diff options
Diffstat (limited to 'src/etc')
| -rw-r--r-- | src/etc/inc/config.console.inc | 18 | ||||
| -rw-r--r-- | src/etc/inc/config.lib.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/globals.inc | 19 | ||||
| -rw-r--r-- | src/etc/inc/interfaces.inc | 67 | ||||
| -rw-r--r-- | src/etc/inc/pfsense-utils.inc | 2 | ||||
| -rw-r--r-- | src/etc/inc/services.inc | 41 | ||||
| -rw-r--r-- | src/etc/inc/system.inc | 11 | ||||
| -rw-r--r-- | src/etc/inc/upgrade_config.inc | 7 | ||||
| -rw-r--r-- | src/etc/inc/util.inc | 66 | ||||
| -rw-r--r-- | src/etc/inc/vpn.inc | 265 | ||||
| -rwxr-xr-x | src/etc/rc.php_ini_setup | 2 |
11 files changed, 257 insertions, 243 deletions
diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc index 2fa7325..a87b082 100644 --- a/src/etc/inc/config.console.inc +++ b/src/etc/inc/config.console.inc @@ -66,6 +66,8 @@ EOD; echo gettext("No interfaces found!") . "\n"; $iflist = array(); } else { + // ifsmallist is kept with spaces at the beginning and end to assist with str_replace() operations + $ifsmallist = " "; foreach ($iflist as $iface => $ifa) { $friendly = convert_real_interface_to_friendly_interface_name($iface); $ifstatus = pfSense_get_interface_addresses($config['interfaces'][$friendly]['if']); @@ -73,7 +75,7 @@ EOD; $status = " (up)"; else $status = "(down)"; - $ifsmallist = trim($ifsmallist . " " . $iface); + $ifsmallist = $ifsmallist . $iface. " "; echo sprintf("% -7s%s %s %s\n", $iface, $ifa['mac'], $status, substr($ifa['dmesg'], 0, 48)); } @@ -175,7 +177,7 @@ EOD; "VLAN tag {$vlan['tag']}, parent interface {$vlan['if']}"); $iflist[$vlan['if'] . '_vlan' . $vlan['tag']] = array(); - $ifsmallist = trim($ifsmallist . " " . $vlan['if'] . '_vlan' . $vlan['tag']); + $ifsmallist = $ifsmallist . $vlan['if'] . '_vlan' . $vlan['tag'] . " "; } } @@ -189,7 +191,7 @@ EOD; do { echo "\n" . gettext("Enter the WAN interface name or 'a' for auto-detection") . " "; - printf(gettext("%s(%s or a): "), "\n", $ifsmallist); + printf(gettext("%s(%s or a): "), "\n", trim($ifsmallist)); $wanif = chop(fgets($fp)); if ($wanif === "") { return; @@ -201,13 +203,13 @@ EOD; unset($wanif); continue; } - $ifsmallist = trim(str_replace(" ", " ", str_replace($wanif, "", $ifsmallist))); + $ifsmallist = str_replace(" " . $wanif . " ", " ", $ifsmallist); } while (!$wanif); do { printf(gettext("%sEnter the LAN interface name or 'a' for auto-detection %s" . "NOTE: this enables full Firewalling/NAT mode.%s" . - "(%s a or nothing if finished):%s"), "\n", "\n", "\n", $ifsmallist, " "); + "(%s a or nothing if finished):%s"), "\n", "\n", "\n", trim($ifsmallist), " "); $lanif = chop(fgets($fp)); @@ -227,7 +229,7 @@ EOD; unset($lanif); continue; } - $ifsmallist = trim(str_replace(" ", " ", str_replace($lanif, "", $ifsmallist))); + $ifsmallist = str_replace(" " . $lanif . " ", " ", $ifsmallist); } while (!$lanif); /* optional interfaces */ @@ -246,7 +248,7 @@ EOD; } printf(gettext("%sEnter the Optional %s interface name or 'a' for auto-detection%s" . - "(%s a or nothing if finished):%s"), "\n", $io, "\n", $ifsmallist, " "); + "(%s a or nothing if finished):%s"), "\n", $io, "\n", trim($ifsmallist), " "); $optif[$i] = chop(fgets($fp)); @@ -263,7 +265,7 @@ EOD; unset($optif[$i]); continue; } - $ifsmallist = trim(str_replace(" ", " ", str_replace($optif[$i], "", $ifsmallist))); + $ifsmallist = str_replace(" " . $optif[$i] . " ", " ", $ifsmallist); } else { unset($optif[$i]); break; diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 2f8fa59..9ca1131 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -757,7 +757,7 @@ function config_validate($conffile) { } function