diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 82 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 11 | ||||
-rw-r--r-- | etc/inc/easyrule.inc | 2 | ||||
-rw-r--r-- | etc/inc/filter.inc | 19 | ||||
-rw-r--r-- | etc/inc/upgrade_config.inc | 138 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 45 | ||||
-rwxr-xr-x | etc/rc.bootup | 4 | ||||
-rwxr-xr-x | etc/sshd | 8 | ||||
-rwxr-xr-x | usr/local/sbin/ovpn-linkup | 6 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 157 | ||||
-rwxr-xr-x | usr/local/www/status_graph.php | 2 | ||||
-rw-r--r-- | usr/local/www/status_rrd_graph_img.php | 72 |
17 files changed, 322 insertions, 234 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 0962cd8..fb2384c 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -57,6 +57,7 @@ function get_default_captive_portal_html() { <html> <body> <form method="post" action="\$PORTAL_ACTION\$"> + <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <center> <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> <tr height="10" bgcolor="#990000"> @@ -94,7 +95,6 @@ function get_default_captive_portal_html() { <div id='loginbox'> Enter Voucher Code: <input name="auth_voucher" type="text" style="border:1px dashed;" size="22"> - <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <input name="accept" type="submit" value="Continue"> </div> </center> @@ -273,82 +273,8 @@ function captiveportal_configure() { if ($config['captiveportal']['page']['errtext']) $errtext = base64_decode($config['captiveportal']['page']['errtext']); else { - /* example page */ - $errtext = <<<EOD -<html> - <body> - <form method="post" action="\$PORTAL_ACTION\$"> - <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> - <center> - <table cellpadding="6" cellspacing="0" width="550" height="380" style="border:1px solid #000000"> - <tr height="10" bgcolor="#990000"> - <td style="border-bottom:1px solid #000000"> - <font color='white'> - <b> - {$g['product_name']} captive portal - </b> - </font> - </td> - </tr> - <tr> - <td> - <div id="mainlevel"> - <center> - <table width="100%" border="0" cellpadding="5" cellspacing="0"> - <tr> - <td> - <center> - <div id="mainarea"> - <center> - <table width="100%" border="0" cellpadding="5" cellspacing="5"> - <tr> - <td> - <div id="maindivarea"> - <center> - <div id='statusbox'> - <font color='red' face='arial' size='+1'> - <b> - \$PORTAL_MESSAGE\$ - </b> - </font> - </div> - <br/> - <div id='loginbox'> - <table> - <tr><td colspan="2"><center>Welcome to the {$g['product_name']} Captive Portal!</td></tr> - <tr><td> </td></tr> - <tr><td align="right">Username:</td><td><input name="auth_user" type="text" style="border: 1px dashed;"></td></tr> - <tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> - <tr><td> </td></tr> - <tr> - <td colspan="2"> - <center><input name="accept" type="submit" value="Continue"></center> - </td> - </tr> - </table> - </div> - </center> - </div> - </td> - </tr> - </table> - </center> - </div> - </center> - </td> - </tr> - </table> - </center> - </div> - </td> - </tr> - </table> - </center> - </form> - </body> -</html> - -EOD; + /* example page */ + $errtext = get_default_captive_portal_html(); } $fd = @fopen("{$g['varetc_path']}/captiveportal-error.html", "w"); @@ -1814,7 +1740,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut /* redirect user to desired destination */ if (!empty($attributes['url_redirection'])) $my_redirurl = $attributes['url_redirection']; - else if ($config['captiveportal']['redirurl']) + else if (!empty($config['captiveportal']['redirurl'])) $my_redirurl = $config['captiveportal']['redirurl']; else $my_redirurl = $redirurl; diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index b319ef8..9a5bd12 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -301,16 +301,13 @@ EOD; * null ******/ /* mount flash card read/write */ -function conf_mount_rw($nobootcheck = false) { +function conf_mount_rw() { global $g; /* do not mount on cdrom platform */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; - if($g['booting'] && !$nobootcheck) - return; - if (refcount_reference(1000) > 1) return; @@ -324,7 +321,7 @@ function conf_mount_rw($nobootcheck = false) { /* if the platform is soekris or wrap or pfSense, lets mount the * compact flash cards root. - */ + */ $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); /* we could not mount this correctly. kick off fsck */ if($status <> 0) { @@ -342,14 +339,14 @@ function conf_mount_rw($nobootcheck = false) { * RESULT * null ******/ -function conf_mount_ro($nobootcheck = false) { +function conf_mount_ro() { global $g; /* do not umount on cdrom or pfSense platforms */ if($g['platform'] == "cdrom" or $g['platform'] == "pfSense") return; - if($g['booting'] && !