diff options
| -rw-r--r-- | etc/inc/captiveportal.inc | 11 | ||||
| -rw-r--r-- | etc/inc/config.lib.inc | 13 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 2 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 5 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 9 | ||||
| -rw-r--r-- | etc/inc/rrd.inc | 78 | ||||
| -rw-r--r-- | etc/inc/services.inc | 7 | ||||
| -rw-r--r-- | etc/inc/shaper.inc | 12 | ||||
| -rw-r--r-- | etc/inc/system.inc | 34 | ||||
| -rw-r--r-- | etc/inc/voucher.inc | 48 | ||||
| -rwxr-xr-x | etc/rc.bootup | 4 | ||||
| -rwxr-xr-x | etc/rc.filter_synchronize | 37 | ||||
| -rwxr-xr-x | etc/rc.shutdown | 2 | ||||
| -rwxr-xr-x | etc/sshd | 6 | ||||
| -rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/firewall_shaper_vinterface.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/interfaces.php | 39 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/status_interfaces.php | 15 | ||||
| -rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 22 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 23 | ||||
| -rwxr-xr-x | usr/local/www/vpn_pptp.php | 2 |
22 files changed, 281 insertions, 94 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index ef59446..f8c0ccd 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -881,6 +881,17 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t /* Release the ruleno so it can be reallocated to new clients. */ captiveportal_free_ipfw_ruleno($dbent[1]); + + // XMLRPC Call over to the master Voucher node + $a_voucher = &$config['voucher']; + if(!empty($a_voucher['vouchersyncdbip'])) { + $syncip = $a_voucher['vouchersyncdbip']; + $syncport = $a_voucher['vouchersyncport']; + $syncpass = $a_voucher['vouchersyncpass']; + $vouchersyncusername = $a_voucher['vouchersyncusername']; + $remote_status = xmlrpc_sync_voucher_disconnect($dben, $syncip, $syncport, $syncpass, $vouchersyncusername, $term_cause, $stop_time); + } + } /* remove a single client by sessionid */ diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index 11e1ec3..586d687 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -301,13 +301,16 @@ EOD; * null ******/ /* mount flash card read/write */ -function conf_mount_rw() { +function conf_mount_rw($nobootcheck = false) { global $g; /* do not mount on cdrom platform */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; + if($g['booting'] && !$nobootcheck) + return; + if (refcount_reference(1000) > 1) return; @@ -321,7 +324,7 @@ function conf_mount_rw() { /* if the platform is soekris or wrap or pfSense, lets mount the * compact flash cards root. - */ + */ $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); /* we could not mount this correctly. kick off fsck */ if($status <> 0) { @@ -339,14 +342,14 @@ function conf_mount_rw() { * RESULT * null ******/ -function conf_mount_ro() { +function conf_mount_ro($nobootcheck = false) { global $g; /* do not umount on cdrom or pfSense platforms */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; - if($g['booting']) + if($g['booting'] && !$nobootcheck) return; if (refcount_unreference(1000) > 0) @@ -852,4 +855,4 @@ function set_device_perms() { } } -?> +?>
\ No newline at end of file diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6c56bc8..78aa401 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2008,8 +2008,6 @@ function filter_generate_user_rule($rule) { $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " "; $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global "; } - if(!empty($aline['divert'])) - $aline['flags'] .= "max-packets 5 "; $aline['flags'] .= " ) "; } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 1fcbc8f..3e72a48 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1226,8 +1226,8 @@ function interface_ppps_configure($interface) { $localips[$pid] = get_interface_ip($port); // try to get the interface IP from the port if(!is_ipaddr($localips[$pid])){ - log_error("Could not get a Local IP address for PPTP/L2TP link on {$port} in interfaces_ppps_configure."); - return 0; + log_error("Could not get a Local IP address for PPTP/L2TP link on {$port} in interfaces_ppps_configure. Using 0.0.0.0 ip!"); + $localips[$pid] = "0.0.0.0"; } /* XXX: This needs to go away soon! [It's commented out!] */ /* Configure the gateway (remote IP ) */ @@ -1504,7 +1504,6 @@ EOD; $mpdconf .