cleanup_backupcache($lock = false) { - global $g; + global $config, $g; $i = false; $revisions = intval(is_numericint($config['system']['backupcount']) ? $config['system']['backupcount'] : $g['default_config_backup_count']); diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 2dd1714..a266eaa 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -67,7 +67,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "15.5", + "latest_config" => "15.6", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", @@ -101,27 +101,12 @@ if (is_numeric($g["product_version_patch"]) && $g["product_version_patch"] != "0 } if (file_exists("/etc/platform")) { - $arch = php_uname("m"); - - if (strstr($g['product_version'], "-RELEASE")) { - /* This is only necessary for RELEASE */ - $arch = ($arch == "i386") ? "" : '/' . $arch; - /* Full installs and NanoBSD use the same update directory and manifest in 2.x */ - $g['update_url']="https://updates.pfsense.org/_updaters{$arch}"; - $g['update_manifest']="https://updates.pfsense.org/manifest"; - } else { - /* Full installs and NanoBSD use the same update directory and manifest in 2.x */ - $g['update_url']="https://snapshots.pfsense.org/FreeBSD_releng/10.1/{$arch}/pfSense_HEAD/.updaters/"; - $g['update_manifest']="https://updates.pfSense.org/manifest"; - } - + $g['update_manifest']="https://updates.pfsense.org/manifest"; $g['platform'] = trim(file_get_contents("/etc/platform")); if ($g['platform'] == "nanobsd") { - $g['firmware_update_text']="pfSense-*.img.gz"; $g['hidebackupbeforeupgrade'] = true; $g['default_config_backup_count'] = 5; } else { - $g['firmware_update_text']="pfSense-*.tgz"; $g['default_config_backup_count'] = 30; } } else { diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 865009a..7feaf0e 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -1158,16 +1158,16 @@ function interfaces_configure() { /* reload IPsec tunnels */ vpn_ipsec_configure(); - /* reload dhcpd (interface enabled/disabled status may have changed) */ - services_dhcpd_configure(); - + /* restart dns servers (defering dhcpd reload) */ if (isset($config['dnsmasq']['enable'])) { - services_dnsmasq_configure(); + services_dnsmasq_configure(false); } - if (isset($config['unbound']['enable'])) { - services_unbound_configure(); + services_unbound_configure(false); } + + /* reload dhcpd (interface enabled/disabled status may have changed) */ + services_dhcpd_configure(); } return 0; @@ -1300,11 +1300,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = switch ($ifcfg['ipaddrv6']) { case "slaac": case "dhcp6": - $pidv6 = find_dhcp6c_process($realif); - if ($pidv6) { - posix_kill($pidv6, SIGTERM); - } - sleep(3); + kill_dhcp6client_process($realif); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf"); unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh"); unlink_if_exists("{$g['varetc_path']}/rtsold_{$realifv6}_script.sh"); @@ -3030,19 +3026,14 @@ function find_dhcp6c_process($interface) { } function kill_dhcp6client_process($interface) { - if (empty($interface) || !does_interface_exist($interface)) { - return; - } + if (empty($interface) || !does_interface_exist($interface)) { + return; + } - $i = 0; - while ((($pid = find_dhcp6c_process($interface)) != 0) && ($i < 3)) { - /* 3rd time make it die for sure */ - $sig = ($i == 2 ? SIGKILL : SIGTERM); - posix_kill($pid, $sig); - sleep(1); - $i++; - } - unset($i); + if (($pid = find_dhcp6c_process($interface)) != 0) { + mwexec("kill -9 {$pid}"); + sleep(1); + } } function interface_virtual_create($interface) { @@ -3536,14 +3527,15 @@ function interface_track6_configure($interface = "lan", $wancfg, $linkupevent = require_once("services.inc"); } + /* restart dns servers (defering dhcpd reload) */ if (isset($config['unbound']['enable'])) { - services_unbound_configure(); + services_unbound_configure(false); } - if (isset($config['dnsmasq']['enable'])) { - services_dnsmasq_configure(); + services_dnsmasq_configure(false); } + /* reconfigure dhcpdv6 (leaving dhcpdv4 alone) */ services_dhcpd_configure("inet6"); } @@ -3704,12 +3696,12 @@ function interface_6rd_configure($interface = "wan", $wancfg) { $rd6prefix = explode("/", $wancfg['prefix-6rd']); $rd6prefixlen = $rd6prefix[1]; $brgw = explode('.', $wancfg['gateway-6rd']); - $rd6brgw = substr(Net_IPv6::_ip2Bin($rd6prefix[0]), 0, $rd6prefixlen); + $rd6brgw = substr(ip6_to_bin($rd6prefix[0]), 0, $rd6prefixlen); $rd6brgw .= str_pad(decbin($brgw[0]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[1]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[2]), 8, '0', STR_PAD_LEFT) . str_pad(decbin($brgw[3]), 8, '0', STR_PAD_LEFT); if (strlen($rd6brgw) < 128) { $rd6brgw = str_pad($rd6brgw, 128, '0', STR_PAD_RIGHT); } - $rd6brgw = Net_IPv6::compress(Net_IPv6::_bin2Ip($rd6brgw)); + $rd6brgw = bin_to_compressed_ip6($rd6brgw); unset($brgw); $rd6prefix = Net_IPv6::uncompress($rd6prefix[0]); @@ -3974,23 +3966,20 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_routerv6\n"; $rtsoldscript .= "echo $2 > {$g['tmp_path']}/{$wanif}_defaultgwv6\n"; $rtsoldscript .= "/usr/bin/logger -t rtsold \"Received RA specifying route \$2 for interface {$interface}({$wanif})\"\n"; - $rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; - $rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; - $rtsoldscript .= "\t/bin/sleep 1\n"; - $rtsoldscript .= "fi\n"; - $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; - $rtsoldscript .= "/usr/local/sbin/dhcp6c {$debugOption} -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; - $rtsoldscript .= "/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n"; + /* non ipoe Process */ - if (!isset($wancfg['dhcp6withoutra'])) { + if (!isset($wancfg['dhcp6withoutra'])) { $rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n"; $rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n"; $rtsoldscript .= "\t/bin/sleep 1\n"; $rtsoldscript .= "fi\n"; } else { - $rtsoldscript .= "\t/bin/sleep 1\n"; + $rtsoldscript .= "{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\n"; + $rtsoldscript .= "/bin/sleep 1\n"; } $debugOption = isset($wancfg['dhcp6debug']) ? "-D" : "-d"; + + /* add the start of dhcp6c to the rtsold script if we are going to wait for ra */ if (!isset($wancfg['dhcp6withoutra'])) { $rtsoldscript .= "/usr/local/sbin/dhcp6c {$debugOption} -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n"; $rtsoldscript .= "/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n"; @@ -4013,11 +4002,13 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) { killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid"); sleep(2); } + + /* start dhcp6c here if we don't want to wait for ra */ if (isset($wancfg['dhcp6withoutra'])) { kill_dhcp6client_process($wanif); mwexec("/usr/local/sbin/dhcp6c {$debugOption} -c {$g['varetc_path']}/dhcp6c_wan.