Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
4b7c0ac3
Commit
4b7c0ac3
authored
Mar 21, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
vpn: ported l2tp to mpd5
parent
92883b23
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
49 additions
and
95 deletions
+49
-95
vpn.inc
src/etc/inc/plugins.inc.d/vpn.inc
+49
-95
No files found.
src/etc/inc/plugins.inc.d/vpn.inc
View file @
4b7c0ac3
...
@@ -207,11 +207,11 @@ EOD;
...
@@ -207,11 +207,11 @@ EOD;
set link action bundle B
set link action bundle B
set link enable multilink
set link enable multilink
set link yes acfcomp protocomp
set link yes acfcomp protocomp
set link no pap chap
set link no pap chap
eap
set link enable chap-msv2
set link enable chap-msv2
set link mtu 1460
set link mtu 1460
set link keep-alive 10 60
set link keep-alive 10 60
#
set pptp self {$pptpdcfg['localip']}
set pptp self {$pptpdcfg['localip']}
set link enable incoming
set link enable incoming
EOD;
EOD;
...
@@ -347,12 +347,6 @@ function vpn_pppoe_configure(&$pppoecfg)
...
@@ -347,12 +347,6 @@ function vpn_pppoe_configure(&$pppoecfg)
case
'server'
:
case
'server'
:
$pppoe_interface
=
get_real_interface
(
$pppoecfg
[
'interface'
]);
$pppoe_interface
=
get_real_interface
(
$pppoecfg
[
'interface'
]);
if
(
$pppoecfg
[
'paporchap'
]
==
"chap"
)
{
$paporchap
=
"set link enable chap"
;
}
else
{
$paporchap
=
"set link enable pap"
;
}
/* write mpd.conf */
/* write mpd.conf */
$fd
=
fopen
(
"/var/etc/pppoe
{
$pppoecfg
[
'pppoeid'
]
}
-vpn/mpd.conf"
,
"w"
);
$fd
=
fopen
(
"/var/etc/pppoe
{
$pppoecfg
[
'pppoeid'
]
}
-vpn/mpd.conf"
,
"w"
);
if
(
!
$fd
)
{
if
(
!
$fd
)
{
...
@@ -399,8 +393,8 @@ pppoe_standard:
...
@@ -399,8 +393,8 @@ pppoe_standard:
set
iface
disable
proxy
-
arp
set
iface
disable
proxy
-
arp
set
iface
enable
tcpmssfix
set
iface
enable
tcpmssfix
set
iface
mtu
1500
set
iface
mtu
1500
set
link
no
pap
chap
set
link
no
pap
chap
eap
{
$paporchap
}
set
link
enable
chap
set
link
keep
-
alive
60
180
set
link
keep
-
alive
60
180
set
ipcp
yes
vjcomp
set
ipcp
yes
vjcomp
set
ipcp
no
vjcomp
set
ipcp
no
vjcomp
...
@@ -411,8 +405,6 @@ pppoe_standard:
...
@@ -411,8 +405,6 @@ pppoe_standard:
set
ccp
yes
mpp
-
e128
set
ccp
yes
mpp
-
e128
set
ccp
yes
mpp
-
stateless
set
ccp
yes
mpp
-
stateless
set
link
latency
1
set
link
latency
1
#set ipcp dns 10.10.1.3
#set bundle accept encryption
EOD
;
EOD
;
...
@@ -555,14 +547,8 @@ function vpn_l2tp_configure()
...
@@ -555,14 +547,8 @@ function vpn_l2tp_configure()
mkdir
(
'/var/etc/l2tp-vpn'
);
mkdir
(
'/var/etc/l2tp-vpn'
);
switch
(
isset
(
$l2tpcfg
[
'mode'
])
?
$l2tpcfg
[
'mode'
]
:
null
)
{
switch
(
$l2tpcfg
[
'mode'
])
{
case
'server'
:
case
'server'
:
if
(
$l2tpcfg
[
'paporchap'
]
==
"chap"
)
{
$paporchap
=
"set link enable chap"
;
}
else
{
$paporchap
=
"set link enable pap"
;
}
/* write mpd.conf */
/* write mpd.conf */
$fd
=
fopen
(
"/var/etc/l2tp-vpn/mpd.conf"
,
"w"
);
$fd
=
fopen
(
"/var/etc/l2tp-vpn/mpd.conf"
,
"w"
);
...
@@ -570,53 +556,28 @@ function vpn_l2tp_configure()
...
