255) { $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255"); } if (!is_numericint($_POST['n_pppoe_maxlogin']) || $_POST['n_pppoe_maxlogin'] > 255) { $input_errors[] = gettext("User Max Logins must be between 1 and 255"); } if (!is_numericint($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] > 32) { $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32"); } $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']); if (is_inrange_v4($_POST['localip'], $_POST['remoteip'], ip_after($_POST['remoteip'], $_POST['pppoe_subnet'] - 1))) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip($_POST['interface'])) { $input_errors[] = gettext("The specified server address is equal to an interface ip address."); } for ($x = 0; $x < 4999; $x++) { if ($_POST["username{$x}"]) { if (empty($_POST["password{$x}"])) { $input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]); } if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) { $input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $_POST["username{$x}"]); } } } } if ($_POST['pppoeid'] && !is_numeric($_POST['pppoeid'])) { $input_errors[] = gettext("Wrong data submitted"); } if (!$input_errors) { $pppoecfg = array(); $pppoecfg['remoteip'] = $_POST['remoteip']; $pppoecfg['localip'] = $_POST['localip']; $pppoecfg['mode'] = $_POST['mode']; $pppoecfg['interface'] = $_POST['interface']; $pppoecfg['n_pppoe_units'] = $_POST['n_pppoe_units']; $pppoecfg['n_pppoe_maxlogin'] = $_POST['n_pppoe_maxlogin']; $pppoecfg['pppoe_subnet'] = $_POST['pppoe_subnet']; $pppoecfg['descr'] = $_POST['descr']; if ($_POST['radiusserver'] || $_POST['radiusserver2']) { $pppoecfg['radius'] = array(); $pppoecfg['radius']['nasip'] = $_POST['radius_nasip']; $pppoecfg['radius']['acct_update'] = $_POST['radius_acct_update']; } if ($_POST['radiusserver']) { $pppoecfg['radius']['server'] = array(); $pppoecfg['radius']['server']['ip'] = $_POST['radiusserver']; if ($_POST['radiussecret'] != DMYPWD) { $pppoecfg['radius']['server']['secret'] = $_POST['radiussecret']; } $pppoecfg['radius']['server']['port'] = $_POST['radiusserverport']; $pppoecfg['radius']['server']['acctport'] = $_POST['radiusserveracctport']; } if ($_POST['radiusserver2']) { $pppoecfg['radius']['server2'] = array(); $pppoecfg['radius']['server2']['ip'] = $_POST['radiusserver2']; if ($_POST['radiussecret2'] != DMYPWD) { $pppoecfg['radius']['server2']['secret2'] = $_POST['radiussecret2']; } $pppoecfg['radius']['server2']['port'] = $_POST['radiusserver2port']; $pppoecfg['radius']['server2']['acctport'] = $_POST['radiusserver2acctport']; } if ($_POST['pppoe_dns1'] <> "") { $pppoecfg['dns1'] = $_POST['pppoe_dns1']; } if ($_POST['pppoe_dns2'] <> "") { $pppoecfg['dns2'] = $_POST['pppoe_dns2']; } if ($_POST['radiusenable'] == "yes") { $pppoecfg['radius']['server']['enable'] = true; } if ($_POST['radiussecenable'] == "yes") { $pppoecfg['radius']['server2']['enable'] = true; } if ($_POST['radacct_enable'] == "yes") { $pppoecfg['radius']['accounting'] = true; } if ($_POST['radiusissueips'] == "yes") { $pppoecfg['radius']['radiusissueips'] = true; } if ($_POST['pppoeid']) { $pppoecfg['pppoeid'] = $_POST['pppoeid']; } else { $pppoecfg['pppoeid'] = vpn_pppoe_get_id(); } $users = array(); for ($x = 0; $x < 4999; $x++) { if ($_POST["username{$x}"]) { $usernam = $_POST["username{$x}"] . ":" . base64_encode($_POST["password{$x}"]); if ($_POST["ip{$x}"]) { $usernam .