['varetc_path']}/mpd-pppoe/mpd.links", "a"); if (!$fd) { printf("Error: cannot open mpd.links in vpn_pppoe_configure().\n"); return 1; @@ -959,6 +1016,10 @@ EOD; pppoe: set link type pppoe set pppoe iface {$pppoe_interface} + set pppoe service "*" + set pppoe disable incoming + set pppoe enable originate + EOD; } @@ -967,7 +1028,7 @@ EOD; fclose($fd); /* write mpd.secret */ - $fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "a"); + $fd = fopen("{$g['varetc_path']}/mpd-pppoe/mpd.secret", "a"); if (!$fd) { printf("Error: cannot open mpd.secret in vpn_pppoe_configure().\n"); return 1; @@ -982,10 +1043,10 @@ EOD; fwrite($fd, $mpdsecret); fclose($fd); - chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600); + chmod("{$g['varetc_path']}/mpd-pppoe/mpd.secret", 0600); /* fire up mpd */ - mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pppoe"); + mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/mpd-pppoe -p {$g['varrun_path']}/mpd-pppoe.pid pppoe"); break; diff --git a/usr/local/www/vpn_pppoe.php b/usr/local/www/vpn_pppoe.php index 92904c5..fa6252d 100755 --- a/usr/local/www/vpn_pppoe.php +++ b/usr/local/www/vpn_pppoe.php @@ -43,9 +43,13 @@ $pconfig['radiusenable'] = isset($pppoecfg['radius']['enable']); $pconfig['radacct_enable'] = isset($pppoecfg['radius']['accounting']); $pconfig['radiusserver'] = $pppoecfg['radius']['server']; $pconfig['radiussecret'] = $pppoecfg['radius']['secret']; +$pconfig['radiusserver2'] = $pppoecfg['radius']['server2']; +$pconfig['radiussecret2'] = $pppoecfg['radius']['secret2']; $pconfig['radiusissueips'] = isset($pppoecfg['radius']['radiusissueips']); $pconfig['n_pppoe_units'] = $pppoecfg['n_pppoe_units']; $pconfig['pppoe_subnet'] = $pppoecfg['pppoe_subnet']; +$pconfig['radius_nasip'] = $pppoecfg['radius_nasip']; +$pconfig['radius_acct_update'] = $pppoecfg['radius_acct_update']; if ($_POST) { @@ -109,12 +113,21 @@ if ($_POST) { $pppoecfg['pppoe_subnet'] = $_POST['pppoe_subnet']; $pppoecfg['radius']['server'] = $_POST['radiusserver']; $pppoecfg['radius']['secret'] = $_POST['radiussecret']; + $pppoecfg['radius']['server2'] = $_POST['radiusserver2']; + $pppoecfg['radius']['secret2'] = $_POST['radiussecret2']; + $pppoecfg['radius_nasip'] = $_POST['radius_nasip']; + $pppoecfg['radius_acct_update'] = $_POST['radius_acct_update']; if($_POST['radiusenable'] == "yes") $pppoecfg['radius']['enable'] = true; else unset($pppoecfg['radius']['enable']); + if($_POST['radiussecondnas'] == "yes") + $pppoecfg['radius']['secenable'] = true; + else + unset($pppoecfg['radius']['secenable']); + if($_POST['radacct_enable'] == "yes") $pppoecfg['radius']['accounting'] = true; else @@ -170,11 +183,25 @@ function enable_change(enable_over) { document.iform.radiusserver.disabled = 0; document.iform.radiussecret.disabled = 0; document.iform.radiusissueips.disabled = 0; + document.iform.radius_nasip.disabled = 0; + if (document.iform.radiussecondnas.checked || enable_over) { + document.iform.radiusserver2.disabled = 0; + document.iform.radiussecret2.disabled = 0; + document.iform.radiusissueips.disabled = 0; + document.iform.radius_nasip.disabled = 0; + document.iform.radius_acct_update = 0; + } else { + + document.iform.radiusserver2.disabled = 1; + document.iform.radiussecret2.disabled = 1; + } } else { document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; document.iform.radiusissueips.disabled = 1; + document.iform.radius_nasip.disabled = 1; + document.iform.radius_acct_update = 1; } } else { document.iform.interface.disabled = 1; @@ -186,7 +213,11 @@ function enable_change(enable_over) { document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; + document.iform.radiusserver2.disabled = 1; + document.iform.radiussecret2.disabled = 1; document.iform.radiusissueips.disabled = 1; + document.iform.radius_nasip.disabled = 1; + document.iform.radius_acct_update = 1; } } //--> @@ -307,20 +338,57 @@ function enable_change(enable_over) { </strong>Sends accounting packets to the RADIUS server.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell">RADIUS server </td> + <td width="22%" valign="top" class="vncell">RADIUS server Primary</td> <td width="78%" class="vtable"> <input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>"> <br> Enter the IP address of the RADIUS server.</td> </tr> <tr> - <td width="22%" valign="top" class="vncell">RADIUS shared secret</td> + <td width="22%" valign="top" class="vncell">RADIUS primary shared secret</td> <td width="78%" valign="top" class="vtable"> <input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>"> <br> Enter the shared secret that will be used to authenticate to the RADIUS server.</td> </tr> + <td width="78%" class="vtable"> + <input name="radiussecondnas" type="checkbox" id="radiussecondnas" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecondnas']) echo "checked"; ?