From 446db7358b548acb3662a3b5abd642786971dd90 Mon Sep 17 00:00:00 2001 From: Matt Smith Date: Wed, 7 Oct 2015 15:22:17 -0500 Subject: Add support for an IPv6 pool for mobile clients. --- src/etc/inc/vpn.inc | 14 ++++++-- src/usr/local/www/vpn_ipsec_mobile.php | 66 +++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 4 deletions(-) diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index 4ecedaf..b999ea0 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -927,10 +927,18 @@ EOD; $rightsourceip = NULL; if (isset($ph1ent['mobile'])) { + $rightsourceips = array(); if (!empty($a_client['pool_address'])) { - $rightsourceip = "\trightsourceip = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; - } elseif ($ph1ent['authentication_method'] == "eap-radius") { - $rightsourceip = "\trightsourceip = %radius\n"; + $rightsourceips[] = "{$a_client['pool_address']}/{$a_client['pool_netbits']}"; + } + if (!empty($a_client['pool_address_v6'])) { + $rightsourceips[] = "{$a_client['pool_address_v6']}/{$a_client['pool_netbits_v6']}"; + } + if ($ph1ent['authentication_method'] == "eap-radius" && !count($rightsourceips)) { + $rightsourceips[] = "%radius"; + } + if (count($rightsourceips)) { + $rightsourceip = "\trightsourceip = " . implode(',', $rightsourceips) . "\n"; } } diff --git a/src/usr/local/www/vpn_ipsec_mobile.php b/src/usr/local/www/vpn_ipsec_mobile.php index 6d674d5..d0baa23 100644 --- a/src/usr/local/www/vpn_ipsec_mobile.php +++ b/src/usr/local/www/vpn_ipsec_mobile.php @@ -62,6 +62,8 @@ if (count($a_client)) { $pconfig['pool_address'] = $a_client['pool_address']; $pconfig['pool_netbits'] = $a_client['pool_netbits']; + $pconfig['pool_address_v6'] = $a_client['pool_address_v6']; + $pconfig['pool_netbits_v6'] = $a_client['pool_netbits_v6']; $pconfig['net_list'] = $a_client['net_list']; $pconfig['save_passwd'] = $a_client['save_passwd']; $pconfig['dns_domain'] = $a_client['dns_domain']; @@ -85,6 +87,12 @@ if (count($a_client)) { $pconfig['pool_netbits'] = 24; } + if ($pconfig['pool_address_v6']&&$pconfig['pool_netbits_v6']) { + $pconfig['pool_enable_v6'] = true; + } else { + $pconfig['pool_netbits_v6'] = 120; + } + if (isset($pconfig['net_list'])) { $pconfig['net_list_enable'] = true; } @@ -153,6 +161,11 @@ if ($_POST['save']) { $input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified."); } } + if ($pconfig['pool_enable_v6']) { + if (!is_ipaddrv6($pconfig['pool_address_v6'])) { + $input_errors[] = gettext("A valid IPv6 address for 'Virtual IPv6 Address Pool Network' must be specified."); + } + } if ($pconfig['dns_domain_enable']) { if (!is_domain($pconfig['dns_domain'])) { $input_errors[] = gettext("A valid value for 'DNS Default Domain' must be specified."); @@ -226,6 +239,11 @@ if ($_POST['save']) { $client['pool_netbits'] = $pconfig['pool_netbits']; } + if ($pconfig['pool_enable_v6']) { + $client['pool_address_v6'] = $pconfig['pool_address_v6']; + $client['pool_netbits_v6'] = $pconfig['pool_netbits_v6']; + } + if ($pconfig['net_list_enable']) { $client['net_list'] = true; } @@ -292,6 +310,17 @@ include("head.inc"); } } + function pool_change_v6() { + + if (document.iform.pool_enable_v6.checked) { + document.iform.pool_address_v6.disabled = 0; + document.iform.pool_netbits_v6.disabled = 0; + } else { + document.iform.pool_address_v6.disabled = 1; + document.iform.pool_netbits_v6.disabled = 1; + } + } + function dns_domain_change() { if (document.iform.dns_domain_enable.checked) @@ -451,6 +480,41 @@ $group->add(new Form_Select( $section->add($group); $section->addInput(new Form_Checkbox( + 'pool_enable_v6', + 'Virtual IPv6 Address Pool', + 'Provide a virtual IPv6 address to clients', + $pconfig['pool_enable_v6'] +))->toggles('.toggle-pool_enable_v6'); + +// TODO: Refactor this manual setup +$group = new Form_Group(''); +$group->addClass('toggle-pool_enable_v6 collapse'); + +if (!empty($pconfig['pool_enable_v6'])) + $group->addClass('in'); + +$group->add(new Form_Input( + 'pool_address_v6', + 'IPv6 Network', + 'text', + htmlspecialchars($pconfig['pool_address_v6']) +))->setWidth(4)->setHelp('Network configuration for Virtual IPv6 Address Pool'); + +$netBits = array(); + +for ($i = 128; $i >= 0; $i--) + $netBitsv6[$i] = $i; + +$group->add(new Form_Select( + 'pool_netbits_v6', + '', + $pconfig['pool_netbits_v6'], + $netBitsv6 +))->setWidth(3); + +$section->add($group); + +$section->addInput(new Form_Checkbox( 'net_list_enable', 'Network List', 'Provide a list of accessible networks to clients', @@ -608,4 +672,4 @@ $form->add($section); print $form; -include("foot.inc"); \ No newline at end of file +include("foot.inc"); -- cgit v1.1