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}"); - mwexec("/usr/bin/logger -t mwtag 'Starting dhcp6 client for interface wan({$wanif} in IPoE mode)'"); + mwexec("/usr/bin/logger -t info 'Starting dhcp6 client for interface wan({$wanif} in DHCP6 without RA mode)'"); } mwexec("/usr/sbin/rtsold -1 -p {$g['varrun_path']}/rtsold_{$wanif}.pid -O {$g['varetc_path']}/rtsold_{$wanif}_script.sh {$wanif}"); diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 9087ff7..ebf80a8 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -1777,7 +1777,7 @@ function compare_hostname_to_dnscache($hostname) { */ function load_crypto() { global $config, $g; - $crypto_modules = array('glxsb', 'aesni'); + $crypto_modules = array('aesni'); if (!in_array($config['system']['crypto_hardware'], $crypto_modules)) { return false; diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 712d263..0d4ab92 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -395,6 +395,8 @@ function services_radvd_configure($blacklist = array()) { function services_dhcpd_configure($family = "all", $blacklist = array()) { global $config, $g; + $dhcpdconfigurelck = lock("dhcpdconfigure", LOCK_EX); + /* configure DHCPD chroot once */ $fd = fopen("{$g['tmp_path']}/dhcpd.sh", "w"); fwrite($fd, "/bin/mkdir -p {$g['dhcpd_chroot_path']}\n"); @@ -425,6 +427,8 @@ function services_dhcpd_configure($family = "all", $blacklist = array()) { services_dhcpdv6_configure($blacklist); services_radvd_configure($blacklist); } + + unlock($dhcpdconfigurelck); } function services_dhcpdv4_configure() { @@ -516,6 +520,20 @@ function services_dhcpdv4_configure() { $custoptions .= "option custom-{$dhcpif}-{$itemidx} code {$item['number']} = {$itemtype};\n"; } } + if (is_array($dhcpifconf['pool'])) { + foreach ($dhcpifconf['pool'] as $poolidx => $poolconf) { + if (is_array($poolconf['numberoptions']) && is_array($poolconf['numberoptions']['item'])) { + foreach ($poolconf['numberoptions']['item'] as $itemidx => $item) { + if (!empty($item['type'])) { + $itemtype = $item['type']; + } else { + $itemtype = "text"; + } + $custoptions .= "option custom-{$dhcpif}-{$poolidx}-{$itemidx} code {$item['number']} = {$itemtype};\n"; + } + } + } + } } $dhcpdconf = <<<EOD @@ -754,7 +772,7 @@ EOPP; $dhcpdconf .= "subnet {$subnet} netmask {$subnetmask} {\n"; // Setup pool options - foreach ($all_pools as $poolconf) { + foreach ($all_pools as $all_pools_idx => $poolconf) { if (!(ip_in_subnet($poolconf['range']['from'], "{$subnet}/{$ifcfgsn}") && ip_in_subnet($poolconf['range']['to'], "{$subnet}/{$ifcfgsn}"))) { // If the user has changed the subnet from the interfaces page and applied, // but has not updated the DHCP range, then the range to/from of the pool can be outside the subnet. @@ -851,9 +869,6 @@ EOPP; $pdnscfg .= " ddns-update-style interim;\n"; } - if (is_array($poolconf['dnsserver']) && ($poolconf['dnsserver'][0]) && ($poolconf['dnsserver'][0] != $dhcpifconf['dnsserver'][0])) { - $pdnscfg .= " option domain-name-servers " . join(",", $poolconf['dnsserver']) . ";\n"; - } $dhcpdconf .= "{$pdnscfg}"; // default-lease-time @@ -887,6 +902,23 @@ EOPP; $dhcpdconf .= " option tftp-server-name \"{$poolconf['tftp']}\";\n"; } + // Handle pool-specific options + $dhcpdconf .= "\n"; + // Ignore the first pool, which is the "overall" pool when $all_pools_idx is 0 - those are put outside the pool block later + if ($poolconf['numberoptions']['item'] && ($all_pools_idx > 0)) { + // Use the "real" pool index from the config, excluding the "overall" pool, and based from 0. + // This matches the way $poolidx was used when generating the $custoptions string earlier. + $poolidx = $all_pools_idx - 1; + foreach ($poolconf['numberoptions']['item'] as $itemidx => $item) { + $item_value = base64_decode($item['value']); + if (empty($item['type']) || $item['type'] == "text") { + $dhcpdconf .= " option custom-{$dhcpif}-{$poolidx}-{$itemidx} \"{$item_value}\";\n"; + } else { + $dhcpdconf .= " option custom-{$dhcpif}-{$poolidx}-{$itemidx} {$item_value};\n"; + } + } + } + // ldap-server if (!empty($poolconf['ldap']) && ($poolconf['ldap'] != $dhcpifconf['ldap'])) { $dhcpdconf .