@@ -570,53 +556,28 @@ function vpn_l2tp_configure()
printf
(
gettext
(
"Error: cannot open mpd.conf in vpn_l2tp_configure()."
)
.
"
\n
"
);
printf
(
gettext
(
"Error: cannot open mpd.conf in vpn_l2tp_configure()."
)
.
"
\n
"
);
return
1
;
return
1
;
}
}
$mpdconf
=
"
\n\n
"
;
$mpdconf
.=<<<
EOD
l2tps
:
EOD
;
for
(
$i
=
0
;
$i
<
$l2tpcfg
[
'n_l2tp_units'
];
$i
++
)
{
$mpdconf
.=
" load l2tp
{
$i
}
\n
"
;
}
for
(
$i
=
0
;
$i
<
$l2tpcfg
[
'n_l2tp_units'
];
$i
++
)
{
$clientip
=
long2ip32
(
ip2long
(
$l2tpcfg
[
'remoteip'
])
+
$i
);
$iprange
=
$l2tpcfg
[
'remoteip'
]
.
' '
;
$iprange
.=
long2ip32
(
ip2long
(
$l2tpcfg
[
'remoteip'
])
+
$l2tpcfg
[
'n_l2tp_units'
]
-
1
);
if
(
isset
(
$l2tpcfg
[
'radius'
][
'radiusissueips'
])
&&
isset
(
$l2tpcfg
[
'radius'
][
'enable'
]))
{
$iptype
=
"ippool pool1"
;
$isssue_ip_type
=
"set ipcp ranges
{
$l2tpcfg
[
'localip'
]
}
/32 0.0.0.0/0"
;
if
(
isset
(
$l2tpcfg
[
'radius'
][
'enable'
])
&&
isset
(
$l2tpcfg
[
'radius'
][
'radiusissueips'
]))
{
}
else
{
$iptype
=
"0.0.0.0/0"
;
$isssue_ip_type
=
"set ipcp ranges
{
$l2tpcfg
[
'localip'
]
}
/32
{
$clientip
}
/32"
;
}
}
$mpdconf
.=<<<
EOD
$mpdconf
=
<<<EOD
startup:
l2tp
{
$i
}
:
new
-
i
l2tp
{
$i
}
l2tp
{
$i
}
l2tp
{
$i
}
{
$isssue_ip_type
}
load
l2tp_standard
EOD
;
}
$mpdconf
.=<<<
EOD
l2tps:
set ippool add pool1 {$iprange}
l2tp_standard
:
create bundle template B
set
bundle
disable
multilink
set
bundle
enable
compression
set
bundle
yes
crypt
-
reqd
set
ipcp
yes
vjcomp
# set ipcp ranges 131.188.69.161/32 131.188.69.170/28
set
ccp
yes
mppc
set iface disable on-demand
set iface disable on-demand
set iface enable proxy-arp
set iface enable proxy-arp
set iface up-script /usr/local/sbin/vpn-linkup
set iface up-script /usr/local/sbin/vpn-linkup
set iface down-script /usr/local/sbin/vpn-linkdown
set iface down-script /usr/local/sbin/vpn-linkdown
set
link
yes
acfcomp
protocomp
set ipcp ranges {$l2tpcfg['localip']}/32 {$iptype}
set
link
no
pap
chap
set ipcp yes vjcomp
set
link
enable
chap
set
link
keep
-
alive
10
180
EOD;
EOD;
...
@@ -629,22 +590,45 @@ EOD;
...
@@ -629,22 +590,45 @@ EOD;
$mpdconf
.=
" "
.
$l2tpcfg
[
'dns2'
];
$mpdconf
.=
" "
.
$l2tpcfg
[
'dns2'
];
}
}
$mpdconf
.=
"
\n
"
;
$mpdconf
.=
"
\n
"
;
}
elseif
(
isset
(
$config
[
'dnsmasq'
][
'enable'
]))
{
}
elseif
(
isset
(
$config
[
'dnsmasq'
][
'enable'
])
||
isset
(
$config
[
'unbound'
][
'enable'
]))
{
$mpdconf
.=
" set ipcp dns "
.
get_interface_ip
(
"lan"
);
if
(
$syscfg
[
'dnsserver'
][
0
])
{
$mpdconf
.=
" "
.