$nobootcheck) + if($g['booting']) return; if (refcount_unreference(1000) > 0) diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 0a6c703..fed7cba 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -53,7 +53,7 @@ function easyrule_find_rule_interface($int) { $iflist['l2tp'] = "L2TP VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])){ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])){ $iflist["enc0"] = "IPSEC"; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7d558eb..08b166f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -793,7 +793,7 @@ function filter_generate_optcfg_array() { $FilterIflist['pppoe'] = $oic; } /* add ipsec interfaces */ - if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) { + if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { $oic = array(); $oic['if'] = 'enc0'; $oic['descr'] = 'IPsec'; @@ -1071,7 +1071,12 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $socktype = "stream"; $dash_u = ""; } - $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"; + $target = explode(" ", trim($target)); + foreach ($target as $targip) { + if (empty($targip)) + continue; + $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; + } } $inetdport++; } @@ -1621,7 +1626,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = "{$lansa}/{$lansn}"; break; case 'pptp': - $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); + $pptpsa = gen_subnet($FilterIflist['pptp']['sa'], $FilterIflist['pptp']['sn']); $pptpsn = $FilterIflist['pptp']['sn']; $src = "{$pptpsa}/{$pptpsn}"; break; @@ -2154,6 +2159,7 @@ EOD; $ipfrules .= <<<EOD # allow PPTP client pass in on \${$oc['descr']} proto tcp from any to any port = 1723 flags S/SA modulate state label "allow PPTP client on {$oc['descr']}" +pass in on \${$oc['descr']} proto gre from any to any keep state label "allow PPTP client on {$oc['descr']}" EOD; break; @@ -2185,8 +2191,8 @@ EOD; if($config['dhcpd'][$on]['failover_peerip'] <> "") { $ipfrules .= <<<EOD # allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']} -pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" -pass in on \${$oc['descr']} proto udp from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover" +pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover" EOD; } @@ -2223,7 +2229,7 @@ EOD; /* add ipsec interfaces */ - if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) $ipfrules .= <<<EOD pass out on \$IPsec all keep state label "IPsec internal host to host" @@ -2271,6 +2277,7 @@ EOD; $ipfrules .= <<<EOD # PPTPd rules pass in on \${$FilterIflist['wan']['descr']} proto tcp from any to $pptpdtarget port = 1723 modulate state label "allow pptpd {$pptpdtarget}" +pass in on \${$FilterIflist['wan']['descr']} proto gre from any to any keep state label "allow gre pptpd" EOD; diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index f530165..8cdc97c 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -982,6 +982,7 @@ function upgrade_046_to_047() { $ph1alg = array( 'name' => 'aes', 'keylen' => '128' ); break; case "rijndael 256": + case "aes 256": $ph1alg = array( 'name' => 'aes', 'keylen' => '256' ); break; } @@ -1066,6 +1067,7 @@ function upgrade_046_to_047() { break; case "rijndael": case "rijndael 256": + case "aes 256": $ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' ); $aes_found = true; $aes_count++; @@ -1090,6 +1092,142 @@ function upgrade_046_to_047() { $config['ipsec']['phase1'] = $a_phase1; $config['ipsec']['phase2'] = $a_phase2; } + + /* Upgrade Mobile IPsec */ + if (isset($config['ipsec']['mobileclients']) + && is_array($config['ipsec']['mobileclients']) + && is_array($config['ipsec']['mobileclients']['p1']) + && is_array($config['ipsec']['mobileclients']['p2'])) { + + if (isset($config['ipsec']['mobileclients']['enable'])) { + $config['ipsec']['client']['enable'] = true; + $config['ipsec']['client']['user_source'] = 'system'; + $config['ipsec']['client']['group_source'] = 'system'; + } + + $mobilecfg = $config['ipsec']['mobileclients']; + + $ph1ent = array(); + $ph1ent['ikeid'] = ++$ikeid; + + if (!isset($mobilecfg['enable'])) + $ph1ent['disabled'] = true; + + /* Assume WAN since mobile tunnels couldn't be on a separate interface on 1.2.x */ + $ph1ent['interface'] = 'wan'; + $ph1ent['descr'] = "Mobile Clients (upgraded)"; + $ph1ent['mode'] = $mobilecfg['p1']['mode']; + + if (isset($mobilecfg['p1']['myident']['myaddress'])) + $ph1ent['myid_type'] = "myaddress"; + if (isset($mobilecfg['p1']['myident']['address'])) { + $ph1ent['myid_type'] = "address"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['address']; + } + if (isset($mobilecfg['p1']['myident']['fqdn'])) { + $ph1ent['myid_type'] = "fqdn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['fqdn']; + } + if (isset($mobilecfg['p1']['myident']['ufqdn'])) { + $ph1ent['myid_type'] = "user_fqdn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['ufqdn']; + } + if (isset($mobilecfg['p1']['myident']['asn1dn'])) { + $ph1ent['myid_type'] = "asn1dn"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['asn1dn']; + } + if (isset($mobilecfg['p1']['myident']['dyn_dns'])) { + $ph1ent['myid_type'] = "dyn_dns"; + $ph1ent['myid_data'] = $mobilecfg['p1']['myident']['dyn_dns']; + } + $ph1ent['peerid_type'] = "fqdn"; + $ph1ent['peerid_data'] = ""; + + switch ($mobilecfg['p1']['encryption-algorithm']) { + case "des": + $ph1alg = array( 'name' => 'des' ); + break; + case "3des": + $ph1alg = array( 'name' => '3des' ); + break; + case "blowfish": + $ph1alg = array( 'name' => 'blowfish', 'keylen' => '128' ); + break; + case "cast128": + $ph1alg = array( 'name' => 'cast128' ); + break; + case "rijndael": + $ph1alg = array( 'name' => 'aes', 'keylen' => '128' ); + break; + case "rijndael 256": + case "aes 256": + $ph1alg = array( 'name' => 'aes', 'keylen' => '256' ); + break; + } + + $ph1ent['encryption-algorithm'] = $ph1alg; + $ph1ent['hash-algorithm'] = $mobilecfg['p1']['hash-algorithm']; + $ph1ent['dhgroup'] = $mobilecfg['p1']['dhgroup']; + $ph1ent['lifetime'] = $mobilecfg['p1']['lifetime']; + $ph1ent['authentication_method'] = $mobilecfg['p1']['authentication_method']; + + if (isset($mobilecfg['p1']['cert'])) + $ph1ent['cert'] = $mobilecfg['p1']['cert']; + if (isset($mobilecfg['p1']['peercert'])) + $ph1ent['peercert'] = $mobilecfg['p1']['peercert']; + if (isset($mobilecfg['p1']['private-key'])) + $ph1ent['private-key'] = $mobilecfg['p1']['private-key']; + + $ph1ent['nat_traversal'] = "on"; + $ph1ent['dpd_enable'] = 1; + $ph1ent['dpd_delay'] = 10; + $ph1ent['dpd_maxfail'] = 5; + $ph1ent['mobile'] = true; + + $ph2ent = array(); + $ph2ent['ikeid'] = $ph1ent['ikeid']; + $ph2ent['descr'] = "phase2 for ".$mobilecfg['descr']; + $ph2ent['localid'] = array('type' => 'none'); + $ph2ent['remoteid'] = array('type' => 'mobile'); + $ph2ent['protocol'] = $mobilecfg['p2']['protocol']; + + $aes_count = 0; + foreach( $mobilecfg['p2']['encryption-algorithm-option'] as $tunalg ) { + $aes_found = false; + switch ($tunalg) { + case "des": + $ph2alg = array( 'name' => 'des' ); + break; + case "3des": + $ph2alg = array( 'name' => '3des' ); + break; + case "blowfish": + $ph2alg = array( 'name' => 'blowfish', 'keylen' => 'auto' ); + break; + case "cast128": + $ph2alg = array( 'name' => 'cast128' ); + break; + case "rijndael": + case "rijndael 256": + case "aes 256": + $ph2alg = array( 'name' => 'aes', 'keylen' => 'auto' ); + $aes_found = true; + $aes_count++; + break; + } + + if( !$aes_found || ($aes_count < 2)) + $ph2ent['encryption-algorithm-option'][] = $ph2alg; + } + $ph2ent['hash-algorithm-option'] = $mobilecfg['p2']['hash-algorithm-option']; + $ph2ent['pfsgroup'] = $mobilecfg['p2']['pfsgroup']; + $ph2ent['lifetime'] = $mobilecfg['p2']['lifetime']; + $ph2ent['mobile'] = true; + + $config['ipsec']['phase1'][] = $ph1ent; + $config['ipsec']['phase2'][] = $ph2ent; + unset($config['ipsec']['mobileclients']); + } } diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 7d618ee..fee5d12 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -41,9 +41,9 @@ function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $user global $g, $config; require_once("xmlrpc.inc"); if($port == "443") - $url = "https://{$syncip}:{$port}"; + $url = "https://{$syncip}"; else - $url = "http://{$syncip}:{$port}"; + $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ $method = 'pfsense.exec_php'; @@ -89,15 +89,15 @@ function xmlrpc_sync_used_voucher($voucher_received, $syncip, $port, $password, global $g, $config; require_once("xmlrpc.inc"); if($port == "443") - $url = "https://{$syncip}:{$port}"; + $url = "https://{$syncip}"; else - $url = "http://{$syncip}:{$port}"; + $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ $method = 'pfsense.exec_php'; $execcmd = <<<EOF require_once('/etc/inc/voucher.inc'); - \$timeleft = voucher_auth($voucher_received); + \$timeleft = voucher_auth({$voucher_received}); \$toreturn = array(); \$toreturn['timeleft'] = \$timeleft; \$toreturn['voucher']['roll'] = \$config['voucher']['roll']; @@ -119,12 +119,12 @@ EOF; $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); - return array("timeleft" => "0"); + return 0; // $timeleft } elseif($resp->faultCode()) { $error = "An error code was received while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Error code received", ""); - return array("timeleft" => "0"); + return 0; // $timeleft } else { log_error("CaptivePortalVoucherSync XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } @@ -132,7 +132,7 @@ EOF; if(count($toreturn['voucher']['roll']) <> count($config['voucher']['roll'])) { $config['voucher']['roll'] = $toreturn['voucher']['roll']; write_config("Captive Portal Voucher database synchronized with {$url}"); - voucher_configure(); + voucher_configure(true); } return $toreturn['timeleft']; @@ -230,12 +230,12 @@ function voucher_auth($voucher_received, $test = 0) { } } else { $test_result[] = sprintf(gettext('%1$s (%2$s/%3$s): not found on any registererd Roll'), $voucher, $roll, $nr); - captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); + captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll"); } } else { // hmm, thats weird ... not what I expected - $test_result[] = "$voucher " . gettext("invalid:") . " $result !!"; - captiveportal_syslog("$voucher " . gettext("invalid:") . " $result !!"); + $test_result[] = sprintf(gettext('%1$s invalid: %2$s !!'),$voucher,$result); + captiveportal_syslog("$voucher invalid: $result !!"); $error++; } } @@ -247,7 +247,7 @@ function voucher_auth($voucher_received, $test = 0) { } else { $test_result[] = sprintf(gettext("Access granted for %d Minutes in total."), $total_minutes); } - unlock($voucherlck); + unlock($voucherlck); return $test_result; } @@ -264,8 +264,8 @@ function voucher_auth($voucher_received, $test = 0) { // If we did a XMLRPC sync earlier check the timeleft if(!empty($a_voucher['vouchersyncdbip'])) - if($remote_time_used['timeleft'] < $total_minutes) - $total_minutes = $remote_time_used['timeleft']; + if($remote_time_used < $total_minutes) + $total_minutes = $remote_time_used; // All given vouchers were valid and this isn't simply a test. // Write back the used DB's @@ -301,8 +301,8 @@ function voucher_auth($voucher_received, $test = 0) { return $total_minutes; } -function voucher_configure() { - global $config, $g; +function voucher_configure($sync = false) { + global $config, $g; /* kill any running minicron */ killbypid("{$g['varrun_path']}/vouchercron.pid"); @@ -311,7 +311,9 @@ function voucher_configure() { return 0; if ($g['booting']) - echo gettext("Enabling voucher support... "); + echo "Enabling voucher support... "; + if ($sync == true) + captiveportal_syslog("Writing voucher db from sync data..."); // start cron if we're asked to save runtime DB periodically // to XML config if it changed @@ -328,8 +330,8 @@ function voucher_configure() { $pubkey = base64_decode($config['voucher']['publickey']); $fd = fopen("{$g['varetc_path']}/voucher.public", "w"); if (!$fd) { - captiveportal_syslog(gettext("Voucher error: cannot write voucher.public") . "\n"); - unlock($voucherlck); + captiveportal_syslog("Voucher error: cannot write voucher.public\n"); + unlock($voucherlck); return 1; } fwrite($fd, $pubkey); @@ -348,7 +350,7 @@ function voucher_configure() { @chmod("{$g['varetc_path']}/voucher.cfg", 0600); unlock($voucherlck); - if ($g['booting'] && is_array($config['voucher']['roll'])) { + if (($g['booting'] || $sync == true) && is_array($config['voucher']['roll'])) { // create active and used DB per roll on ramdisk from config $a_roll = &$config['voucher']['roll']; @@ -375,7 +377,8 @@ function voucher_configure() { } unlock($voucherlck); - echo gettext("done") . "\n"; + if ($g['booting']) + echo "done\n"; } return 0; diff --git a/etc/rc.bootup b/etc/rc.bootup index b7a632e..6cff6ac 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -129,7 +129,7 @@ $memory = get_memory(); $avail = $memory[0]; echo " done.\n"; -conf_mount_rw(true); +conf_mount_rw(); /* save dmesg output to file */ system_dmesg_save(); @@ -400,6 +400,6 @@ unset($g['booting']); led_normalize(); -conf_mount_ro(true); +conf_mount_ro(); ?> @@ -42,7 +42,10 @@ exit; } - conf_mount_rw(true); + /* are we already running? if not, do conf_mount_rw(), otherwise it should already be rw */ + if(!is_subsystem_dirty('sshdkeys')) { + conf_mount_rw(); + } function file_size($file) { $size = filesize($file); @@ -138,7 +141,6 @@ /* are we already running? if so exit */ if(is_subsystem_dirty('sshdkeys')) { - conf_mount_ro(true); exit; } @@ -185,6 +187,6 @@ exec("mkdir /conf/sshd"); exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd"); } - conf_mount_ro(true); + conf_mount_ro(); ?