= " option ldap-server \"{$poolconf['ldap']}\";\n"; @@ -1282,6 +1314,7 @@ one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; +dhcp-cache-threshold 0; EOD; diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index b985daa..178f046 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -426,6 +426,7 @@ function system_hosts_generate() { sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); @unlink("{$g['varrun_path']}/dhcpleases.pid"); } + $fd = fopen("{$g['varetc_path']}/hosts", "w"); if (!$fd) { log_error(gettext("Error: cannot open hosts file in system_hosts_generate().")); @@ -439,12 +440,19 @@ function system_hosts_generate() { unbound_hosts_generate(); } + /* restart dhcpleases */ + if (!platform_booting()) { + system_dhcpleases_configure(); + } + return 0; } function system_dhcpleases_configure() { global $config, $g; + $pidfile = "{$g['varrun_path']}/dhcpleases.pid"; + /* Start the monitoring process for dynamic dhcpclients. */ if ((isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcp'])) || (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcp']))) { @@ -462,7 +470,6 @@ function system_dhcpleases_configure() { $unbound_conf = ""; } - $pidfile = "{$g['varrun_path']}/dhcpleases.pid"; if (isvalidpid($pidfile)) { /* Make sure dhcpleases is using correct unbound or dnsmasq */ $_gb = exec("/bin/pgrep -F {$pidfile} -f {$dns_pid}", $output, $retval); @@ -480,7 +487,7 @@ function system_dhcpleases_configure() { } @unlink($pidfile); mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/{$dns_pid} {$unbound_conf} -h {$g['varetc_path']}/hosts"); - } else { + } elseif (isvalidpid($pidfile)) { sigkillbypid($pidfile, "TERM"); @unlink($pidfile); } diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index ffb21af..aea055c 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -4970,4 +4970,11 @@ function upgrade_154_to_155() { } } } + +/* Unset references to glxsb in the config. See #6755 */ +function upgrade_155_to_156() { + if ($config['system']['crypto_hardware'] == "glxsb") { + unset($config['system']['crypto_hardware']); + } +} ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 0eafc3c..b46af03 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -371,8 +371,8 @@ function gen_subnetv4_max($ipaddr, $bits) { /* same as gen_subnet_max() but validates IPv6 only */ function gen_subnetv6_max($ipaddr, $bits) { if (is_ipaddrv6($ipaddr) && is_numericint($bits) && $bits <= 128) { - $endip_bin = substr(Net_IPv6::_ip2Bin($ipaddr), 0, $bits) . str_repeat('1', 128 - $bits); - return Net_IPv6::compress(Net_IPv6::_bin2Ip($endip_bin)); + $endip_bin = substr(ip6_to_bin($ipaddr), 0, $bits) . str_repeat('1', 128 - $bits); + return bin_to_compressed_ip6($endip_bin); } return ""; } @@ -399,7 +399,7 @@ function gen_subnet_mask_v6($bits) { /* Pad right with zeroes to reach the full address length */ $bin = str_pad($bin, 128, '0', STR_PAD_RIGHT); /* Convert back to an IPv6 address style notation */ - return Net_IPv6::_bin2Ip($bin); + return bin_to_ip6($bin); } /* Convert long int to IPv4 address @@ -420,6 +420,60 @@ function ip2ulong($ip) { return sprintf("%u", ip2long32($ip)); } +/* + * Convert IPv6 address to binary + * + * Obtained from: pear-Net_IPv6 + */ +function ip6_to_bin($ip) { + $binstr = ''; + + $ip = Net_IPv6::removeNetmaskSpec($ip); + $ip = Net_IPv6::Uncompress($ip); + + $parts = explode(':', $ip); + + foreach ( $parts as $v ) { + + $str = base_convert($v, 16, 2); + $binstr .= str_pad($str, 16, '0', STR_PAD_LEFT); + + } + + return $binstr; +} + +/* + * Convert IPv6 binary to uncompressed address + * + * Obtained from: pear-Net_IPv6 + */ +function bin_to_ip6($bin) { + $ip = ""; + + if (strlen($bin) < 128) { + $bin = str_pad($bin, 128, '0', STR_PAD_LEFT); + } + + $parts = str_split($bin, "16"); + + foreach ( $parts as $v ) { + $str = base_convert($v, 2, 16); + $ip .= $str.":"; + } + + $ip = substr($ip, 0, -1); + + return $ip; +} + +/* + * Convert IPv6 binary to compressed address + */ +function bin_to_compressed_ip6($bin) { + return Net_IPv6::compress(bin_to_ip6($bin)); +} + /* Find out how many IPs are contained within a given IP range * e.g. 192.168.0.0 to 192.168.0.255 returns 256 */ @@ -542,8 +596,8 @@ function ip_range_to_subnet_array($ip1, $ip2) { } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { $proto = 'ipv6'; $bits = 128; - $ip1bin = Net_IPv6::_ip2Bin($ip1); - $ip2bin = Net_IPv6::_ip2Bin($ip2); + $ip1bin = ip6_to_bin($ip1); + $ip2bin = ip6_to_bin($ip2); } else { return array(); } @@ -622,7 +676,7 @@ function ip_range_to_subnet_array($ip1, $ip2) { $i = str_split($ip, 8); $out[] = implode('.', array(bindec($i[0]), bindec($i[1]), bindec($i[2]), bindec($i[3]))) . '/' . $netmask; } else { - $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; + $out[] = bin_to_compressed_ip6($ip) . '/' . $netmask; } } diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 46a1dad..d04d8eb 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -1580,44 +1580,54 @@ function vpn_pppoe_configure(&$pppoecfg) { printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n"); return 1; } - $mpdconf = "\n\n"; - $mpdconf .= "poes:\n"; - for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - $mpdconf .= " load poes{$pppoecfg['pppoeid']}{$i}\n"; + $issue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 "; + if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) { + $issue_ip_type .= "0.0.0.0/0"; + } else { + $issue_ip_type .= "ippool p0"; } - for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - - $clientip = ip_after($pppoecfg['remoteip'], $i); - - if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) { - $issue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; - } else { - $issue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; - } - - $mpdconf .=<<<EOD - -poes{$pppoecfg['pppoeid']}{$i}: - new -i poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} - {$issue_ip_type} - load pppoe_standard + $ippool_p0 = ip_after($pppoecfg['remoteip'], $pppoecfg['n_pppoe_units'] - 1); -EOD; - } if (is_numeric($pppoecfg['n_pppoe_maxlogin']) && ($pppoecfg['n_pppoe_maxlogin'] > 0)) { $pppoemaxlogins = $pppoecfg['n_pppoe_maxlogin']; } else { $pppoemaxlogins = 1; } - $mpdconf .=<<<EOD + $ipcp_dns = ''; + if (!empty($pppoecfg['dns1'])) { + $ipcp_dns = "set ipcp dns " . $pppoecfg['dns1']; + if (!empty($pppoecfg['dns2'])) { + $ipcp_dns .= " " . $pppoecfg['dns2']; + } + } elseif (isset($config['dnsmasq']['enable']) || + isset ($config['unbound']['enable'])) { + $ipcp_dns = "set ipcp dns " . get_interface_ip("lan"); + if ($syscfg['dnsserver'][0]) { + $ipcp_dns .= " " . $syscfg['dnsserver'][0]; + } + } elseif (is_array($syscfg['dnsserver']) && + ($syscfg['dnsserver'][0])) { + $ipcp_dns = "set ipcp dns " . join(" ", $syscfg['dnsserver']); + } + + $mpdconf = <<<EOD +startup: -pppoe_standard: - set bundle no multilink +poes: + set ippool add p0 {$pppoecfg['remoteip']} {$ippool_p0} + + create bundle template poes_b set bundle enable compression - set auth max-logins {$pppoemaxlogins} + + set ccp yes mppc + set mppc yes e40 + set mppc yes e128 + set mppc yes stateless + + set iface group pppoe set iface up-script /usr/local/sbin/vpn-linkup