Skip to content

O
OpnSense
Commit 65c3270c authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

vpn: apply sytle

parent a8006f27
Hide whitespace changes
Inline Side-by-side
Showing with 379 additions and 364 deletions
src/etc/inc/plugins.inc.d/vpn.inc
View file @ 65c3270c
...@@ -105,57 +105,57 @@ function vpn_syslog() ...@@ -105,57 +105,57 @@ function vpn_syslog()
function vpn_pptpd_configure() function vpn_pptpd_configure()
{ {
global $config; global $config;
$syscfg = $config['system']; $syscfg = $config['system'];
$pptpdcfg = $config['pptpd']; $pptpdcfg = $config['pptpd'];
killbypid('/var/run/pptp-vpn.pid', 'TERM', true); killbypid('/var/run/pptp-vpn.pid', 'TERM', true);
if (!isset($pptpdcfg['mode']) || $pptpdcfg['mode'] == 'off') { if (!isset($pptpdcfg['mode']) || $pptpdcfg['mode'] == 'off') {
return 0; return 0;
} }
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
echo gettext("Configuring PPTP VPN service..."); echo gettext("Configuring PPTP VPN service...");
} }
/* remove mpd.conf, if it exists */ /* remove mpd.conf, if it exists */
@unlink('/var/etc/pptp-vpn/mpd.conf'); @unlink('/var/etc/pptp-vpn/mpd.conf');
@unlink('/var/etc/pptp-vpn/mpd.links'); @unlink('/var/etc/pptp-vpn/mpd.links');
@unlink('/var/etc/pptp-vpn/mpd.secret'); @unlink('/var/etc/pptp-vpn/mpd.secret');
if (empty($pptpdcfg['n_pptp_units'])) { if (empty($pptpdcfg['n_pptp_units'])) {
log_error("Something wrong in the PPTPd configuration. Preventing starting the daemon because issues would arise."); log_error("Something wrong in the PPTPd configuration. Preventing starting the daemon because issues would arise.");
return; return;
} }
/* make sure pptp-vpn directory exists */ /* make sure pptp-vpn directory exists */
@mkdir('/var/etc/pptp-vpn'); @mkdir('/var/etc/pptp-vpn');
switch ($pptpdcfg['mode']) { switch ($pptpdcfg['mode']) {
case 'server' : case 'server':
/* write mpd.conf */ /* write mpd.conf */
$fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w'); $fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n"); printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
return 1; return 1;
} }
$mpdconf = <<<EOD $mpdconf = <<<EOD
pptps: pptps:
EOD; EOD;
for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) {
$mpdconf .= " load pt{$i}\n"; $mpdconf .= " load pt{$i}\n";
} }
for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) {
$clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i); $clientip = long2ip32(ip2long($pptpdcfg['remoteip']) + $i);
$mpdconf .= <<<EOD $mpdconf .= <<<EOD
pt{$i}: pt{$i}:
new -i pptpd{$i} pt{$i} pt{$i} new -i pptpd{$i} pt{$i} pt{$i}
...@@ -163,9 +163,9 @@ pt{$i}: ...@@ -163,9 +163,9 @@ pt{$i}:
load pts load pts
EOD; EOD;
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
pts: pts:
set iface disable on-demand set iface disable on-demand
...@@ -189,82 +189,86 @@ pts: ...@@ -189,82 +189,86 @@ pts:
EOD; EOD;
if (!isset ($pptpdcfg['req128'])) { if (!isset($pptpdcfg['req128'])) {
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set ccp yes mpp-e40 set ccp yes mpp-e40
set ccp yes mpp-e56 set ccp yes mpp-e56
EOD; EOD;
} }
if (isset($pptpdcfg["wins"]) && $pptpdcfg['wins'] != "") if (isset($pptpdcfg["wins"]) && $pptpdcfg['wins'] != "") {
$mpdconf .= " set ipcp nbns {$pptpdcfg['wins']}\n"; $mpdconf .= " set ipcp nbns {$pptpdcfg['wins']}\n";
}
if (!empty($pptpdcfg['dns1'])) {
$mpdconf .= " set ipcp dns " . $pptpdcfg['dns1']; if (!empty($pptpdcfg['dns1'])) {
if (!empty($pptpdcfg['dns2'])) $mpdconf .= " set ipcp dns " . $pptpdcfg['dns1'];
$mpdconf .= " " . $pptpdcfg['dns2']; if (!empty($pptpdcfg['dns2'])) {
$mpdconf .= "\n"; $mpdconf .= " " . $pptpdcfg['dns2'];
} elseif (isset ($config['dnsmasq']['enable'])) { }
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); $mpdconf .= "\n";
if ($syscfg['dnsserver'][0]) } elseif (isset($config['dnsmasq']['enable'])) {
$mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
$mpdconf .= "\n"; if ($syscfg['dnsserver'][0]) {
} elseif (isset($config['unbound']['enable'])) { $mpdconf .= " " . $syscfg['dnsserver'][0];
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); }
if ($syscfg['dnsserver'][0]) $mpdconf .= "\n";
$mpdconf .= " " . $syscfg['dnsserver'][0]; } elseif (isset($config['unbound']['enable'])) {
$mpdconf .= "\n"; $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { if ($syscfg['dnsserver'][0]) {
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; $mpdconf .= " " . $syscfg['dnsserver'][0];
} }
$mpdconf .= "\n";
