Skip to content

O
OpnSense
Commit 0c6e70a3 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

vpn: templates solve the logging origin problem nicely

parent b40f5522
Hide whitespace changes
Inline Side-by-side
Showing with 46 additions and 50 deletions
src/etc/inc/plugins.inc.d/vpn.inc
View file @ 0c6e70a3
......@@ -103,6 +103,31 @@ function vpn_syslog()
return $logfacilities;
}
function vpn_link_scripts($rootdir, $logtype)
{
$up = <<<'EOD'
#!/bin/sh
/usr/bin/logger -p local3.info "login,%s,$4,$5"
EOD;
$down = <<<'EOD'
#!/bin/sh
/usr/bin/logger -p local3.info "logout,%s,$4,$5"
/sbin/pfctl -i $1 -Fs
/sbin/pfctl -K $4/32
EOD;
file_put_contents($rootdir . '/linkup', sprintf($up, $logtype));
file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype));
chmod($rootdir . '/linkup', 0755);
chmod($rootdir . '/linkdown', 0755);
}
function vpn_pptpd_configure()
{
global $config;
......@@ -126,11 +151,11 @@ function vpn_pptpd_configure()
return;
}
mkdir('/var/etc/pptp-vpn');
switch ($pptpdcfg['mode']) {
case 'server':
/* write mpd.conf */
mkdir('/var/etc/pptp-vpn');
vpn_link_scripts('/var/etc/pptp-vpn', 'pptp');
$fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
......@@ -151,8 +176,8 @@ pptps:
set iface enable proxy-arp
set iface enable tcpmssfix
set iface idle 1800
set iface up-script /usr/local/sbin/vpn-linkup
set iface down-script /usr/local/sbin/vpn-linkdown
set iface up-script /var/etc/pptp-vpn/linkup
set iface down-script /var/etc/pptp-vpn/linkdown
set ipcp ranges {$pptpdcfg['localip']}/32 ippool pool1
set ipcp yes vjcomp
......@@ -245,7 +270,6 @@ EOD;
fclose($fd);
unset($mpdconf);
/* write mpd.secret */
$fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
......@@ -335,13 +359,13 @@ function vpn_pppoe_configure(&$pppoecfg)
echo gettext("Configuring PPPoE VPN service...");
}
mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
switch ($pppoecfg['mode']) {
case 'server':
mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
vpn_link_scripts("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn", 'poes');
$pppoe_interface = get_real_interface($pppoecfg['interface']);
/* write mpd.conf */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
......@@ -362,8 +386,8 @@ startup:
poes:
set ippool add pool1 {$iprange}
create bundle template B
set iface up-script /usr/local/sbin/vpn-linkup
set iface down-script /usr/local/sbin/vpn-linkdown
set iface up-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkup
set iface down-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkdown
set iface idle 0
set iface disable on-demand
set iface disable proxy-arp
......@@ -446,7 +470,6 @@ EOD;
unset($mpdconf);
if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
......@@ -505,12 +528,12 @@ function vpn_l2tp_configure()
echo gettext('Configuring L2TP VPN service...');
}
mkdir('/var/etc/l2tp-vpn');
switch ($l2tpcfg['mode']) {
case 'server':
/* write mpd.conf */
mkdir('/var/etc/l2tp-vpn');
vpn_link_scripts('/var/etc/l2tp-vpn', 'l2tp');
$fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
......@@ -534,8 +557,8 @@ l2tps:
create bundle template B
set iface disable on-demand
set iface enable proxy-arp
set iface up-script /usr/local/sbin/vpn-linkup
set iface down-script /usr/local/sbin/vpn-linkdown
set iface up-script /var/etc/l2tp-vpn/linkup
set iface down-script /var/etc/l2tp-vpn/linkdown
set ipcp ranges {$l2tpcfg['localip']}/32 {$iptype}
set ipcp yes vjcomp
......@@ -610,7 +633,6 @@ EOD;
fclose($fd);
unset($mpdconf);
/* write mpd.secret */
$fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
......
src/sbin/vpn-linkdown deleted 100755 → 0
View file @ b40f5522
#!/bin/sh
/usr/bin/logger -p local3.info "logout,$1,$4,$5,$3"
/sbin/pfctl -i $1 -Fs
/sbin/pfctl -K $4/32
src/sbin/vpn-linkup deleted 100755 → 0
View file @ b40f5522
#!/bin/sh
/usr/bin/logger -p local3.info "login,$1,$4,$5,$3"
src/www/diag_logs_vpn.inc
View file @ 0c6e70a3
......@@ -43,37 +43,20 @@ if ($_POST['clear']) {
clear_clog($logfile);
}
function dump_clog_vpn($logfile, $tail, $logtype)
function dump_clog_vpn($file, $tail, $type)
{
global $config;
$sort = isset($config['syslog']['reverse']) ? '-r' : '';
$servers = array();
$logarr = array();
switch ($logtype) {
case 'pptp':
if (isset($config['pptpd']['localip'])) {
$servers[] = $config['pptpd']['localip'];
}
break;
case 'l2tp':
if (isset($config['l2tp']['localip'])) {
$servers[] = $config['l2tp']['localip'];
}
break;
default:
break;
}
$logarr = "";
exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | tail {$sort} -n " . $tail, $logarr);
exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr);
foreach ($logarr as $logent) {
$logent = preg_split("/\s+/", $logent, 6);
$llent = explode(",", $logent[5]);
$logent = preg_split('/\s+/', $logent, 6);
$llent = explode(',', $logent[5]);
$srv = explode('/', $llent[4]);
if (!is_array($srv) || !in_array($srv[0], $servers)) {
if ($llent[1] !== $type) {
continue;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023