= ":" . $_POST["ip{$x}"]; } $users[] = $usernam; } } if (count($users) > 0) { $pppoecfg['username'] = implode(" ", $users); } if (!isset($id)) { $id = count($a_pppoes); } if (file_exists("{$g['tmp_path']}/.vpn_pppoe.apply")) { $toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.vpn_pppoe.apply")); } else { $toapplylist = array(); } $toapplylist[] = $pppoecfg['pppoeid']; $a_pppoes[$id] = $pppoecfg; write_config(); mark_subsystem_dirty('vpnpppoe'); file_put_contents("{$g['tmp_path']}/.vpn_pppoe.apply", serialize($toapplylist)); header("Location: services_pppoe.php"); exit; } } function build_interface_list() { $list = array(); $interfaces = get_configured_interface_with_descr(); foreach ($interfaces as $iface => $ifacename) { $list[$iface] = $ifacename; } return($list); } $pgtitle = array(gettext("Services"), gettext("PPPoE Server"), gettext("Edit")); $shortcut_section = "pppoes"; include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } if ($savemsg) { print_info_box($savemsg, 'success'); } $form = new Form(); $section = new Form_Section('PPPoE Server Configuration'); $section->addInput(new Form_Checkbox( 'mode', 'Enable', 'Enable PPPoE Server', ($pconfig['mode'] == "server"), 'server' )) ->toggles('.form-group:not(:first-child)'); $section->addInput(new Form_Select( 'interface', 'Interface', $pconfig['interface'], build_interface_list() )); $section->addInput(new Form_Select( 'n_pppoe_units', 'Total User Count', $pconfig['n_pppoe_units'], array_combine(range(1, 255, 1), range(1, 255, 1)) ))->setHelp('The number of PPPoE users allowed to connect to this server simultaneously.'); $section->addInput(new Form_Select( 'n_pppoe_maxlogin', 'User Max Logins', $pconfig['n_pppoe_maxlogin'], array_combine(range(1, 255, 1), range(1, 255, 1)) ))->setHelp('The number of times a single user may be logged in at the same time.'); $section->addInput(new Form_IpAddress( 'localip', 'Server Address', $pconfig['localip'] ))->setHelp('Enter the IP address the PPPoE server should give to clients for use as their "gateway".' . '
' . 'Typically this is set to an unused IP just outside of the client range.'. '
' . 'NOTE: This should NOT be set to any IP address currently in use on this firewall.'); $section->addInput(new Form_IpAddress( 'remoteip', 'Remote Address Range', $pconfig['remoteip'] ))->setHelp('Specify the starting address for the client IP address subnet.'); $section->addInput(new Form_Select( 'pppoe_subnet', 'Subnet mask', $pconfig['pppoe_subnet'], array_combine(range(0, 32, 1), range(0, 32, 1)) ))->setHelp('Hint: 24 is 255.255.255.0'); $section->addInput(new Form_Input( 'descr', 'Description', 'text', $pconfig['descr'] )); $section->addInput(new Form_Input( 'pppoe_dns1', 'DNS Servers', 'text', $pconfig['pppoe_dns1'] )); $section->addInput(new Form_IpAddress( 'pppoe_dns2', null, $pconfig['pppoe_dns2'] ))->setHelp('If entered these servers will be given to all PPPoE clients, otherwise LAN DNS and one WAN DNS will go to all clients.'); $section->addInput(new Form_Checkbox( 'radiusenable', 'RADIUS', 'Use RADIUS Authentication', $pconfig['radiusenable'] ))->setHelp('Users will be authenticated using the RADIUS server specified below. The local user database ' . 'will not be used.'); $section->addInput(new Form_Checkbox( 'radacct_enable', null, 'Use RADIUS Accounting', $pconfig['radacct_enable'] ))->setHelp('Sends accounting packets to the RADIUS server.'); $section->addInput(new Form_Checkbox( 'radiussecenable', null, 'Use a Backup RADIUS Authentication Server', $pconfig['radiussecenable'] ))->setHelp('If primary server fails all requests will be sent via backup server.'); $section->addInput(new Form_IpAddress( 'radius_nasip', 'NAS IP Address', $pconfig['radius_nasip'] ))->setHelp('NAS IP Address sent to the RADIUS Server'); $section->addInput(new Form_Input( 'radius_acct_update', 'RADIUS Accounting Update', 'text', $pconfig['radius_acct_update'] ))->setHelp('RADIUS accounting update period in seconds'); $section->addInput(new Form_Checkbox( 'radiusissueips', 'RADIUS Issued IP Addresses', 'Assign IP Addresses to users via RADIUS server reply attributes', $pconfig['radiusissueips'] )); $group = new Form_Group('Primary RADIUS Server'); $group->add(new Form_IpAddress( 'radiusserver', null, $pconfig['radiusserver'] ))->setHelp('IP Address'); $group->add(new Form_Input( 'radiusserverport', null, 'text', $pconfig['radiusserverport'] ))->setHelp('Authentication port'); $group->add(new Form_Input( 'radiusserveracctport', null, 'text', $pconfig['radiusserveracctport'] ))->setHelp('Accounting port (optional)'); $group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting).'); $section->add($group); $section->addPassword(new Form_Input( 'radiussecret', 'Primary RADIUS Server Shared Secret', 'password', $pconfig['radiussecret'] ))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.'); $group = new Form_Group('Secondary RADIUS Server'); $group->add(new Form_IpAddress( 'radiusserver2', null, $pconfig['radiusserver2'] ))->setHelp('IP Address'); $group->add(new Form_Input( 'radiusserver2port', null, 'text', $pconfig['radiusserver2port'] ))->setHelp('Authentication port'); $group->add(new Form_Input( 'radiusserver2acctport', null, 'text', $pconfig['radiusserver2acctport'] ))->setHelp('Accounting port (optional)'); $group->setHelp('Standard ports are 1812 (authentication) and 1813 (accounting).'); $section->add($group); $section->addPassword(new Form_Input( 'radiussecret2', 'Secondary RADIUS Server Shared Secret', 'password', $pconfig['radiussecret2'] ))->setHelp('Enter the shared secret that will be used to authenticate to the backup RADIUS server.'); $counter = 0; $numrows = count($item) -1; $usernames = $pconfig['username']; //DEBUG //$usernames = 'sbeaver:TXlQYXNzd2Q=:192.168.1.1 smith:TXlQYXNzd2Q=:192.168.2.1 sjones:TXlQYXNzd2Q=:192.168.3.1 salpha:TXlQYXNzd2Q=:192.168.4.1'; if ($usernames == "") { $usernames = '::'; } if ($usernames != "") { $item = explode(" ", $usernames); $numrows = count($item) -1; foreach ($item as $ww) { $wws = explode(":", $ww); $user = $wws[0]; $passwd = base64_decode($wws[1]); $ip = $wws[2]; $group = new Form_Group($counter == 0 ? 'User table':null); $group->addClass('repeatable'); $group->add(new Form_Input( 'username' . $counter, null, 'text', $user ))->setHelp($numrows == $counter ? 'Username':null); $group->add(new Form_Input( 'password' . $counter, null, 'password', $passwd ))->setHelp($numrows == $counter ? 'Password':null); $group->add(new Form_IpAddress( 'ip' . $counter, null, $ip ))->setHelp($numrows == $counter ? 'IP Address':null); $group->add(new Form_Button( 'deleterow' . $counter, 'Delete', null, 'fa-trash' ))->addClass('btn-warning'); $section->add($group); $counter++; } } $btnaddrow = new Form_Button( 'addrow', 'Add user', null, 'fa-plus' ); $btnaddrow->addClass('btn-success'); $section->addInput(new Form_StaticText( null, ' ' . $btnaddrow )); // Hidden fields if (isset($id)) { $section->addInput(new Form_Input( 'id', null, 'hidden', htmlspecialchars($id, ENT_QUOTES | ENT_HTML401) )); } if (isset($pconfig['pppoeid'])) { $section->addInput(new Form_Input( 'pppoeid', null, 'hidden', $pconfig['pppoeid'] )); } $form->add($section); print($form); print_info_box(gettext('Don\'t forget to add a firewall rule to permit traffic from PPPoE clients.')); ?>