= <<<EOD set {$type} self {$localips[$pid]} set {$type} peer {$gateways[$pid]} - set {$type} disable windowing EOD; } diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 08e5f92..8d71fd2 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -295,11 +295,11 @@ function openvpn_reconfigure($mode, $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - if (isset($settings['dev_mode'])) - $tunname = "{$settings['dev_mode']}{$vpnid}"; + if (isset($settings['device_mode'])) + $tunname = "{$settings['device_mode']}{$vpnid}"; else { /* defaults to tun */ $tunname = "tun{$vpnid}"; - $settings['dev_mode'] = "tun"; + $settings['device_mode'] = "tun"; } if ($mode == "server") @@ -323,6 +323,7 @@ function openvpn_reconfigure($mode, $settings) { $pfile = $g['varrun_path'] . "/openvpn_{$mode_id}.pid"; $proto = ($settings['protocol'] == 'UDP' ? 'udp' : "tcp-{$mode}"); + $device_mode = $settings['device_mode']; $cipher = $settings['crypto']; $interface = $settings['interface']; @@ -340,7 +341,7 @@ function openvpn_reconfigure($mode, $settings) { } $conf = "dev {$devname}\n"; - $conf .= "dev-type {$settings['dev_mode']}\n"; + $conf .= "dev-type {$settings['device_mode']}\n"; $conf .= "dev-node /dev/{$tunname}\n"; $conf .= "writepid {$pfile}\n"; $conf .= "#user nobody\n"; diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 56d00fc..433f659 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -177,6 +177,7 @@ function enable_rrd_graphing() { $vpnusers = "-vpnusers.rrd"; $captiveportalconcurrent = "-concurrent.rrd"; $captiveportalloggedin = "-loggedin.rrd"; + $captiveportaltotalusers = "-totalusers.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -185,7 +186,7 @@ function enable_rrd_graphing() { $pfctl = "/sbin/pfctl"; $sysctl = "/sbin/sysctl"; $php = "/usr/local/bin/php"; - $top = "/usr/bin/top"; + $cpustats = "/usr/local/sbin/cpustats"; $spamd_gather = "/usr/local/bin/spamd_gather_stats.php"; $ifconfig = "/sbin/ifconfig"; $captiveportal_gather = "/usr/local/bin/captiveportal_gather_stats.php"; @@ -357,8 +358,8 @@ function enable_rrd_graphing() { $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling wireless for interface $ifname $realif \n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$wireless N:\\\n"; - $rrdupdatesh .= "`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; + $rrdupdatesh .= "WIFI=`$ifconfig {$realif} list sta| $awk 'gsub(\"M\", \"\") {getline 2;print substr(\$5, 0, length(\$5)-2) \":\" $4 \":\" $3}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$wireless N:${WIFI}\n"; } /* OpenVPN, set up the rrd file */ @@ -395,8 +396,8 @@ function enable_rrd_graphing() { $rrdupdatesh .= " sleep 0.2\n"; $rrdupdatesh .= " echo \"quit\"\n"; $rrdupdatesh .= "}\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\\\n"; - $rrdupdatesh .= "`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; + $rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'` &\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n"; } /* QUEUES, set up the queues databases */ @@ -568,12 +569,10 @@ function enable_rrd_graphing() { } /* the CPU stats gathering function. */ - $rrdupdatesh .= "$top -d 2 -s 1 0 | tail -n7 > /tmp/top_output.txt\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$proc N:\\\n"; - $rrdupdatesh .= "`$awk < /tmp/top_output.txt '{gsub(/%/, \"\")} \\\n"; - $rrdupdatesh .= "{ if ( \$2 == \"processes:\" ) { processes = \$1; } \\\n"; - $rrdupdatesh .= "else if ( \$1 == \"CPU:\" ) { user = \$2; nice = \$4; sys = \$6; interrupt = \$8; } \\\n"; - $rrdupdatesh .= "} END { printf user\":\"nice\":\"sys\":\"interrupt\":\"processes }'`\n\n"; + $rrdupdatesh .= "CPU=`$cpustats | cut -f1-4 -d':'`\n"; + /* Using ps uxaH will count all processes including system threads. Top was undercounting. */ + $rrdupdatesh .= "PROCS=`ps uxaH | wc -l | awk '{print \$1;}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$proc N:\${CPU}:\${PROCS}\n"; /* End CPU statistics */ @@ -607,9 +606,10 @@ function enable_rrd_graphing() { } /* the Memory stats gathering function. */ - $rrdupdatesh .= "`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; - $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf \"$rrdtool update $rrddbpath$ifname$mem N:\""; - $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n\n"; + $rrdupdatesh .