> diff --git a/usr/local/sbin/ovpn-linkup b/usr/local/sbin/ovpn-linkup index 60489c2..613822c 100755 --- a/usr/local/sbin/ovpn-linkup +++ b/usr/local/sbin/ovpn-linkup @@ -2,7 +2,11 @@ # let the configuration system know that the ip has changed. #/usr/local/sbin/pfSctl -c "interface newip $interface" -/bin/echo $4 > /tmp/$1_router +if [ -n $route_vpn_gateway ]; then + /bin/echo $route_vpn_gateway > /tmp/$1_router +else + /bin/echo $4 > /tmp/$1_router +fi /usr/bin/touch /tmp/$1up # reload filter /usr/local/sbin/pfSctl -c "interface newip $1" diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 135dd99..e9f4577 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -288,7 +288,7 @@ function typesel_change() { $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 361d324..3dc1d83 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -482,7 +482,7 @@ include("fbegin.inc"); ?> $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index db6d03d..4d960f2 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -416,7 +416,7 @@ function poolopts_change() { $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 8fa4670..daf577a 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -169,7 +169,7 @@ if (is_array($config['pppoes']['pppoe'])) { } /* add ipsec interfaces */ -if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) +if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $iflist["enc0"] = "IPsec"; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 29b0336..c051518 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -692,7 +692,7 @@ include("head.inc"); if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; /* add openvpn/tun interfaces */ diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 2ad0217..d6ffc55 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -168,34 +168,42 @@ if ($_POST) { /* input validation */ if ($_POST['enable']) { - $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); - $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + if (!$_POST['vouchersyncusername']) { + $reqdfields = explode(" ", "charset rollbits ticketbits checksumbits publickey magic saveinterval"); + $reqdfieldsn = array(gettext("charset"),gettext("rollbits"),gettext("ticketbits"),gettext("checksumbits"),gettext("publickey"),gettext("magic"),gettext("saveinterval")); + } else { + $reqdfields = explode(" ", "vouchersyncdbip vouchersyncport vouchersyncpass vouchersyncusername"); + $reqdfieldsn = array(gettext("Synchronize Voucher Database IP"),gettext("Sync port"),gettext("Sync password"),gettext("Sync username")); + } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } - // Check for form errors - if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) - $input_errors[] = gettext("Need at least 2 characters to create vouchers."); - if ($_POST['charset'] && (strpos($_POST['charset'],"\"")>0)) - $input_errors[] = gettext("Double quotes aren't allowed."); - if ($_POST['charset'] && (strpos($_POST['charset'],",")>0)) - $input_errors[] = "',' " . gettext("aren't allowed."); - if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) - $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); - if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) - $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); - if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) - $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); - if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) - $input_errors[] = gettext("Save interval in minutes cant be negative."); - if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) - $input_errors[] = gettext("This doesn't look like an RSA Public key."); - if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) - $input_errors[] = gettext("This doesn't look like an RSA Private key."); + if (!$_POST['vouchersyncusername']) { + // Check for form errors + if ($_POST['charset'] && (strlen($_POST['charset'] < 2))) + $input_errors[] = gettext("Need at least 2 characters to create vouchers."); + if ($_POST['charset'] && (strpos($_POST['charset'],"\"")>0)) + $input_errors[] = gettext("Double quotes aren't allowed."); + if ($_POST['charset'] && (strpos($_POST['charset'],",")>0)) + $input_errors[] = "',' " . gettext("aren't allowed."); + if ($_POST['rollbits'] && (!is_numeric($_POST['rollbits']) || ($_POST['rollbits'] < 1) || ($_POST['rollbits'] > 31))) + $input_errors[] = gettext("# of Bits to store Roll Id needs to be between 1..31."); + if ($_POST['ticketbits'] && (!is_numeric($_POST['ticketbits']) || ($_POST['ticketbits'] < 1) || ($_POST['ticketbits'] > 16))) + $input_errors[] = gettext("# of Bits to store Ticket Id needs to be between 1..16."); + if ($_POST['checksumbits'] && (!is_numeric($_POST['checksumbits']) || ($_POST['checksumbits'] < 1) || ($_POST['checksumbits'] > 31))) + $input_errors[] = gettext("# of Bits to store checksum needs to be between 1..31."); + if ($_POST['saveinterval'] && (!is_numeric($_POST['saveinterval']) || ($_POST['saveinterval'] < 1))) + $input_errors[] = gettext("Save interval in minutes cant be negative."); + if ($_POST['publickey'] && (!strstr($_POST['publickey'],"BEGIN PUBLIC KEY"))) + $input_errors[] = gettext("This doesn't look like an RSA Public key."); + if ($_POST['privatekey'] && (!strstr($_POST['privatekey'],"BEGIN RSA PRIVATE KEY"))) + $input_errors[] = gettext("This doesn't look like an RSA Private key."); + } if (!$input_errors) { - $config['voucher']['enable'] = $_POST['enable'] ? true : false; + $config['voucher']['enable'] = $_POST['enable'] ? true : false; + if (!$_POST['vouchersyncusername']) { $config['voucher']['charset'] = $_POST['charset']; $config['voucher']['rollbits'] = $_POST['rollbits']; $config['voucher']['ticketbits'] = $_POST['ticketbits']; @@ -206,6 +214,9 @@ if ($_POST) { $config['voucher']['privatekey'] = base64_encode($_POST['privatekey']); $config['voucher']['msgnoaccess'] = $_POST['msgnoaccess']; $config['voucher']['msgexpired'] = $_POST['msgexpired']; + write_config(); + voucher_configure(); + } else { $config['voucher']['vouchersyncdbip'] = $_POST['vouchersyncdbip']; $config['voucher']['vouchersyncport'] = $_POST['vouchersyncport']; $config['voucher']['vouchersyncusername'] = $_POST['vouchersyncusername']; @@ -215,34 +226,28 @@ if ($_POST) { // Synchronize the voucher DB from the master node require_once("xmlrpc.inc"); if($config['voucher']['vouchersyncport'] == "443") - $url = "https://{$config['voucher']['vouchersyncdbip']}:{$config['voucher']['vouchersyncport']}"; + $url = "https://{$config['voucher']['vouchersyncdbip']}"; else - $url = "http://{$config['voucher']['vouchersyncdbip']}:{$config['voucher']['vouchersyncport']}"; + $url = "http://{$config['voucher']['vouchersyncdbip']}"; + $execcmd = <<<EOF - \$toreturn['voucher']['roll'] = \$config['voucher']['roll']; - \$toreturn['voucher']['charset'] = \$config['voucher']['charset']; - \$toreturn['voucher']['rollbits'] = \$config['voucher']['rollbits']; - \$toreturn['voucher']['ticketbits'] = \$config['voucher']['ticketbits']; - \$toreturn['voucher']['saveinterval'] = \$config['voucher']['saveinterval']; - \$toreturn['voucher']['checksumbits'] = \$config['voucher']['checksumbits']; - \$toreturn['voucher']['magic'] = \$config['voucher']['magic']; - \$toreturn['voucher']['publickey'] = \$config['voucher']['publickey']; - \$toreturn['voucher']['privatekey'] = \$config['voucher']['privatekey']; - \$toreturn['voucher']['msgnoaccess'] = \$config['voucher']['msgnoaccess']; - \$toreturn['voucher']['msgexpired'] = \$config['voucher']['msgexpired']; - + \$toreturn['voucher'] = \$config['voucher']; + unset(\$toreturn['vouchersyncport'], \$toreturn['vouchersyncpass'], \$toreturn['vouchersyncusername'], \$toreturn['vouchersyncdbip']); + EOF; + /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($config['voucher']['vouchersyncpass']), XML_RPC_encode($execcmd) ); + $port = $config['voucher']['vouchersyncport']; log_error("voucher XMLRPC sync data {$url}:{$port}."); $msg = new XML_RPC_Message('pfsense.exec_php', $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $config['voucher']['vouchersyncport']); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($config['voucher']['vouchersyncusername'], $config['voucher']['vouchersyncpass']); $resp = $cli->send($msg, "250"); - if(!$resp) { + if(!is_object($resp)) { $error = "A communications error occurred while attempting CaptivePortalVoucherSync XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("CaptivePortalVoucherSync", $error, "Communications error occurred", ""); @@ -257,43 +262,47 @@ EOF; } else { log_error("The Captive Portal voucher database has been synchronized with {$url}:{$port} (pfsense.exec_php)."); } - $toreturn = XML_RPC_Decode($resp->value()); - if(!is_array($toreturn)) { - if($toreturn == "Authentication failed") - $input_errors[] = "Could not synchronize the voucher database: Authentication Failed."; - } else { - // If we received back the voucher roll and other information then store it. - if($toreturn['voucher']['roll']) - $config['voucher']['roll'] = $toreturn['voucher']['roll']; - if($toreturn['voucher']['rollbits']) - $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; - if($toreturn['voucher']['ticketbits']) - $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; - if($toreturn['voucher']['saveinterval']) - $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; - if($toreturn['voucher']['checksumbits']) - $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; - if($toreturn['voucher']['magic']) - $config['voucher']['magic'] = $toreturn['voucher']['magic']; - if($toreturn['voucher']['publickey']) - $config['voucher']['publickey'] = $toreturn['voucher']['publickey']; - if($toreturn['voucher']['privatekey']) - $config['voucher']['privatekey'] = $toreturn['voucher']['privatekey']; - if($toreturn['voucher']['msgnoaccess']) - $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; - if($toreturn['voucher']['msgexpired']) - $config['voucher']['msgexpired'] = $toreturn['voucher']['msgexpired']; - if($toreturn['voucher']['msgnoaccess']) - $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; - $savemsg = gettext("Voucher database has been synchronized from {$url}"); + if (!$input_errors) { + $toreturn = XML_RPC_Decode($resp->value()); + if(!is_array($toreturn)) { + if($toreturn == "Authentication failed") + $input_errors[] = "Could not synchronize the voucher database: Authentication Failed."; + } else { + // If we received back the voucher roll and other information then store it. + if($toreturn['voucher']['roll']) + $config['voucher']['roll'] = $toreturn['voucher']['roll']; + if($toreturn['voucher']['rollbits']) + $config['voucher']['rollbits'] = $toreturn['voucher']['rollbits']; + if($toreturn['voucher']['ticketbits']) + $config['voucher']['ticketbits'] = $toreturn['voucher']['ticketbits']; + if($toreturn['voucher']['saveinterval']) + $config['voucher']['saveinterval'] = $toreturn['voucher']['saveinterval']; + if($toreturn['voucher']['checksumbits']) + $config['voucher']['checksumbits'] = $toreturn['voucher']['checksumbits']; + if($toreturn['voucher']['magic']) + $config['voucher']['magic'] = $toreturn['voucher']['magic']; + if($toreturn['voucher']['publickey']) + $config['voucher']['publickey'] = $toreturn['voucher']['publickey']; + if($toreturn['voucher']['privatekey']) + $config['voucher']['privatekey'] = $toreturn['voucher']['privatekey']; + if($toreturn['voucher']['msgnoaccess']) + $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; + if($toreturn['voucher']['msgexpired']) + $config['voucher']['msgexpired'] = $toreturn['voucher']['msgexpired']; + if($toreturn['voucher']['msgnoaccess']) + $config['voucher']['msgnoaccess'] = $toreturn['voucher']['msgnoaccess']; + $savemsg = gettext("Voucher database has been synchronized from {$url}:{$port}"); + + write_config(); + voucher_configure(true); + } } } - write_config(); - voucher_configure(); - if($savemsg && isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) - $savemsg .= "<br/>"; - if (isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) - $savemsg .= gettext("Don't forget to configure and enable Captive Portal."); + } + if($savemsg && isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) + $savemsg .= "<br/>"; + if (isset($config['voucher']['enable']) && !isset($config['captiveportal']['enable'])) + $savemsg .= gettext("Don't forget to configure and enable Captive Portal."); } } include("head.inc"); @@ -582,6 +591,8 @@ function enable_change(enable_change) { <td colspan="2" class="list"><p class="vexpl"> <span class="red"><strong> <?=gettext("Note:"); ?><br> </strong></span> <?=gettext("Changing any Voucher parameter (apart from managing the list of Rolls) on this page will render existing vouchers useless if they were generated with different settings."); ?> + <br/> + <?=gettext("Specifying the Voucher Database Synchronization options will not record any other value from the other options. They will be retrieved/synced from the master."); ?> </p> </td> </tr> diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index 4527a71..6c00da4 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -163,7 +163,7 @@ function updateBandwidthHosts(data){ <?php /* link the ipsec interface magically */ -if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) +if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) $ifdescrs['enc0'] = "IPsec"; ?> diff --git a/usr/local/www/status_rrd_graph_img.php b/usr/local/www/status_rrd_graph_img.php index 2094a87..22802bc 100644 --- a/usr/local/www/status_rrd_graph_img.php +++ b/usr/local/www/status_rrd_graph_img.php @@ -860,42 +860,42 @@ elseif((strstr($curdatabase, "-quality.rrd")) && (file_exists("$rrddbpath$curdat } elseif((strstr($curdatabase, "spamd.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { /* graph a spamd statistics graph */ - $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; - $graphcmd .= "--start $start --end $end "; - $graphcmd .= "--title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" "; - $graphcmd .= "--color SHADEA#eeeeee --color SHADEB#eeeeee "; - $graphcmd .= "--vertical-label=\"Conn / Time, sec.\" "; - $graphcmd .= "--height 200 --width 620 --no-gridfit "; - $graphcmd .= "--lower-limit 0 "; - $graphcmd .= "DEF:\"consmin=$rrddbpath$curdatabase:conn:MIN\" "; - $graphcmd .= "DEF:\"consavg=$rrddbpath$curdatabase:conn:AVERAGE\" "; - $graphcmd .= "DEF:\"consmax=$rrddbpath$curdatabase:conn:MAX\" "; - $graphcmd .= "DEF:\"timemin=$rrddbpath$curdatabase:time:MIN\" "; - $graphcmd .= "DEF:\"timeavg=$rrddbpath$curdatabase:time:AVERAGE\" "; - $graphcmd .= "DEF:\"timemax=$rrddbpath$curdatabase:time:MAX\" "; - $graphcmd .= "CDEF:\"timeminadj=timemin,0,86400,LIMIT,UN,0,timemin,IF\" "; - $graphcmd .= "CDEF:\"timeavgadj=timeavg,0,86400,LIMIT,UN,0,timeavg,IF\" "; - $graphcmd .= "CDEF:\"timemaxadj=timemax,0,86400,LIMIT,UN,0,timemax,IF\" "; - $graphcmd .= "CDEF:\"t1=timeminadj,timeavgadj,+,2,/,timeminadj,-\" "; - $graphcmd .= "CDEF:\"t2=timeavgadj,timemaxadj,+,2,/,timeminadj,-,t1,-\" "; - $graphcmd .= "CDEF:\"t3=timemaxadj,timeminadj,-,t1,-,t2,-\" "; - $graphcmd .= "AREA:\"timeminadj\" "; - $graphcmd .= "AREA:\"t1#$colorspamdtime[0]::STACK\" "; - $graphcmd .= "AREA:\"t2#$colorspamdtime[1]::STACK\" "; - $graphcmd .= "AREA:\"t3#$colorspamdtime[2]::STACK\" "; - $graphcmd .= "LINE2:\"timeavgadj#$colorspamdtime[3]:\"Time \" "; - $graphcmd .= "GPRINT:\"timeminadj:MIN:\"Min\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"timeavgadj:AVERAGE:\"Avg\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"timemaxadj:MAX:\"Max\\:%6.2lf\\n\" "; - $graphcmd .= "AREA:\"consmax#$colorspamdconn[0]\" "; - $graphcmd .= "AREA:\"consmin#$colorspamdconn[1]\" "; - $graphcmd .= "LINE1:\"consmin#$colorspamdconn[2]\" "; - $graphcmd .= "LINE1:\"consmax#$colorspamdconn[3]\" "; - $graphcmd .= "LINE1:\"consavg#$colorspamdconn[4]:\"Cons \" "; - $graphcmd .= "GPRINT:\"consmin:MIN:\"Min\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" "; - $graphcmd .= "GPRINT:\"consmax:MAX:\"Max\\:%6.2lf\\n\" "; - $graphcmd .= "COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; + $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png \\ + --start $start --end $end \\ + --title \"`hostname` - {$prettydb} - {$hperiod} - {$havg} average\" \\ + --color SHADEA#eeeeee --color SHADEB#eeeeee \\ + --vertical-label=\"Conn / Time, sec.\" \\ + --height 200 --width 620 --no-gridfit \\ + --lower-limit 0 \\ + DEF:consmin=$rrddbpath$curdatabase:conn:MIN \\ + DEF:consavg=$rrddbpath$curdatabase:conn:AVERAGE \\ + DEF:consmax=$rrddbpath$curdatabase:conn:MAX \\ + DEF:timemin=$rrddbpath$curdatabase:time:MIN \\ + DEF:timeavg=$rrddbpath$curdatabase:time:AVERAGE \\ + DEF:timemax=$rrddbpath$curdatabase:time:MAX \\ + \"CDEF:timeminadj=timemin,0,86400,LIMIT,UN,0,timemin,IF\" \\ + \"CDEF:timeavgadj=timeavg,0,86400,LIMIT,UN,0,timeavg,IF\" \\ + \"CDEF:timemaxadj=timemax,0,86400,LIMIT,UN,0,timemax,IF\" \\ + \"CDEF:t1=timeminadj,timeavgadj,+,2,/,timeminadj,-\" \\ + \"CDEF:t2=timeavgadj,timemaxadj,+,2,/,timeminadj,-,t1,-\" \\ + \"CDEF:t3=timemaxadj,timeminadj,-,t1,-,t2,-\" \\ + AREA:timeminadj \\ + AREA:t1#$colorspamdtime[0]::STACK \\ + AREA:t2#$colorspamdtime[1]::STACK \\ + AREA:t3#$colorspamdtime[2]::STACK \\ + LINE2:timeavgadj#$colorspamdtime[3]:\"Time \" \\ + GPRINT:timeminadj:MIN:\"Min\\:%6.2lf\\t\" \\ + GPRINT:timeavgadj:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ + GPRINT:timemaxadj:MAX:\"Max\\:%6.2lf\\n\" \\ + AREA:consmax#$colorspamdconn[0] \\ + AREA:consmin#$colorspamdconn[1] \\ + LINE1:consmin#$colorspamdconn[2] \\ + LINE1:consmax#$colorspamdconn[3] \\ + LINE1:consavg#$colorspamdconn[4]:\"Cons \" \\ + GPRINT:consmin:MIN:\"Min\\:%6.2lf\\t\" \\ + GPRINT:consavg:AVERAGE:\"Avg\\:%6.2lf\\t\" \\ + GPRINT:consmax:MAX:\"Max\\:%6.2lf\\n\" \\ + COMMENT:\"\t\t\t\t\t\t\t\t\t\t\t\t\t`date +\"%b %d %H\:%M\:%S %Y\"`\" "; } elseif((strstr($curdatabase, "-cellular.rrd")) && (file_exists("$rrddbpath$curdatabase"))) { $graphcmd = "$rrdtool graph $rrdtmppath$curdatabase-$curgraph.png "; |