Skip to content

O
OpnSense
Commit 0c6e70a3 authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

vpn: templates solve the logging origin problem nicely

parent b40f5522
Show whitespace changes
Inline Side-by-side
Showing with 46 additions and 50 deletions
src/etc/inc/plugins.inc.d/vpn.inc
View file @ 0c6e70a3
...@@ -103,6 +103,31 @@ function vpn_syslog() ...@@ -103,6 +103,31 @@ function vpn_syslog()
return $logfacilities; return $logfacilities;
} }
function vpn_link_scripts($rootdir, $logtype)
{
$up = <<<'EOD'
#!/bin/sh
/usr/bin/logger -p local3.info "login,%s,$4,$5"
EOD;
$down = <<<'EOD'
#!/bin/sh
/usr/bin/logger -p local3.info "logout,%s,$4,$5"
/sbin/pfctl -i $1 -Fs
/sbin/pfctl -K $4/32
EOD;
file_put_contents($rootdir . '/linkup', sprintf($up, $logtype));
file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype));
chmod($rootdir . '/linkup', 0755);
chmod($rootdir . '/linkdown', 0755);
}
function vpn_pptpd_configure() function vpn_pptpd_configure()
{ {
global $config; global $config;
...@@ -126,11 +151,11 @@ function vpn_pptpd_configure() ...@@ -126,11 +151,11 @@ function vpn_pptpd_configure()
return; return;
} }
mkdir('/var/etc/pptp-vpn');
switch ($pptpdcfg['mode']) { switch ($pptpdcfg['mode']) {
case 'server': case 'server':
/* write mpd.conf */ mkdir('/var/etc/pptp-vpn');
vpn_link_scripts('/var/etc/pptp-vpn', 'pptp');
$fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w'); $fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n"); printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
...@@ -151,8 +176,8 @@ pptps: ...@@ -151,8 +176,8 @@ pptps:
set iface enable proxy-arp set iface enable proxy-arp
set iface enable tcpmssfix set iface enable tcpmssfix
set iface idle 1800 set iface idle 1800
set iface up-script /usr/local/sbin/vpn-linkup set iface up-script /var/etc/pptp-vpn/linkup
set iface down-script /usr/local/sbin/vpn-linkdown set iface down-script /var/etc/pptp-vpn/linkdown
set ipcp ranges {$pptpdcfg['localip']}/32 ippool pool1 set ipcp ranges {$pptpdcfg['localip']}/32 ippool pool1
set ipcp yes vjcomp set ipcp yes vjcomp
...@@ -245,7 +270,6 @@ EOD; ...@@ -245,7 +270,6 @@ EOD;
fclose($fd); fclose($fd);
unset($mpdconf); unset($mpdconf);
/* write mpd.secret */
$fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w'); $fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n"); printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
...@@ -335,13 +359,13 @@ function vpn_pppoe_configure(&$pppoecfg) ...@@ -335,13 +359,13 @@ function vpn_pppoe_configure(&$pppoecfg)
echo gettext("Configuring PPPoE VPN service..."); echo gettext("Configuring PPPoE VPN service...");
} }
mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
switch ($pppoecfg['mode']) { switch ($pppoecfg['mode']) {
case 'server': case 'server':
mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
vpn_link_scripts("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn", 'poes');
$pppoe_interface = get_real_interface($pppoecfg['interface']); $pppoe_interface = get_real_interface($pppoecfg['interface']);
/* write mpd.conf */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w"); $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n"); printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
...@@ -362,8 +386,8 @@ startup: ...@@ -362,8 +386,8 @@ startup:
poes: poes:
set ippool add pool1 {$iprange} set ippool add pool1 {$iprange}
create bundle template B create bundle template B
set iface up-script /usr/local/sbin/vpn-linkup set iface up-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkup
set iface down-script /usr/local/sbin/vpn-linkdown set iface down-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkdown
set iface idle 0 set iface idle 0
set iface disable on-demand set iface disable on-demand
set iface disable proxy-arp set iface disable proxy-arp
...@@ -446,7 +470,6 @@ EOD; ...@@ -446,7 +470,6 @@ EOD;
unset($mpdconf); unset($mpdconf);
if ($pppoecfg['username']) { if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w"); $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n"); printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
...@@ -505,12 +528,12 @@ function vpn_l2tp_configure() ...@@ -505,12 +528,12 @@ function vpn_l2tp_configure()
echo gettext('Configuring L2TP VPN service...'); echo gettext('Configuring L2TP VPN service...');
} }
mkdir('/var/etc/l2tp-vpn');
switch ($l2tpcfg['mode']) { switch ($l2tpcfg['mode']) {
case 'server': case 'server':
/* write mpd.conf */ mkdir('/var/etc/l2tp-vpn');
vpn_link_scripts('/var/etc/l2tp-vpn', 'l2tp');
$fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w"); $fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n"); printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
...@@ -534,8 +557,8 @@ l2tps: ...@@ -534,8 +557,8 @@ l2tps:
create bundle template B create bundle template B
set iface disable on-demand set iface disable on-demand
set iface enable proxy-arp set iface enable proxy-arp
set iface up-script /usr/local/sbin/vpn-linkup set iface up-script /var/etc/l2tp-vpn/linkup
set iface down-script /usr/local/sbin/vpn-linkdown set iface down-script /var/etc/l2tp-vpn/linkdown
set ipcp ranges {$l2tpcfg['localip']}/32 {$iptype} set ipcp ranges {$l2tpcfg['localip']}/32 {$iptype}
set ipcp yes vjcomp set ipcp yes vjcomp
...@@ -610,7 +633,6 @@ EOD; ...@@ -610,7 +633,6 @@ EOD;
fclose($fd); fclose($fd);
unset($mpdconf); unset($mpdconf);
/* write mpd.secret */
$fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w"); $fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n"); printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
......
src/sbin/vpn-linkdown deleted 100755 → 0
View file @ b40f5522
#!/bin/sh
/usr/bin/logger -p local3.info "logout,$1,$4,$5,$3"
/sbin/pfctl -i $1 -Fs
/sbin/pfctl -K $4/32
src/sbin/vpn-linkup deleted 100755 → 0
View file @ b40f5522
#!/bin/sh
/usr/bin/logger -p local3.info "login,$1,$4,$5,$3"
src/www/diag_logs_vpn.inc
View file @ 0c6e70a3
...@@ -43,37 +43,20 @@ if ($_POST['clear']) { ...@@ -43,37 +43,20 @@ if ($_POST['clear']) {
clear_clog($logfile); clear_clog($logfile);
} }
function dump_clog_vpn($logfile, $tail, $logtype) function dump_clog_vpn($file, $tail, $type)
{ {
global $config; global $config;
$sort = isset($config['syslog']['reverse']) ? '-r' : ''; $sort = isset($config['syslog']['reverse']) ? '-r' : '';
$servers = array(); $logarr = array();
switch ($logtype) { exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr);
case 'pptp':
if (isset($config['pptpd']['localip'])) {
$servers[] = $config['pptpd']['localip'];
}
break;
case 'l2tp':
if (isset($config['l2tp']['localip'])) {
$servers[] = $config['l2tp']['localip'];
}
break;
default:
break;
}
$logarr = "";
exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | tail {$sort} -n " . $tail, $logarr);
foreach ($logarr as $logent) { foreach ($logarr as $logent) {
$logent = preg_split("/\s+/", $logent, 6); $logent = preg_split('/\s+/', $logent, 6);
$llent = explode(",", $logent[5]); $llent = explode(',', $logent[5]);
$srv = explode('/', $llent[4]); if ($llent[1] !== $type) {
if (!is_array($srv) || !in_array($srv[0], $servers)) {
continue; continue;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023