$syscfg
[
'dnsserver'
][
0
];
}
$mpdconf
.=
"
\n
"
;
}
elseif
(
isset
(
$config
[
'unbound'
][
'enable'
]))
{
$mpdconf
.=
" set ipcp dns "
.
get_interface_ip
(
"lan"
);
$mpdconf
.=
" set ipcp dns "
.
get_interface_ip
(
"lan"
);
if
(
$syscfg
[
'dnsserver'
][
0
]
)
{
if
(
isset
(
$syscfg
[
'dnsserver'
][
0
])
)
{
$mpdconf
.=
" "
.
$syscfg
[
'dnsserver'
][
0
];
$mpdconf
.=
" "
.
$syscfg
[
'dnsserver'
][
0
];
}
}
$mpdconf
.=
"
\n
"
;
$mpdconf
.=
"
\n
"
;
}
elseif
(
is
_array
(
$syscfg
[
'dnsserver'
])
&&
(
$syscfg
[
'dnsserver'
][
0
]))
{
}
elseif
(
is
set
(
$syscfg
[
'dnsserver'
][
0
]))
{
$mpdconf
.=
" set ipcp dns "
.
join
(
" "
,
$syscfg
[
'dnsserver'
])
.
"
\n
"
;
$mpdconf
.=
" set ipcp dns "
.
join
(
" "
,
$syscfg
[
'dnsserver'
])
.
"
\n
"
;
}
}
if
(
$l2tpcfg
[
'paporchap'
]
==
"chap"
)
{
$paporchap
=
"set link enable chap"
;
}
else
{
$paporchap
=
"set link enable pap"
;
}
$mpdconf
.=
<<<EOD
set bundle enable crypt-reqd
set bundle enable compression
set ccp yes mppc
create link template L l2tp
set link action bundle B
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap eap
{$paporchap}
set link keep-alive 10 60
set link mtu 1460
set l2tp self ${l2tpcfg['localip']}
set link enable incoming
EOD;
if
(
!
empty
(
$l2tpcfg
[
'secret'
]))
{
$mpdconf
.=
" set l2tp secret
{
$l2tpcfg
[
'secret'
]
}
\n
"
;
}
if
(
isset
(
$l2tpcfg
[
'radius'
][
'enable'
]))
{
if
(
isset
(
$l2tpcfg
[
'radius'
][
'enable'
]))
{
$mpdconf
.=<<<
EOD
$mpdconf
.=<<<
EOD
set
radius
server
{
$l2tpcfg
[
'radius'
][
'server'
]}
"
{
$l2tpcfg
[
'radius'
][
'secret'
]
}
"
set
radius
server
{
$l2tpcfg
[
'radius'
][
'server'
]}
"
{
$l2tpcfg
[
'radius'
][
'secret'
]
}
"
...
@@ -666,33 +650,6 @@ EOD;
...
@@ -666,33 +650,6 @@ EOD;
fclose
(
$fd
);
fclose
(
$fd
);
unset
(
$mpdconf
);
unset
(
$mpdconf
);
/* write mpd.links */
$fd
=
fopen
(
"/var/etc/l2tp-vpn/mpd.links"
,
"w"
);
if
(
!
$fd
)
{
printf
(
gettext
(
"Error: cannot open mpd.links in vpn_l2tp_configure()."
)
.
"
\n
"
);
return
1
;
}
$mpdlinks
=
""
;
for
(
$i
=
0
;
$i
<
$l2tpcfg
[
'n_l2tp_units'
];
$i
++
)
{
$mpdlinks
.=<<<
EOD
l2tp
{
$i
}
:
set
link
type
l2tp
set
l2tp
enable
incoming
set
l2tp
disable
originate
EOD
;
if
(
!
empty
(
$l2tpcfg
[
'secret'
]))
{
$mpdlinks
.=
"set l2tp secret
{
$l2tpcfg
[
'secret'
]
}
\n
"
;
}
}
fwrite
(
$fd
,
$mpdlinks
);
fclose
(
$fd
);
unset
(
$mpdlinks
);
/* write mpd.secret */
/* write mpd.secret */
$fd
=
fopen
(
"/var/etc/l2tp-vpn/mpd.secret"
,
"w"
);
$fd
=
fopen
(
"/var/etc/l2tp-vpn/mpd.secret"
,
"w"
);
if
(
!
$fd
)
{
if
(
!
$fd
)
{
...
@@ -718,9 +675,6 @@ EOD;
...
@@ -718,9 +675,6 @@ EOD;
mwexec
(
'/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps'
);
mwexec
(
'/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps'
);
break
;
break
;
case
'redir'
:
break
;
}
}
if
(
file_exists
(
'/var/run/booting'
))
{
if
(
file_exists
(
'/var/run/booting'
))
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment