255) {
$input_errors[] = gettext("Number of L2TP users must be between 1 and 255");
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']);
if (is_inrange_v4($_POST['localip'], $_POST['remoteip'], ip_after($_POST['remoteip'], $_POST['n_l2tp_units'] - 1))) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip("lan")) {
$input_errors[] = gettext("The specified server address is equal to the LAN interface address.");
}
}
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
$l2tpcfg['remoteip'] = $_POST['remoteip'];
$l2tpcfg['localip'] = $_POST['localip'];
$l2tpcfg['l2tp_subnet'] = $_POST['l2tp_subnet'];
$l2tpcfg['mode'] = $_POST['mode'];
$l2tpcfg['interface'] = $_POST['interface'];
$l2tpcfg['n_l2tp_units'] = $_POST['n_l2tp_units'];
$l2tpcfg['radius']['server'] = $_POST['radiusserver'];
if ($_POST['radiussecret'] != DMYPWD) {
$l2tpcfg['radius']['secret'] = $_POST['radiussecret'];
}
if ($_POST['secret'] != DMYPWD) {
$l2tpcfg['secret'] = $_POST['secret'];
}
$l2tpcfg['paporchap'] = $_POST['paporchap'];
if ($_POST['l2tp_dns1'] == "") {
if (isset($l2tpcfg['dns1'])) {
unset($l2tpcfg['dns1']);
}
} else {
$l2tpcfg['dns1'] = $_POST['l2tp_dns1'];
}
if ($_POST['l2tp_dns2'] == "") {
if (isset($l2tpcfg['dns2'])) {
unset($l2tpcfg['dns2']);
}
} else {
$l2tpcfg['dns2'] = $_POST['l2tp_dns2'];
}
if ($_POST['radiusenable'] == "yes") {
$l2tpcfg['radius']['enable'] = true;
} else {
unset($l2tpcfg['radius']['enable']);
}
if ($_POST['radacct_enable'] == "yes") {
$l2tpcfg['radius']['accounting'] = true;
} else {
unset($l2tpcfg['radius']['accounting']);
}
if ($_POST['radiusissueips'] == "yes") {
$l2tpcfg['radius']['radiusissueips'] = true;
} else {
unset($l2tpcfg['radius']['radiusissueips']);
}
write_config();
$retval = 0;
$retval = vpn_l2tp_configure();
$savemsg = get_std_save_message($retval);
/* if ajax is calling, give them an update message */
if (isAjax()) {
print_info_box($savemsg, 'success');
}
}
}
$pgtitle = array(gettext("VPN"), gettext("L2TP"), gettext("Configuration"));
$shortcut_section = "l2tps";
include("head.inc");
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$tab_array = array();
$tab_array[] = array(gettext("Configuration"), true, "vpn_l2tp.php");
$tab_array[] = array(gettext("Users"), false, "vpn_l2tp_users.php");
display_top_tabs($tab_array);
$form = new Form(new Form_Button(
'Submit',
gettext("Save")
));
$section = new Form_Section("Enable L2TP");
$section->addInput(new Form_Checkbox(
'mode',
'Enable',
'Enable LT2P server',
($pconfig['mode'] == "server"),
'server'
));
$form->add($section);
$iflist = array();
$interfaces = get_configured_interface_with_descr();
foreach ($interfaces as $iface => $ifacename) {
$iflist[$iface] = $ifacename;
}
$section = new Form_Section("Configuration");
$section->addClass('toggle-l2tp-enable');
$section->addInput(new Form_Select(
'interface',
'Interface',
$pconfig['interface'],
$iflist
));
$section->addInput(new Form_Input(
'localip',
'Server address',
'text',
$pconfig['localip']
))->setHelp('Enter the IP address the L2TP server should give to clients for use as their "gateway". ' . '
' .
'Typically this is set to an unused IP just outside of the client range.' . '
' .
'NOTE: This should NOT be set to any IP address currently in use on this firewall.');
$section->addInput(new Form_IpAddress(
'remoteip',
'Remote address range',
$pconfig['remoteip']
))->addMask(l2tp_subnet, $pconfig['l2tp_subnet'])
->setHelp('Specify the starting address for the client IP address subnet.');
$section->addInput(new Form_Select(
'n_l2tp_units',
'Number of L2TP users',
$pconfig['n_l2tp_units'],
array_combine(range(1, 255, 1), range(1, 255, 1))
));
$section->addPassword(new Form_Input(
'secret',
'Secret',
'password',
$pconfig['secret']
))->setHelp('Specify optional secret shared between peers. Required on some devices/setups.');
$section->addInput(new Form_Select(
'paporchap',
'Authentication type',
$pconfig['paporchap'],
array(
'chap' => 'CHAP',
'chap-msv2' => 'MS-CHAPv2',
'pap' => 'PAP'
)
))->setHelp('Specifies the protocol to use for authentication.');
$section->addInput(new Form_Input(
'l2tp_dns1',
'Primary L2TM DNS server',
'text',
$pconfig['l2tp_dns1']
));
$section->addInput(new Form_Input(
'l2tp_dns2',
'Secondary L2TM DNS server',
'text',
$pconfig['l2tp_dns2']
));
$form->add($section);
$section = new Form_Section("RADIUS");
$section->addClass('toggle-l2tp-enable');
$section->addInput(new Form_Checkbox(
'radiusenable',
'Enable',
'Use a RADIUS server for authentication',
$pconfig['radiusenable']
))->setHelp('When set, all users will be authenticated using the RADIUS server specified below. The local user database will not be used.');
$section->addInput(new Form_Checkbox(
'radacct_enable',
'Accounting',
'Enable RADIUS accounting',
$pconfig['radacct_enable']
))->setHelp('Sends accounting packets to the RADIUS server.');
$section->addInput(new Form_IpAddress(
'radiusserver',
'Server',
$pconfig['radiusserver']
))->setHelp('Enter the IP address of the RADIUS server.');
$section->addPassword(new Form_Input(
'radiussecret',
'Secret',
'password',
$pconfig['radiussecret']
))->setHelp('Enter the shared secret that will be used to authenticate to the RADIUS server.');
$section->addInput(new Form_Checkbox(
'radiusissueips',
'RADIUS issued IPs',
'Issue IP Addresses via RADIUS server.',
$pconfig['radiusissueips']
));
$form->add($section);
print($form);
?>