set iface down-script /usr/local/sbin/vpn-linkdown set iface idle 0 @@ -1625,45 +1635,29 @@ pppoe_standard: set iface disable proxy-arp set iface enable tcpmssfix set iface mtu 1500 + + set ipcp no vjcomp + {$issue_ip_type} + {$ipcp_dns} + + create link template poes_l pppoe + set link action bundle poes_b + + set auth max-logins {$pppoemaxlogins} + + set pppoe iface {$pppoe_interface} + + set link no multilink set link no pap chap {$paporchap} set link keep-alive 60 180 - set ipcp yes vjcomp - set ipcp no vjcomp set link max-redial -1 - set link mtu 1492 set link mru 1492 - set ccp yes mpp-e40 - set ccp yes mpp-e128 - set ccp yes mpp-stateless set link latency 1 - #set ipcp dns 10.10.1.3 - #set bundle accept encryption + set link enable incoming EOD; - if (!empty($pppoecfg['dns1'])) { - $mpdconf .= " set ipcp dns " . $pppoecfg['dns1']; - if (!empty($pppoecfg['dns2'])) { - $mpdconf .= " " . $pppoecfg['dns2']; - } - $mpdconf .= "\n"; - } elseif (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (isset ($config['unbound']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { - $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; - } - if (isset ($pppoecfg['radius']['server']['enable'])) { $radiusport = ""; $radiusacctport = ""; @@ -1687,7 +1681,7 @@ EOD; EOD; } - if (isset($pppoecfg['radius']['nasip'])) { + if (!empty($pppoecfg['radius']['nasip'])) { $mpdconf .= "\tset radius me {$pppoecfg['radius']['nasip']}\n"; } } @@ -1696,32 +1690,6 @@ EOD; fclose($fd); unset($mpdconf); - /* write mpd.links */ - $fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w"); - if (!$fd) { - printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n"); - return 1; - } - - $mpdlinks = ""; - - for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { - $mpdlinks .=<<<EOD - -poes{$pppoecfg['pppoeid']}{$i}: - set phys type pppoe - set pppoe iface {$pppoe_interface} - set pppoe service "*" - set pppoe disable originate - set pppoe enable incoming - -EOD; - } - - fwrite($fd, $mpdlinks); - fclose($fd); - unset($mpdlinks); - if ($pppoecfg['username']) { /* write mpd.secret */ $fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w"); @@ -1754,7 +1722,7 @@ EOD; /* Get support for netgraph(4) from the nic */ pfSense_ngctl_attach(".", $pppoe_interface); /* fire up mpd */ - mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes"); + mwexec("/usr/local/sbin/mpd5 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes"); break; } @@ -1824,81 +1792,75 @@ function vpn_l2tp_configure() { printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n"); return 1; } - $mpdconf = "\n\n"; - $mpdconf .=<<<EOD -l2tps: -EOD; + $ippool_p0 = ip_after($l2tpcfg['remoteip'], $l2tpcfg['n_l2tp_units'] - 1); - for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - $mpdconf .= " load l2tp{$i}\n"; + $issue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 "; + if (isset($l2tpcfg['radius']['radiusissueips']) && isset($l2tpcfg['radius']['server']['enable'])) { + $issue_ip_type .= "0.0.0.0/0"; + } else { + $issue_ip_type .= "ippool p0"; } - for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - - $clientip = ip_after($l2tpcfg['remoteip'], $i); + $ipcp_nbns = ''; + if (is_ipaddr($l2tpcfg['wins'])) { + $ipcp_nbns = "set ipcp nbns {$l2tpcfg['wins']}"; + } - if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) { - $issue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0"; - } else { - $issue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 {$clientip}/32"; + $ipcp_dns = ''; + if (is_ipaddr($l2tpcfg['dns1'])) { + $ipcp_dns = "set ipcp dns " . $l2tpcfg['dns1']; + if (is_ipaddr($l2tpcfg['dns2'])) { + $ipcp_dns .= " " . $l2tpcfg['dns2']; } + } elseif (isset ($config['dnsmasq']['enable']) || + isset ($config['unbound']['enable'])) { + $ipcp_dns = "set ipcp dns " . get_interface_ip("lan"); + if ($syscfg['dnsserver'][0]) { + $ipcp_dns .= " " . $syscfg['dnsserver'][0]; + } + } elseif (is_array($syscfg['dnsserver']) && + ($syscfg['dnsserver'][0])) { + $ipcp_dns = "set ipcp dns " . join(" ", $syscfg['dnsserver']); + } - $mpdconf .=<<<EOD - -l2tp{$i}: - new -i l2tp{$i} l2tp{$i} l2tp{$i} - {$issue_ip_type} - load l2tp_standard + $mpdconf =<<<EOD -EOD; - } +startup: - $mpdconf .=<<<EOD +l2tps: + set ippool add p0 {$l2tpcfg['remoteip']} {$ippool_p0} -l2tp_standard: - set bundle disable multilink + create bundle template l2tp_b set bundle enable compression set bundle yes crypt-reqd - set ipcp yes vjcomp - # set ipcp ranges 131.188.69.161/32 131.188.69.170/28 + set ccp yes mppc - set iface disable on-demand - set iface enable proxy-arp + + set iface group l2tp set iface up-script /usr/local/sbin/vpn-linkup set iface down-script /usr/local/sbin/vpn-linkdown + set iface disable on-demand + set iface enable proxy-arp + + set ipcp yes vjcomp + {$issue_ip_type} + {$ipcp_nbns} + {$ipcp_dns} + + create link template l2tp_l l2tp + set link action bundle l2tp_b + set link yes acfcomp protocomp - set link no pap chap + set link enable multilink + set link no pap chap chap-msv2 {$paporchap} {$l2tp_listen} set link keep-alive 10 180 + set link enable incoming EOD; - if (is_ipaddr($l2tpcfg['wins'])) { - $mpdconf .= " set ipcp nbns {$l2tpcfg['wins']}\n"; - } - if (is_ipaddr($l2tpcfg['dns1'])) { - $mpdconf .= " set ipcp dns " . $l2tpcfg['dns1']; - if (is_ipaddr($l2tpcfg['dns2'])) { - $mpdconf .= " " . $l2tpcfg['dns2']; - } - $mpdconf .= "\n"; - } elseif (isset ($config['dnsmasq']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (isset ($config['unbound']['enable'])) { - $mpdconf .= " set ipcp dns " . get_interface_ip("lan"); - if ($syscfg['dnsserver'][0]) { - $mpdconf .= " " . $syscfg['dnsserver'][0]; - } - $mpdconf .= "\n"; - } elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { - $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; - } if (isset ($l2tpcfg['radius']['enable'])) { $mpdconf .=<<<EOD @@ -1921,33 +1883,6 @@ EOD; fclose($fd); unset($mpdconf); - /* write mpd.links */ - $fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.links", "w"); - if (!$fd) { - printf(gettext("Error: cannot open mpd.links in vpn_l2tp_configure().") . "\n"); - return 1; - } - - $mpdlinks = ""; - - for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { - $mpdlinks .=<<<EOD - -l2tp{$i}: - set link type l2tp - set l2tp enable incoming - set l2tp disable originate - -EOD; - if (!empty($l2tpcfg['secret'])) { - $mpdlinks .= "set l2tp secret {$l2tpcfg['secret']}\n"; - } - } - - fwrite($fd, $mpdlinks); - fclose($fd); - unset($mpdlinks); - /* write mpd.secret */ $fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.secret", "w"); if (!$fd) { @@ -1971,7 +1906,7 @@ EOD; vpn_netgraph_support(); /* fire up mpd */ - mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps"); + mwexec("/usr/local/sbin/mpd5 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps"); break; diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup index d1ea413..756b324 100755 --- a/src/etc/rc.php_ini_setup +++ b/src/etc/rc.php_ini_setup @@ -266,7 +266,7 @@ suhosin.post.max_value_length = 500000 suhosin.request.max_array_index_length = 256 suhosin.request.max_vars = 5000 suhosin.request.max_value_length = 500000 -suhosin.memory_limit = 536870912 +suhosin.memory_limit = 805306368 EOF |
