255) {
$input_errors[] = gettext("Number of PPPoE users must be between 1 and 255");
}
if (!is_numericint($_POST['n_pppoe_maxlogin']) || $_POST['n_pppoe_maxlogin'] > 255) {
$input_errors[] = gettext("User Max Logins must be between 1 and 255");
}
if (!is_numericint($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] > 32) {
$input_errors[] = gettext("Subnet mask must be an interger between 0 and 32");
}
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
if (is_inrange_v4($_POST['localip'], $_POST['remoteip'], ip_after($_POST['remoteip'], $_POST['pppoe_subnet'] - 1))) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip($_POST['interface'])) {
$input_errors[] = gettext("The specified server address is equal to an interface ip address.");
}
for ($x = 0; $x < 4999; $x++) {
if ($_POST["username{$x}"]) {
if (empty($_POST["password{$x}"])) {
$input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]);
}
if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) {
$input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $_POST["username{$x}"]);
}
}
}
}
if ($_POST['pppoeid'] && !is_numeric($_POST['pppoeid'])) {
$input_errors[] = gettext("Wrong data submitted");
}
if (!$input_errors) {
$pppoecfg = array();
$pppoecfg['remoteip'] = $_POST['remoteip'];
$pppoecfg['localip'] = $_POST['localip'];
$pppoecfg['mode'] = $_POST['mode'];
$pppoecfg['interface'] = $_POST['interface'];
$pppoecfg['n_pppoe_units'] = $_POST['n_pppoe_units'];
$pppoecfg['n_pppoe_maxlogin'] = $_POST['n_pppoe_maxlogin'];
$pppoecfg['pppoe_subnet'] = $_POST['pppoe_subnet'];
$pppoecfg['descr'] = $_POST['descr'];
if ($_POST['radiusserver'] || $_POST['radiusserver2']) {
$pppoecfg['radius'] = array();
$pppoecfg['radius']['nasip'] = $_POST['radius_nasip'];
$pppoecfg['radius']['acct_update'] = $_POST['radius_acct_update'];
}
if ($_POST['radiusserver']) {
$pppoecfg['radius']['server'] = array();
$pppoecfg['radius']['server']['ip'] = $_POST['radiusserver'];
if ($_POST['radiussecret'] != DMYPWD) {
$pppoecfg['radius']['server']['secret'] = $_POST['radiussecret'];
}
$pppoecfg['radius']['server']['port'] = $_POST['radiusserverport'];
$pppoecfg['radius']['server']['acctport'] = $_POST['radiusserveracctport'];
}
if ($_POST['radiusserver2']) {
$pppoecfg['radius']['server2'] = array();
$pppoecfg['radius']['server2']['ip'] = $_POST['radiusserver2'];
if ($_POST['radiussecret2'] != DMYPWD) {
$pppoecfg['radius']['server2']['secret2'] = $_POST['radiussecret2'];
}
$pppoecfg['radius']['server2']['port'] = $_POST['radiusserver2port'];
$pppoecfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport'];
}
if ($_POST['pppoe_dns1'] <> "") {
$pppoecfg['dns1'] = $_POST['pppoe_dns1'];
}
if ($_POST['pppoe_dns2'] <> "") {
$pppoecfg['dns2'] = $_POST['pppoe_dns2'];
}
if ($_POST['radiusenable'] == "yes") {
$pppoecfg['radius']['server']['enable'] = true;
}
if ($_POST['radiussecenable'] == "yes") {
$pppoecfg['radius']['server2']['enable'] = true;
}
if ($_POST['radacct_enable'] == "yes") {
$pppoecfg['radius']['accounting'] = true;
}
if ($_POST['radiusissueips'] == "yes") {
$pppoecfg['radius']['radiusissueips'] = true;
}
if ($_POST['pppoeid']) {
$pppoecfg['pppoeid'] = $_POST['pppoeid'];
} else {
$pppoecfg['pppoeid'] = vpn_pppoe_get_id();
}
$users = array();
for ($x = 0; $x < 4999; $x++) {
if ($_POST["username{$x}"]) {
$usernam = $_POST["username{$x}"] . ":" . base64_encode($_POST["password{$x}"]);
if ($_POST["ip{$x}"]) {
$usernam .= ":" . $_POST["ip{$x}"];
}
$users[] = $usernam;
}
}
if (count($users) > 0) {
$pppoecfg['username'] = implode(" ", $users);
}
if (!isset($id)) {
$id = count($a_pppoes);
}
if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply")) {
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply"));
} else {
$toapplylist = array();
}
$toapplylist[] = $pppoecfg['pppoeid'];
$a_pppoes[$id] = $pppoecfg;
write_config();
mark_subsystem_dirty('vpnpppoe');
file_put_contents("{$g['tmp_path']}/.vpn_pppoe.apply", serialize($toapplylist));
header("Location: services_pppoe.php");
exit;
}
}
function build_interface_list() {
$list = array();
$interfaces = get_configured_interface_with_descr();
foreach ($interfaces as $iface => $ifacename) {
$list[$iface] = $ifacename;
}
return($list);
}
$pgtitle = array(gettext("Services"), gettext("PPPoE Server"), gettext("Edit"));
$shortcut_section = "pppoes";
include("head.inc");
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$form = new Form();
$section = new Form_Section('PPPoE Server Configuration');
$section->addInput(new Form_Checkbox(
'mode',
'Enable',
'Enable PPPoE Server',
($pconfig['mode'] == "server"),
'server'
)) ->toggles('.form-group:not(:first-child)');
$section->addInput(new Form_Select(
'interface',
'Interface',
$pconfig['interface'],
build_interface_list()
));
$section->addInput(new Form_Select(
'n_pppoe_units',
'Total User Count',
$pconfig['n_pppoe_units'],
array_combine(range(1, 255, 1), range(1, 255, 1))
))->setHelp('The number of PPPoE users allowed to connect to this server simultaneously.');
$section->addInput(new Form_Select(
'n_pppoe_maxlogin',
'User Max Logins',
$pconfig['n_pppoe_maxlogin'],
array_combine(range(1, 255, 1), range(1, 255, 1))
))->setHelp('The number of times a single user may be logged in at the same time.');
$section->addInput(new Form_IpAddress(
'localip',
'Server Address',
$pconfig['localip']
))->setHelp('Enter the IP address the PPPoE server should give to clients for use as their "gateway".' . '
' .
'Typically this is set to an unused IP just outside of the client range.'. '
' .
'NOTE: This should NOT be set to any IP address currently in use on this firewall.');
$section->addInput(new Form_IpAddress(
'remoteip',
'Remote Address Range',
$pconfig['remoteip']
))->setHelp('Specify the starting address for the client IP address subnet.');
$section->addInput(new Form_Select(
'pppoe_subnet',
'Subnet mask',
$pconfig['pppoe_subnet'],
array_combine(range(0, 32, 1), range(0, 32, 1))
))->setHelp('Hint: 24 is 255.255.255.0');
$section->addInput(new Form_Input(
'descr',
'Description',
'text',
$pconfig['descr']
));
$section->addInput(new Form_Input(
'pppoe_dns1',
'DNS Servers',
'text',
$pconfig['pppoe_dns1']
));
$section->addInput(new Form_IpAddress(
'pppoe_dns2',
null,
$pconfig['pppoe_dns2']
))->setHelp('If entered these servers will be given to all PPPoE clients, otherwise LAN DNS and one WAN DNS will go to all clients.');
$section->addInput(new Form_Checkbox(
'radiusenable',
'RADIUS',
'Use RADIUS Authentication',
$pconfig['radiusenable']
))->setHelp('Users will be authenticated using the RADIUS server specified below. The local user database ' .
'will not be used.');
$section->addInput(new Form_Checkbox(
'radacct_enable',
null,
'Use RADIUS Accounting',
$pconfig['radacct_enable']
))->setHelp('Sends accounting packets to the RADIUS server.');
$section->addInput(new Form_Checkbox(
'radiussecenable',
null,
'Use a Backup RADIUS Authentication Server',
$pconfig['radiussecenable']
))->setHelp('If primary server fails all requests will be sent via backup server.');
$section->addInput(new Form_IpAddress(
'radius_nasip',
'NAS IP Address',
$pconfig['radius_nasip']
))->setHelp('NAS IP Address sent to the RADIUS Server');
$section->addInput(new Form_Input(
'radius_acct_update',
'RADIUS Accounting Update',
'text',
$pconfig['radius_acct_update']
))->setHelp('RADIUS accounting update period in seconds');
$section->addInput(new Form_Checkbox(
'radiusissueips',
'RADIUS Issued IP Addresses',
'Assign IP Addresses to users via RADIUS server reply attributes',
$pconfig['radiusissueips']
));
$group = new Form_Group('Primary RADIUS Server');
$group->add(new Form_IpAddress(
'radiusserver',
null,
$pconfig['radiusserver']
))->setHelp('IP Address');
$group->add(new Form_Input(
'radiusserverport',
null,
'text',
$pconfig['radiusserverport']
))->setHelp('Authentication port');
$group->add(new Form_Input(
'radiusserveracctport',
null,
'text',
$pconfig['radiusserveracctport']
))->setHelp('Accounting port (optional)');
$group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting).');
$section->add($group);
$section->addPassword(new Form_Input(
'radiussecret',
'Primary RADIUS Server Shared Secret',
'password',
$pconfig['radiussecret']
))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.');
$group = new Form_Group('Secondary RADIUS Server');
$group->add(new Form_IpAddress(
'radiusserver2',
null,
$pconfig['radiusserver2']
))->setHelp('IP Address');
$group->add(new Form_Input(
'radiusserver2port',
null,
'text',
$pconfig['radiusserver2port']
))->setHelp('Authentication port');
$group->add(new Form_Input(
'radiusserver2acctport',
null,
'text',
$pconfig['radiusserver2acctport']
))->setHelp('Accounting port (optional)');
$group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting).');
$section->add($group);
$section->addPassword(new Form_Input(
'radiussecret2',
'Secondary RADIUS Server Shared Secret',
'password',
$pconfig['radiussecret2']
))->setHelp('Enter the shared secret that will be used to authenticate to the backup RADIUS server.');
$counter = 0;
$numrows = count($item) -1;
$usernames = $pconfig['username'];
//DEBUG
//$usernames = 'sbeaver:TXlQYXNzd2Q=:192.168.1.1 smith:TXlQYXNzd2Q=:192.168.2.1 sjones:TXlQYXNzd2Q=:192.168.3.1 salpha:TXlQYXNzd2Q=:192.168.4.1';
if ($usernames == "") {
$usernames = '::';
}
if ($usernames != "") {
$item = explode(" ", $usernames);
$numrows = count($item) -1;
foreach ($item as $ww) {
$wws = explode(":", $ww);
$user = $wws[0];
$passwd = base64_decode($wws[1]);
$ip = $wws[2];
$group = new Form_Group($counter == 0 ? 'User table':null);
$group->addClass('repeatable');
$group->add(new Form_Input(
'username' . $counter,
null,
'text',
$user
))->setHelp($numrows == $counter ? 'Username':null);
$group->add(new Form_Input(
'password' . $counter,
null,
'password',
$passwd
))->setHelp($numrows == $counter ? 'Password':null);
$group->add(new Form_IpAddress(
'ip' . $counter,
null,
$ip
))->setHelp($numrows == $counter ? 'IP Address':null);
$group->add(new Form_Button(
'deleterow' . $counter,
'Delete',
null,
'fa-trash'
))->addClass('btn-warning');
$section->add($group);
$counter++;
}
}
$btnaddrow = new Form_Button(
'addrow',
'Add user',
null,
'fa-plus'
);
$btnaddrow->addClass('btn-success');
$section->addInput(new Form_StaticText(
null,
' ' . $btnaddrow
));
// Hidden fields
if (isset($id)) {
$section->addInput(new Form_Input(
'id',
null,
'hidden',
htmlspecialchars($id, ENT_QUOTES | ENT_HTML401)
));
}
if (isset($pconfig['pppoeid'])) {
$section->addInput(new Form_Input(
'pppoeid',
null,
'hidden',
$pconfig['pppoeid']
));
}
$form->add($section);
print($form);
print_info_box(gettext('Don\'t forget to add a firewall rule to permit traffic from PPPoE clients.'));
?>