if (isset ($pptpdcfg['radius']['server']['enable'])) { } elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
$authport = (isset($pptpdcfg['radius']['server']['port']) && strlen($pptpdcfg['radius']['server']['port']) > 1) ? $pptpdcfg['radius']['server']['port'] : 1812; $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
$acctport = $authport + 1; }
$mpdconf .=<<<EOD
if (isset($pptpdcfg['radius']['server']['enable'])) {
$authport = (isset($pptpdcfg['radius']['server']['port']) && strlen($pptpdcfg['radius']['server']['port']) > 1) ? $pptpdcfg['radius']['server']['port'] : 1812;
$acctport = $authport + 1;
$mpdconf .=<<<EOD
set radius server {$pptpdcfg['radius']['server']['ip']} "{$pptpdcfg['radius']['server']['secret']}" {$authport} {$acctport} set radius server {$pptpdcfg['radius']['server']['ip']} "{$pptpdcfg['radius']['server']['secret']}" {$authport} {$acctport}
EOD; EOD;
if (isset ($pptpdcfg['radius']['server2']['enable'])) { if (isset($pptpdcfg['radius']['server2']['enable'])) {
$authport = (isset($pptpdcfg['radius']['server2']['port']) && strlen($pptpdcfg['radius']['server2']['port']) > 1) ? $pptpdcfg['radius']['server2']['port'] : 1812; $authport = (isset($pptpdcfg['radius']['server2']['port']) && strlen($pptpdcfg['radius']['server2']['port']) > 1) ? $pptpdcfg['radius']['server2']['port'] : 1812;
$acctport = $authport + 1; $acctport = $authport + 1;
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set radius server {$pptpdcfg['radius']['server2']['ip']} "{$pptpdcfg['radius']['server2']['secret2']}" {$authport} {$acctport} set radius server {$pptpdcfg['radius']['server2']['ip']} "{$pptpdcfg['radius']['server2']['secret2']}" {$authport} {$acctport}
EOD; EOD;
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set radius retries 3 set radius retries 3
set radius timeout 10 set radius timeout 10
set auth enable radius-auth set auth enable radius-auth
EOD; EOD;
if (isset ($pptpdcfg['radius']['accounting'])) { if (isset($pptpdcfg['radius']['accounting'])) {
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set auth enable radius-acct set auth enable radius-acct
set radius acct-update 300 set radius acct-update 300
EOD; EOD;
} }
} }
fwrite($fd, $mpdconf); fwrite($fd, $mpdconf);
fclose($fd); fclose($fd);
unset($mpdconf); unset($mpdconf);
/* write mpd.links */ /* write mpd.links */
$fd = fopen('/var/etc/pptp-vpn/mpd.links', 'w'); $fd = fopen('/var/etc/pptp-vpn/mpd.links', 'w');
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_pptpd_configure().") . "\n"); printf(gettext("Error: cannot open mpd.links in vpn_pptpd_configure().") . "\n");
return 1; return 1;
} }
$mpdlinks = ""; $mpdlinks = "";
for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) { for ($i = 0; $i < $pptpdcfg['n_pptp_units']; $i++) {
$mpdlinks .=<<<EOD $mpdlinks .=<<<EOD
pt{$i}: pt{$i}:
set link type pptp set link type pptp
...@@ -273,50 +277,50 @@ pt{$i}: ...@@ -273,50 +277,50 @@ pt{$i}:
set pptp disable windowing set pptp disable windowing
EOD; EOD;
} }
fwrite($fd, $mpdlinks);
fclose($fd);
unset($mpdlinks);
/* write mpd.secret */
$fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
return 1;
}
$mpdsecret = "";
if (is_array($pptpdcfg['user'])) {
foreach ($pptpdcfg['user'] as $user) {
$pass = str_replace('\\', '\\\\', $user['password']);
$pass = str_replace('"', '\"', $pass);
$mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n";
}
}
fwrite($fd, $mpdsecret); fwrite($fd, $mpdlinks);
fclose($fd); fclose($fd);
unset($mpdsecret); unset($mpdlinks);
chmod('/var/etc/pptp-vpn/mpd.secret', 0600);
/* fixed to WAN elsewhere, no need to extend, but at least make it work */ /* write mpd.secret */
legacy_netgraph_attach(get_real_interface('wan')); $fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
return 1;
}
mwexec('/usr/local/sbin/mpd5 -b -d /var/etc/pptp-vpn -p /var/run/pptp-vpn.pid -s pptps pptps'); $mpdsecret = "";
break; if (is_array($pptpdcfg['user'])) {
foreach ($pptpdcfg['user'] as $user) {
$pass = str_replace('\\', '\\\\', $user['password']);
$pass = str_replace('"', '\"', $pass);
$mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n";
}
}
fwrite($fd, $mpdsecret);
fclose($fd);
unset($mpdsecret);
chmod('/var/etc/pptp-vpn/mpd.secret', 0600);
/* fixed to WAN elsewhere, no need to extend, but at least make it work */
legacy_netgraph_attach(get_real_interface('wan'));
mwexec('/usr/local/sbin/mpd5 -b -d /var/etc/pptp-vpn -p /var/run/pptp-vpn.pid -s pptps pptps');
break;
case 'redir' : case 'redir':
break; break;