>> + <strong>Use Backup Radius Server<br> + </strong>When set, all users will be authenticated using + the RADIUS server specified below. The local user database + will not be used.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">RADIUS server Secondary</td> + <td width="78%" class="vtable"> + <input name="radiusserver2" type="text" class="formfld" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>"> + <br> + Enter the IP address of the RADIUS server.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">RADIUS secondary shared secret</td> + <td width="78%" valign="top" class="vtable"> + <input name="radiussecret2" type="password" class="formfld" id="radiussecret2" size="20" value="<?=htmlspecialchars($pconfig['radiussecret2']);?>"> + <br> + Enter the shared secret that will be used to authenticate + to the RADIUS server.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">NAS IP ADDRESS</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="radius_nasip" type="text" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> + <br> + radius server NAS ip Address<br> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Radius Accounting Update</td> + <td width="78%" class="vtable"> + <?=$mandfldhtml;?><input name="radius_acct_update" type="text" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> + <br>Radius accounting update period in seconds<br> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> <td width="78%" valign="top" class="vtable"> @@ -358,3 +426,4 @@ enable_change(false); <?php include("fend.inc"); ?> </body> </html> + diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 07b55a4..fe5f230 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -42,9 +42,17 @@ $pconfig['mode'] = $pptpcfg['mode']; $pconfig['wins'] = $pptpcfg['wins']; $pconfig['req128'] = isset($pptpcfg['req128']); $pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); +$pconfig['radiusissueips'] = isset($pptpdcfg['radius']['radiusissueips']); +$pconfig['radiussecenable'] = isset($pptpcfg['radius']['secenable']); $pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); $pconfig['radiusserver'] = $pptpcfg['radius']['server']; $pconfig['radiussecret'] = $pptpcfg['radius']['secret']; +$pconfig['radiusserver2'] = $pptpcfg['radius']['server2']; +$pconfig['radiussecret2'] = $pptpcfg['radius']['secret2']; +$pconfig['n_pptp_units'] = $pptpcfg['n_pptp_units']; +$pconfig['pptp_subnet'] = $pptpcfg['pptp_subnet']; +$pconfig['radius_acct_update'] = $pptpcfg['radius_acct_update']; +$pconfig['radius_nasip'] = $pptpcfg['radius_nasip']; if ($_POST) { @@ -105,17 +113,24 @@ if ($_POST) { } } unset($config['pptpd']['mode']); + write_config(); } if (!$input_errors) { $pptpcfg['remoteip'] = $_POST['remoteip']; $pptpcfg['redir'] = $_POST['redir']; - $pptpcfg['localip'] = $_POST['localip']; + $pptp['localip'] = $_POST['localip']; $pptpcfg['mode'] = $_POST['mode']; $pptpcfg['wins'] = $_POST['wins']; + $pptpcfg['n_pptp_units'] = $_POST['n_pptp_units']; + $pptpcfg['pptp_subnet'] = $_POST['pptp_subnet']; $pptpcfg['radius']['server'] = $_POST['radiusserver']; $pptpcfg['radius']['secret'] = $_POST['radiussecret']; + $pptpcfg['radius']['server2'] = $_POST['radiusserver2']; + $pptpcfg['radius']['secret2'] = $_POST['radiussecret2']; + $pptpcfg['radius_nasip'] = $_POST['radius_nasip']; + $pptpcfg['radius_acct_update'] = $_POST['radius_acct_update']; if($_POST['req128'] == "yes") $pptpcfg['req128'] = true; @@ -127,11 +142,21 @@ if ($_POST) { else unset($pptpcfg['radius']['enable']); + if($_POST['radiussecenable'] == "yes") + $pptpcfg['radius']['secenable'] = true; + else + unset($pptpcfg['radius']['secenable']); + if($_POST['radacct_enable'] == "yes") $pptpcfg['radius']['accounting'] = true; else unset($pptpcfg['radius']['accounting']); + if($_POST['radiusissueips'] == "yes") { + $pptpcfg['radius']['radiusissueips'] = true; + } else + unset($pptpcfg['radius']['radiusissueips']); + write_config(); $retval = 0; @@ -172,25 +197,51 @@ function enable_change(enable_over) { document.iform.req128.disabled = 0; document.iform.radiusenable.disabled = 0; document.iform.wins.disabled = 0; + document.iform.n_pptp_units.disabled = 0; + document.iform.pptp_subnet.disabled = 0; if (document.iform.radiusenable.checked || enable_over) { + document.iform.radiussecenable.disabled = 0; document.iform.radacct_enable.disabled = 0; document.iform.radiusserver.disabled = 0; document.iform.radiussecret.disabled = 0; + document.iform.radius_nasip.disabled = 0; + document.iform.radius_acct_update.disabled = 0; + document.iform.radiusissueips.disabled = 0; } else { document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; + document.iform.radius_nasip.disabled = 1; + document.iform.radius_acct_update.disabled = 1; + document.iform.radiusissueips.disabled = 1; + } + + if (document.iform.radiussecenable.checked || enable_over) { + document.iform.radiusserver2.disabled = 0; + document.iform.radiussecret2.disabled = 0; + } else { + + document.iform.radiusserver2.disabled = 1; + document.iform.radiussecret2.disabled = 1; } } else { document.iform.remoteip.disabled = 1; document.iform.localip.disabled = 1; document.iform.req128.disabled = 1; + document.iform.n_pptp_units.disabled = 1; + document.iform.pptp_subnet.disabled = 1; document.iform.radiusenable.disabled = 1; document.iform.radacct_enable.disabled = 1; document.iform.radiusserver.disabled = 1; document.iform.radiussecret.disabled = 1; + document.iform.radius_nasip.disabled = 1; + document.iform.radius_acct_update.disabled = 1; + document.iform.radiussecenable.disabled = 1; + document.iform.radiusserver2.disabled = 1; + document.iform.radiussecret2.disabled = 1; document.iform.wins.disabled = 1; + document.iform.radiusissueips.disabled = 1; } if ((get_radio_value(document.iform.mode) == "redir") || enable_over) { document.iform.redir.disabled = 0; @@ -258,13 +309,42 @@ function enable_change(enable_over) { range</td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>"> - / - <?=$g['pptp_subnet'];?> <br> Specify the starting address for the client IP address subnet.<br> - The PPTP server will assign - <?=$g['n_pptp_units'];?> - addresses, starting at the address entered above, to clients.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Subnet netmask</td> + <td width="78%" class="vtable"> + <select id="pptp_subnet" name="pptp_subnet"> + <?php + for($x=0; $x<33; $x++) { + if($x == $pconfig['pptp_subnet']) + $SELECTED = " SELECTED"; + else + $SELECTED = ""; + echo "<option value=\"{$x}\"{$SELECTED}>{$x}</option>\n"; + } + ?> + </select> + <br>Hint: 24 is 255.255.255.0 + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">No. PPTP users</td> + <td width="78%" class="vtable"> + <select id="n_pptp_units" name="n_pptp_units"> + <?php + for($x=0; $x<255; $x++) { + if($x == $pconfig['n_pptp_units']) + $SELECTED = " SELECTED"; + else + $SELECTED = ""; + echo "<option value=\"{$x}\"{$SELECTED}>{$x}</option>\n"; + } + ?> + </select> + <br>Hint: 10 is TEN pptp clients + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">RADIUS</td> @@ -294,7 +374,47 @@ function enable_change(enable_over) { Enter the shared secret that will be used to authenticate to the RADIUS server.</td> </tr> + <td width="78%" class="vtable"> + <input name="radiussecenable" type="checkbox" id="radiussecenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiussecenable']) echo "checked"; ?>> + <strong>Use a backup RADIUS server for failover authentication<br> + </strong>When set, all users will be authenticated using + the RADIUS server specified below. The local user database + will not be used</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">BACKUP RADIUS server </td> + <td width="78%" class="vtable"> + <input name="radiusserver2" type="text" class="formfld" id="radiusserver2" size="20" value="<?=htmlspecialchars($pconfig['radiusserver2']);?>"> + <br> + Enter the IP address of the RADIUS server.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">BACKUP RADIUS shared secret</td> + <td width="78%" valign="top" class="vtable"> + <input name="radiussecret2" type="password" class="formfld" id="radiussecret2" size="20" value="<?=htmlspecialchars($pconfig['radiussecret2']);?>"> + <br> + Enter the shared secret that will be used to authenticate + to the RADIUS server.</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Radius NAS IP</td> + <td width="78%" valign="top" class="vtable"> + <input name="radius_nasip" class="formfld" id="radius_nasip" size="20" value="<?=htmlspecialchars($pconfig['radius_nasip']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Radius Accounting Update</td> + <td width="78%" valign="top" class="vtable"> + <input name="radius_acct_update" class="formfld" id="radius_acct_update" size="20" value="<?=htmlspecialchars($pconfig['radius_acct_update']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">RADIUS issued IP's</td> + <td width="78%" valign="top" class="vtable"> + <input name="radiusissueips" value="yes" type="checkbox" class="formfld" id="radiusissueips"<?php if($pconfig['radiusissueips']) echo " CHECKED"; ?>> + <br>Issue IP Addresses via RADIUS server. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">WINS Server</td> @@ -302,7 +422,6 @@ function enable_change(enable_over) { <input name="wins" class="formfld" id="wins" size="20" value="<?=htmlspecialchars($pconfig['wins']);?>"> </td> </tr> - <tr> <td height="16" colspan="2" valign="top"></td> </tr> @@ -342,3 +461,4 @@ enable_change(false); <?php include("fend.inc"); ?> </body> </html> + |