From e24118864179ac426ca9c9105263be7a3b9cfdc0 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 21 Jun 2005 23:30:39 +0000 Subject: Import m0n0wall ipsec cert code --- usr/local/www/vpn_pptp.php | 212 ++++++++++++++++----------------------------- 1 file changed, 75 insertions(+), 137 deletions(-) (limited to 'usr/local/www/vpn_pptp.php') diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php index acf3fd7..43a19e5 100755 --- a/usr/local/www/vpn_pptp.php +++ b/usr/local/www/vpn_pptp.php @@ -1,23 +1,22 @@ #!/usr/local/bin/php . + + Copyright (C) 2003-2005 Manuel Kasper . All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -30,6 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("VPN", "PPTP"); require("guiconfig.inc"); if (!is_array($config['pptpd']['radius'])) { @@ -56,15 +56,15 @@ if ($_POST) { if ($_POST['mode'] == "server") { $reqdfields = explode(" ", "localip remoteip"); $reqdfieldsn = explode(",", "Server address,Remote start address"); - + if ($_POST['radiusenable']) { $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); - $reqdfieldsn = array_merge($reqdfieldsn, + $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "RADIUS server address,RADIUS shared secret")); } - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { $input_errors[] = "A valid server address must be specified."; } @@ -74,26 +74,26 @@ if ($_POST) { if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { $input_errors[] = "A valid RADIUS server address must be specified."; } - - if (!$input_errors) { + + if (!$input_errors) { $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); $subnet_start = ip2long($_POST['remoteip']); $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; - - if ((ip2long($_POST['localip']) >= $subnet_start) && + + if ((ip2long($_POST['localip']) >= $subnet_start) && (ip2long($_POST['localip']) <= $subnet_end)) { - $input_errors[] = "The specified server address lies in the remote subnet."; + $input_errors[] = "The specified server address lies in the remote subnet."; } if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { - $input_errors[] = "The specified server address is equal to the LAN interface address."; + $input_errors[] = "The specified server address is equal to the LAN interface address."; } } } else if ($_POST['mode'] == "redir") { $reqdfields = explode(" ", "redir"); $reqdfieldsn = explode(",", "PPTP redirection target address"); - + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - + if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { $input_errors[] = "A valid target address must be specified."; } @@ -109,25 +109,9 @@ if ($_POST) { $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; $pptpcfg['radius']['server'] = $_POST['radiusserver']; $pptpcfg['radius']['secret'] = $_POST['radiussecret']; - - if (($pconfig['mode'] == "server")) { - /* - * traverse ruleset. if no PPTP rule is found - * install one. - */ - $found_pptp_rule = 0; - foreach($config['filter']['rule'] as $rule) { - $pos = strpos($rule['descr'], "PPTP"); - if ( $pos <> false ) $found_pptp_rule = 1; - } - if($found_pptp_rule == 0) { - /* no PPTP rule found. craete one. */ - add_default_pptp_rule(); - } - } - + write_config(); - + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); @@ -135,15 +119,10 @@ if ($_POST) { config_unlock(); } $savemsg = get_std_save_message($retval); - if($found_pptp_rule ==0) $savemsg .= "
A default PPTP rule has been added to the firewall rules section."; } } ?> - - -<?=gentitle("VPN: PPTP");?> - - + - - - - -

VPN: PPTP

- - + +
+
- + - - + - + - - + - - + - - + - - - + - - + - + Sends accounting packets to the RADIUS server. - + + Enter the IP address of the RADIUS server. - + + Enter the shared secret that will be used to authenticate + to the RADIUS server. - + - + - - + - + + + +
  + > Off
  > Redirect incoming PPTP connections to:
PPTP redirection - + +
- Enter the IP address of a host which will accept incoming + Enter the IP address of a host which will accept incoming PPTP connections.
  > Enable PPTP server
Max. concurrent +
Max. concurrent connections +
Server address - + +
- Enter the IP address the PPTP server should use on its side + Enter the IP address the PPTP server should use on its side for all clients.
Remote address +
Remote address range - - / + + + /
Specify the starting address for the client IP address subnet.
- The PPTP server will assign + The PPTP server will assign addresses, starting at the address entered above, to clients.
RADIUS -

- > +

+ > Use a RADIUS server for authentication
- When set, all users will be authenticated using - the RADIUS server specified below. The local user database + When set, all users will be authenticated using + the RADIUS server specified below. The local user database will not be used.

- > + > Enable RADIUS accounting
- Send accounting packets to the RADIUS server.

RADIUS server -


- Enter the IP address of the RADIUS server.
RADIUS shared secret -


- Enter the shared secret that will be used to authenticate - to the RADIUS server.
  - > + + > Require 128-bit encryption
- When set, 128-bit encryption will be required. Otherwise - 40-bit and 56-bit encryption will also be accepted. Note that - encryption will always be forced on PPTP connections ( + When set, 128-bit encryption will be accepted. Otherwise, + 40-bit and 56-bit encryption will be accepted, too. Note that + encryption will always be forced on PPTP connections (i.e. unencrypted connections will not be accepted).
  - + +
 Note:
+ don't forget to add a firewall rule to permit + traffic from PPTP clients!
-
@@ -317,42 +294,3 @@ enable_change(false); //--> - - - - any"; - $a_filter[] = $filterent; - write_config(); - -} - -?> \ No newline at end of file -- cgit v1.1