= "MEM=`$sysctl -n vm.stats.vm.v_page_count vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count vm.stats.vm.v_free_count vm.stats.vm.v_cache_count vm.stats.vm.v_wire_count | "; + $rrdupdatesh .= " $awk '{getline active;getline inactive;getline free;getline cache;getline wire;printf "; + $rrdupdatesh .= "((active/$0) * 100)\":\"((inactive/$0) * 100)\":\"((free/$0) * 100)\":\"((cache/$0) * 100)\":\"(wire/$0 * 100)}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$mem N:\${MEM}\n"; /* End Memory statistics */ @@ -676,7 +676,7 @@ function enable_rrd_graphing() { /* Captive Portal statistics, set up the rrd file */ if(isset($config['captiveportal']['enable'])) { $ifname= "captiveportal"; - if (!file_exists("$rrddbpath$ifname$captiveportal")) { + if (!file_exists("$rrddbpath$ifname$captiveportalconcurrent")) { $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalconcurrent --step $rrdcaptiveportalinterval "; $rrdcreate .= "DS:concurrentusers:GAUGE:$captiveportalvalid:0:10000 "; $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; @@ -707,11 +707,11 @@ function enable_rrd_graphing() { /* the Captive Portal stats gathering function. */ $rrdupdatesh .= "\n"; $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \\\n"; - $rrdupdatesh .= "`$php -q $captiveportal_gather concurrent`\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather concurrent`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalconcurrent \${CP}\n"; $ifname= "captiveportal"; - if (!file_exists("$rrddbpath$ifname$captiveportal")) { + if (!file_exists("$rrddbpath$ifname$captiveportalloggedin")) { $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportalloggedin --step $rrdcaptiveportalinterval "; $rrdcreate .= "DS:loggedinusers:GAUGE:$captiveportalvalid:0:10000 "; $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; @@ -741,9 +741,45 @@ function enable_rrd_graphing() { /* the Captive Portal stats gathering function. */ $rrdupdatesh .= "\n"; - $rrdupdatesh .= "# polling Captive Portal for number of logged in users and concurrent users\n"; - $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \\\n"; - $rrdupdatesh .= "`$php -q $captiveportal_gather loggedin`\n"; + $rrdupdatesh .= "# polling Captive Portal for number of logged in users\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather loggedin`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportalloggedin \${CP}\n"; + + $ifname= "captiveportal"; + if (!file_exists("$rrddbpath$ifname$captiveportaltotalusers")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$captiveportaltotalusers --step $rrdcaptiveportalinterval "; + $rrdcreate .= "DS:totalusers:GAUGE:$captiveportalvalid:0:10000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:1100 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1175 "; + $rrdcreate .= "RRA:AVERAGE:0.5:720:3000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1000 "; + $rrdcreate .= "RRA:MIN:0.5:5:1100 "; + $rrdcreate .= "RRA:MIN:0.5:60:1175 "; + $rrdcreate .= "RRA:MIN:0.5:720:3000 "; + $rrdcreate .= "RRA:MAX:0.5:1:1000 "; + $rrdcreate .= "RRA:MAX:0.5:5:1100 "; + $rrdcreate .= "RRA:MAX:0.5:60:1175 "; + $rrdcreate .= "RRA:MAX:0.5:720:3000 "; + $rrdcreate .= "RRA:LAST:0.5:1:1000 "; + $rrdcreate .= "RRA:LAST:0.5:5:1100 "; + $rrdcreate .= "RRA:LAST:0.5:60:1175 "; + $rrdcreate .= "RRA:LAST:0.5:720:3000 "; + + create_new_rrd($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if($g['booting']) { + mwexec("$rrdtool update $rrddbpath$ifname$captiveportaltotalusers N:U"); + } + + /* the Captive Portal stats gathering function. */ + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling Captive Portal for number of concurrent users\n"; + $rrdupdatesh .= "CP=`$php -q $captiveportal_gather total`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$captiveportaltotalusers \${CP}\n"; + } $rrdupdatesh .= "sleep 60\n"; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 6224b45..a76496a 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1676,10 +1676,13 @@ function configure_cron() { function upnp_action ($action) { switch($action) { case "start": - if(file_exists('/var/etc/miniupnpd.conf')) - mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf'); + if (file_exists('/var/etc/miniupnpd.conf')) { + @unlink("{$g['varrun_path']}/miniupnpd.pid"); + mwexec_bg("/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P {$g['varrun_path']}/miniupnpd.pid"); + } break; case "stop": + killbypid("{$g['varrun_path']}/miniupnpd.pid"); while((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0) mwexec('killall miniupnpd 2>/dev/null', true); mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null'); diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index c56543a..9c8618a 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -961,7 +961,9 @@ class priq_queue { $input_errors[] = "Queue limit must be an integer"; if ($data['qlimit'] < 0) $input_errors[] = "Queue limit must be positive"; - if (!preg_match("/^[a-zA-Z0-9_-]*$/", $data['name'])) + if (!empty($data['newname']) && !preg_match("/^[a-zA-Z0-9_-]*$/", $data['newname'])) + $input_errors[] = "Queue names must be alphanumeric and _ or - only."; + if (!empty($data['name']) && !preg_match("/^[a-zA-Z0-9_-]*$/", $data['name'])) $input_errors[] = "Queue names must be alphanumeric and _ or - only."; } @@ -2770,7 +2772,7 @@ class dummynet_class { $reqdfieldsn[] = "Bandwidth"; $reqdfields[] = "bandwidthtype"; $reqdfieldsn[] = "Bandwidthtype"; - $reqdfields[] = "name"; + $reqdfields[] = "newname"; $reqdfieldsn[] = "Name"; shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); @@ -2783,7 +2785,9 @@ class dummynet_class { $input_errors[] = "Buckets must be an integer between 16 and 65535."; if ($data['qlimit'] && (!is_numeric($data['qlimit']))) $input_errors[] = "Queue limit must be an integer"; - if (!preg_match("/^[a-zA-Z0-9_-]+$/", $data['name'])) + if (!empty($data['newname']) && !preg_match("/^[a-zA-Z0-9_-]+$/", $data['newname'])) + $input_errors[] = "Queue names must be alphanumeric and _ or - only."; + if (!empty($data['name']) && !preg_match("/^[a-zA-Z0-9_-]+$/", $data['name'])) $input_errors[] = "Queue names must be alphanumeric and _ or - only."; } } @@ -3253,7 +3257,7 @@ class dnqueue_class extends dummynet_class { $form .= " <input type=\"checkbox\" id=\"enabled\" name=\"enabled\" value=\"on\""; if ($this->GetEnabled() == "on") $form .= " CHECKED"; - $form .= " ><span class=\"vexpl\"> Enable/Disable queue and its children</span>"; + $form .= " ><span class=\"vexpl\"> Enable/Disable queue</span>"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"center\" class=\"vncellreq\"><br><span class=\"vexpl\">Name</span></td>"; $form .= "<td class=\"vncellreq\">"; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 25e82e6..f478189 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1242,22 +1242,13 @@ function system_timezone_configure() { function system_ntp_configure() { global $config, $g; - $syscfg =& $config['system']; - - /* open configuration for wrting or bail */ - $fd = fopen("{$g['varetc_path']}/ntpd.conf","w"); - if(!$fd) { - log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing"); - return; - } - - fwrite($fd, "# \n"); - fwrite($fd, "# pfSense OpenNTPD configuration file \n"); - fwrite($fd, "# \n\n"); + $ntpcfg = "# \n"; + $ntpcfg .= "# pfSense OpenNTPD configuration file \n"; + $ntpcfg .= "# \n\n"; /* foreach through servers and write out to ntpd.conf */ - foreach (explode(' ', $syscfg['timeservers']) as $ts) - fwrite($fd, "servers {$ts}\n"); + foreach (explode(' ', $config['system']['timeservers']) as $ts) + $ntpcfg .= "servers {$ts}\n"; /* Setup listener(s) if the user has configured one */ if ($config['installedpackages']['openntpd']) { @@ -1270,12 +1261,19 @@ function system_ntp_configure() { $ips = array_map('find_interface_ip', $ifaces); foreach ($ips as $ip) { if (is_ipaddr($ip)) - fwrite($fd, "listen on $ip\n"); + $ntpdcfg .= "listen on $ip\n"; } } } + $ntpdcfg .= "\n"; - fwrite($fd, "\n"); + /* open configuration for wrting or bail */ + $fd = fopen("{$g['varetc_path']}/ntpd.conf","w"); + if(!$fd) { + log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing"); + return; + } + fwrite($fd, $ntpcfg); /* slurp! */ fclose($fd); @@ -1303,13 +1301,11 @@ function system_ntp_configure() { function sync_system_time() { global $config, $g; - $syscfg = $config['system']; - if ($g['booting']) echo "Syncing system time before startup..."; /* foreach through servers and write out to ntpd.conf */ - foreach (explode(' ', $syscfg['timeservers']) as $ts) { + foreach (explode(' ', $config['system']['timeservers']) as $ts) { mwexec("/usr/sbin/ntpdate -s $ts"); } diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 3b34e93..f4b5e1b 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -37,6 +37,54 @@ if(!function_exists('captiveportal_syslog')) require_once("captiveportal.inc"); +function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $username, $term_cause = "1", $stop_time = null) { + global $g, $config; + require_once("xmlrpc.inc"); + if($port == "443") + $url = "https://{$syncip}:{$port}"; + else + $url = "http://{$syncip}:{$port}"; + + /* Construct code that is run on remote machine */ + $method = 'pfsense.exec_php'; + $execcmd = <<<EOF + require_once('/etc/inc/captiveportal.inc'); + require_once('/etc/inc/voucher.inc'); + \$radiusservers = captiveportal_get_radius_servers(); + captiveportal_disconnect(\$dbent, \$radiusservers, \$term_cause, \$stop_time); + +EOF; + + /* assemble xmlrpc payload */ + $params = array( + XML_RPC_encode($password), + XML_RPC_encode($execcmd) + ); + + log_error("Captive Portal Voucher XMLRPC sync data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, "250"); + if(!is_object($resp)) { + $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error($error); + file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); + return false; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error($error); + file_notice("CaptivePortalVoucherSync", $error, "Error code received", ""); + return false; + } else { + log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + } + + $toreturn = XML_RPC_Decode($resp->value()); + + return $toreturn; +} + function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, $username) { global $g, $config; require_once("xmlrpc.inc"); diff --git a/etc/rc.bootup b/etc/rc.bootup index 6cff6ac..b7a632e 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -129,7 +129,7 @@ $memory = get_memory(); $avail = $memory[0]; echo " done.\n"; -conf_mount_rw(); +conf_mount_rw(true); /* save dmesg output to file */ system_dmesg_save(); @@ -400,6 +400,6 @@ unset($g['booting']); led_normalize(); -conf_mount_ro(); +conf_mount_ro(true); ?> diff --git a/etc/rc.filter_synchronize b/etc/rc.filter_synchronize index 28b08cf..c3c2899 100755 --- a/etc/rc.filter_synchronize +++ b/etc/rc.filter_synchronize @@ -99,19 +99,19 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host $numberofruns = 0; while ($numberofruns < 2) { - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $username = $config['system']['user'][0]['name']; - $cli->setCredentials($username, $password); - if($numberofruns > 1) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after 240 seconds */ - $resp = $cli->send($msg, "240"); - if(!is_object($resp)) { - $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; - } elseif($resp->faultCode()) { - $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - } else { + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $username = $config['system']['user'][0]['name']; + $cli->setCredentials($username, $password); + if($numberofruns > 1) + $cli->setDebug(1); + /* send our XMLRPC message and timeout after 240 seconds */ + $resp = $cli->send($msg, "240"); + if(!is_object($resp)) { + $error = "A communications error occured while attempting XMLRPC sync with username {$username} {$url}:{$port}."; + } elseif($resp->faultCode()) { + $error = "An error code was received while attempting XMLRPC sync with username {$username} {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + } else { $parsed_response = XML_RPC_decode($resp->value()); if(!is_array($parsed_response)) { if (trim($parsed_response) == "Authentication failed") { @@ -122,9 +122,11 @@ function carp_check_version($url, $password, $port = 80, $method = 'pfsense.host } } else { if (!isset($parsed_response['config_version']) || - $parsed_response['config_version'] < $config['version']) + $parsed_response['config_version'] < $config['version']) { + update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); + log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); return false; - else + } else return true; } } @@ -381,11 +383,8 @@ if (is_array($config['installedpackages']['carpsettings']['config'])) { if ($carp['synchronizecaptiveportal'] != "" and is_array($config['vouchers'])) $sections[] = 'vouchers'; if (count($sections) > 0) { - if (!carp_check_version($synchronizetoip, $carp['password'], $port)) { - update_filter_reload_status("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); - log_error("The other member is on older configuration version of {$g['product_name']}. Sync will not be done to prevent problems!"); + if (!carp_check_version($synchronizetoip, $carp['password'], $port)) break; - } update_filter_reload_status("Signaling CARP reload signal..."); carp_sync_xml($synchronizetoip, $carp['password'], $sections, $port); diff --git a/etc/rc.shutdown b/etc/rc.shutdown index f8dd4a2..14faf80 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -28,7 +28,7 @@ export PATH # temporary files on shutdown from /tmp/ PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then - find -x /tmp/ -type f -exec rm -f {} \; + find -x /tmp/* -type f -exec rm -f {} \; else /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh @@ -42,7 +42,7 @@ exit; } - conf_mount_rw(); + conf_mount_rw(true); function file_size($file) { $size = filesize($file); @@ -138,7 +138,7 @@ /* are we already running? if so exit */ if(is_subsystem_dirty('sshdkeys')) { - conf_mount_ro(); + conf_mount_ro(true); exit; } @@ -185,6 +185,6 @@ exec("mkdir /conf/sshd"); exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } - conf_mount_ro(); + conf_mount_ro(true); ?> diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 825bbae..6b73a8d 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -46,7 +46,7 @@ // Keywords not allowed in names -$reserved_keywords = array("pass", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec"); +$reserved_keywords = array("all", "pass", "out", "queue", "max", "min", "pptp", "pppoe", "L2TP", "OpenVPN", "IPsec"); require("guiconfig.inc"); require_once("functions.inc"); diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index 5222771..fae5429 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -72,7 +72,7 @@ if ($_POST) { if ($_POST['name']) $qname = htmlspecialchars(trim($_POST['name'])); else if ($_POST['newname']) - $qname = htmlspecialchars(trim($_POST['name'])); + $qname = htmlspecialchars(trim($_POST['newname'])); if ($_POST['pipe']) $pipe = htmlspecialchars(trim($_POST['pipe'])); else diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index ad253a1..15a3f5f 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -159,7 +159,7 @@ if ($wancfg['if'] == $a_ppps[$pppid]['if']) { } }// End force pppoe reset at specific time }// End if type == pppoe - else if ($a_ppps[$pppid]['type'] == "pptp"){ + else if ($a_ppps[$pppid]['type'] == "pptp" || $a_ppps[$pppid]['type'] == "l2tp"){ $pconfig['pptp_username'] = $a_ppps[$pppid]['username']; $pconfig['pptp_password'] = base64_decode($a_ppps[$pppid]['password']); $pconfig['pptp_local'] = explode(",",$a_ppps[$pppid]['localip']); @@ -175,6 +175,7 @@ if ($wancfg['if'] == $a_ppps[$pppid]['if']) { $pconfig['dhcphostname'] = $wancfg['dhcphostname']; $pconfig['alias-address'] = $wancfg['alias-address']; $pconfig['alias-subnet'] = $wancfg['alias-subnet']; +$pconfig['dhcp_plus'] = isset($wancfg['dhcp_plus']); $pconfig['descr'] = remove_bad_chars($wancfg['descr']); $pconfig['enable'] = isset($wancfg['enable']); @@ -196,6 +197,7 @@ switch($wancfg['ipaddr']) { break; case "pppoe": case "pptp": + case "l2tp": case "ppp": $pconfig['type'] = $wancfg['ipaddr']; break; @@ -452,6 +454,16 @@ if ($_POST['apply']) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); break; + case "l2tp": + if ($_POST['pptp_dialondemand']) { + $reqdfields = explode(" ", "pptp_username pptp_password pptp_remote pptp_dialondemand pptp_idletimeout"); + $reqdfieldsn = array(gettext("L2TP username"),gettext("L2TP password"),gettext("L2TP remote IP address"),gettext("Dial on demand"),gettext("Idle timeout value")); + } else { + $reqdfields = explode(" ", "pptp_username pptp_password pptp_remote"); + $reqdfieldsn = array(gettext("L2TP username"),gettext("L2TP password"),gettext("L2TP remote IP address")); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + break; } /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ @@ -500,7 +512,7 @@ if ($_POST['apply']) { $input_errors[] = gettext("A valid PPTP local IP address must be specified."); if (($_POST['pptp_subnet'] && !is_numeric($_POST['pptp_subnet']))) $input_errors[] = gettext("A valid PPTP subnet bit count must be specified."); - if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) + if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']) && !is_hostname($_POST['gateway'][$iface]))) $input_errors[] = gettext("A valid PPTP remote IP address must be specified."); if (($_POST['pptp_idletimeout'] != "") && !is_numericint($_POST['pptp_idletimeout'])) $input_errors[] = gettext("The idle timeout value must be an integer."); @@ -656,6 +668,7 @@ if ($_POST['apply']) { $wancfg['dhcphostname'] = $_POST['dhcphostname']; $wancfg['alias-address'] = $_POST['alias-address']; $wancfg['alias-subnet'] = $_POST['alias-subnet']; + $wancfg['dhcp_plus'] = $_POST['dhcp_plus'] == "yes" ? true : false; if($gateway_item) { $a_gateways[] = $gateway_item; } @@ -725,6 +738,7 @@ if ($_POST['apply']) { break; case "pptp": + case "l2tp": $a_ppps[$pppid]['ptpid'] = $_POST['ptpid']; $a_ppps[$pppid]['type'] = $_POST['type']; $a_ppps[$pppid]['if'] = $_POST['type'].$_POST['ptpid']; @@ -965,7 +979,7 @@ $statusurl = "status_interfaces.php"; $closehead = false; include("head.inc"); -$types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), "staticv6" => gettext("Static IPv6"), "staticv4v6" => gettext("Static IPv4 + IPv6"), "dhcp" => gettext("DHCP"), "dhcpv6" => gettext("DHCPv6"), "ppp" => gettext("PPP"), "pppoe" => gettext("PPPoE"), "pptp" => gettext("PPTP") /* , "carpdev-dhcp" => "CarpDev"*/); +$types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), "staticv6" => gettext("Static IPv6"), "staticv4v6" => gettext("Static IPv4 + IPv6"), "dhcp" => gettext("DHCP"), "dhcpv6" => gettext("DHCPv6"), "ppp" => gettext("PPP"), "pppoe" => gettext("PPPoE"), "pptp" => gettext("PPTP"), "l2tp" => gettext("L2TP") /* , "carpdev-dhcp" => "CarpDev"*/); ?> @@ -1012,12 +1026,15 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), $('none','staticv4','staticv6','dhcp','dhcpv6','pptp', 'ppp').invoke('hide'); break; } + case "l2tp": case "pptp": { $('none','staticv4','staticv6','dhcp','dhcpv6','pppoe', 'ppp').invoke('hide'); + $('pptp').show(); break; } } - $(t).show(); + if (t != "l2tp" && t != "pptp") + $(t).show(); } function show_allcfg(obj) { @@ -1447,6 +1464,17 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <tr> <td colspan="2" valign="top" class="listtopic"><?=gettext("DHCPv4 client configuration"); ?></td> </tr> + <!-- Uncomment to expose DHCP+ in GUI + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Enable DHCP+"); ?></td> + <td width="78%" class="vtable"> + <input name="dhcp_plus" type="checkbox" value="yes" <?php if ($pconfig['dhcp_plus'] == true) echo "checked"; ?> > + <strong><?=gettext("Enable DHCP+L2TP or DHCP+PPTP."); ?></strong> + <br/> + <?=gettext("Status changes on this interface will trigger reconfiguration (if necessary) of the associated PPTP/L2TP link."); ?> + </td> + </tr> + --> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Hostname"); ?></td> <td width="78%" class="vtable"> @@ -1476,6 +1504,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), "DHCP client."); ?> </td> </tr> + </table> </td> </tr> @@ -1705,7 +1734,7 @@ $types = array("none" => gettext("None"), "staticv4" => gettext("Static IPv4"), <td colspan="2" style="padding:0px;"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("PPTP configuration"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("PPTP/L2TP configuration"); ?></td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Username"); ?></td> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index faaeb37..24595da 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -614,7 +614,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> } ?> </select><br/> - <?=gettext("Choose the ip to use for calling station attribute."); ?> + <?=gettext("Choose the IP to use for calling station attribute."); ?> </td> </tr> diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 047a053..5d7f80b 100755 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -132,6 +132,21 @@ include("head.inc"); </a> </td> </tr> + <?php endif; if ($ifinfo['l2tplink']): ?> + <tr> + <td width="22%" class="vncellt"><?=gettext("L2TP"); ?></td> + <td width="78%" class="listr"> + <?=htmlspecialchars($ifinfo['l2tplink']);?> + <?php if ($ifinfo['l2tplink'] == "up"): ?> + <a href="status_interfaces.php?action=Disconnect&if=<?php echo $ifdescr; ?>"> + <input type="button" name="<?php echo $ifdescr; ?>" value="<?=gettext("Disconnect");?>" class="formbtns"> + <?php else: ?> + <a href="status_interfaces.php?action=Connect&if=<?php echo $ifdescr; ?>"> + <input type="button" name="<?php echo $ifdescr; ?>" value="<?=gettext("Connect");?>" class="formbtns"> + <?php endif; ?> + </a> + </td> + </tr> <?php endif; if ($ifinfo['ppplink']): ?> <tr> <td width="22%" class="vncellt"><?=gettext("PPP"); ?></td> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index bc6bd1b..00df6c1 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -1081,6 +1081,28 @@ elseif((strstr($curdatabase, "-concurrent.rrd")) && (file_exists("$rrddbpath$cur $graphcmd .= "COMMENT:\"\\n\" "; $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } +elseif((strstr($curdatabase, "-totalusers.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { + /* define graphcmd for online Captive Portal users stats */ + $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; + $graphcmd .= "--start $start --end $end "; + $graphcmd .= "--vertical-label \"Total Captive Portal Users\" "; + $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; + $graphcmd .= "--base=1000 "; + $graphcmd .= "--lower-limit=0 "; + $graphcmd .= "--slope-mode "; + $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; + $graphcmd .= "--height 200 --width 620 "; + $graphcmd .= "DEF:\"$curif-totalusers=$rrddbpath$curdatabase:totalusers:AVERAGE\" "; + $graphcmd .= "AREA:\"$curif-totalusers#{$colorcaptiveportalusers[0]}:$curif-totalusers\" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"\t\t\t current\t\t average\t maximum\\n\" "; + $graphcmd .= "COMMENT:\"Users Online\t\" "; + $graphcmd .= "GPRINT:\"$curif-totalusers:LAST:%8.0lf \" "; + $graphcmd .= "GPRINT:\"$curif-totalusers:AVERAGE:%8.0lf \" "; + $graphcmd .= "GPRINT:\"$curif-totalusers:MAX:%8.0lf \" "; + $graphcmd .= "COMMENT:\"\\n\" "; + $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; +} else { $data = false; log_error(sprintf(gettext("Sorry we do not have data to graph for %s"),$curdatabase)); diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 0f751e7..ef82716 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -91,6 +91,7 @@ if($_GET['act']=="new"){ $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; $pconfig['dh_length'] = 1024; + $pconfig['device_mode'] = "tun"; $pconfig['interface'] = "wan"; $pconfig['local_port'] = openvpn_port_next('UDP'); $pconfig['pool_enable'] = "yes"; @@ -104,6 +105,7 @@ if($_GET['act']=="edit"){ $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; + $pconfig['device_mode'] = $a_server[$id]['device_mode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { $pconfig['interface'] = $pconfig['interface'] . '|' . $a_server[$id]['ipaddr']; @@ -304,6 +306,7 @@ if ($_POST) { if (!empty($pconfig['authmode'])) $server['authmode'] = implode(",", $pconfig['authmode']); $server['protocol'] = $pconfig['protocol']; + $server['device_mode'] = $pconfig['device_mode']; list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']); $server['local_port'] = $pconfig['local_port']; $server['description'] = $pconfig['description']; @@ -663,6 +666,26 @@ if ($savemsg) </td> </tr> <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Device Mode"); ?></td> + <td width="78%" class="vtable"> + <select name="device_mode" class="formselect"> + <?php + foreach ($openvpn_dev_mode as $device): + $selected = ""; + if (! empty($pconfig['device_mode'])) { + if ($pconfig['device_mode'] == $device) + $selected = "selected"; + } else { + if ($device == "tun") + $selected = "selected"; + } + ?> + <option value="<?=$device;?>" <?=$selected;?>><?=$device;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td width="78%" class="vtable"> <select name="interface" class="formselect"> diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index 84f4020..5be5e6e 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -342,7 +342,7 @@ function enable_change(enable_over) { } ?> </select> - <br><?=gettext("Hint: 10 is TEN pptp clients"); ?> + <br><?=gettext("Hint: 10 is ten PPTP clients"); ?> </td> </tr> <tr> |