} }
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
echo gettext("done") . "\n"; echo gettext("done") . "\n";
} }
return 0; return 0;
} }
function vpn_pppoes_configure() function vpn_pppoes_configure()
...@@ -326,7 +330,7 @@ function vpn_pppoes_configure() ...@@ -326,7 +330,7 @@ function vpn_pppoes_configure()
if (isset($config['pppoes']['pppoe'])) { if (isset($config['pppoes']['pppoe'])) {
foreach ($config['pppoes']['pppoe'] as $pppoe) { foreach ($config['pppoes']['pppoe'] as $pppoe) {
vpn_pppoe_configure($pppoe); vpn_pppoe_configure($pppoe);
} }
} }
} }
...@@ -354,58 +358,58 @@ function vpn_pppoe_configure_by_id($id) ...@@ -354,58 +358,58 @@ function vpn_pppoe_configure_by_id($id)
function vpn_pppoe_configure(&$pppoecfg) function vpn_pppoe_configure(&$pppoecfg)
{ {
global $config; global $config;
$syscfg = $config['system'];
killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid", 'TERM', true); $syscfg = $config['system'];
if (!isset($pppoecfg['mode']) || $pppoecfg['mode'] == 'off') { killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid", 'TERM', true);
return 0;
}
if (file_exists('/var/run/booting')) { if (!isset($pppoecfg['mode']) || $pppoecfg['mode'] == 'off') {
echo gettext("Configuring PPPoE VPN service..."); return 0;
} }
switch ($pppoecfg['mode']) { if (file_exists('/var/run/booting')) {
echo gettext("Configuring PPPoE VPN service...");
}
case 'server' : switch ($pppoecfg['mode']) {
/* create directory if it does not exist */ case 'server':
@mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn"); /* create directory if it does not exist */
@mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
$pppoe_interface = get_real_interface($pppoecfg['interface']); $pppoe_interface = get_real_interface($pppoecfg['interface']);
if ($pppoecfg['paporchap'] == "chap") if ($pppoecfg['paporchap'] == "chap") {
$paporchap = "set link enable chap"; $paporchap = "set link enable chap";
else } else {
$paporchap = "set link enable pap"; $paporchap = "set link enable pap";
}
/* write mpd.conf */ /* write mpd.conf */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w"); $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n"); printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
return 1; return 1;
} }
$mpdconf = "\n\n"; $mpdconf = "\n\n";
$mpdconf .= "poes:\n"; $mpdconf .= "poes:\n";
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$mpdconf .= " load poes{$pppoecfg['pppoeid']}{$i}\n"; $mpdconf .= " load poes{$pppoecfg['pppoeid']}{$i}\n";
} }
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i); $clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i);
if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) { if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) {
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0"; $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0";
} else { } else {
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32"; $isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32";
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
poes{$pppoecfg['pppoeid']}{$i}: poes{$pppoecfg['pppoeid']}{$i}:
new -i poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} new -i poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i}
...@@ -413,9 +417,9 @@ poes{$pppoecfg['pppoeid']}{$i}: ...@@ -413,9 +417,9 @@ poes{$pppoecfg['pppoeid']}{$i}:
load pppoe_standard load pppoe_standard
EOD; EOD;
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
pppoe_standard: pppoe_standard:
set bundle no multilink set bundle no multilink
...@@ -445,33 +449,38 @@ pppoe_standard: ...@@ -445,33 +449,38 @@ pppoe_standard:
EOD; EOD;
if (!empty($pppoecfg['dns1'])) { if (!empty($pppoecfg['dns1'])) {
$mpdconf .= " set ipcp dns " . $pppoecfg['dns1']; $mpdconf .= " set ipcp dns " . $pppoecfg['dns1'];
if (!empty($pppoecfg['dns2'])) if (!empty($pppoecfg['dns2'])) {
$mpdconf .= " " . $pppoecfg['dns2']; $mpdconf .= " " . $pppoecfg['dns2'];
$mpdconf .= "\n"; }
} elseif (isset ($config['dnsmasq']['enable'])) { $mpdconf .= "\n";
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); } elseif (isset($config['dnsmasq']['enable'])) {
if ($syscfg['dnsserver'][0]) $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
$mpdconf .= " " . $syscfg['dnsserver'][0]; if ($syscfg['dnsserver'][0]) {
$mpdconf .= "\n"; $mpdconf .= " " . $syscfg['dnsserver'][0];
} elseif (isset ($config['unbound']['enable'])) { }
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); $mpdconf .= "\n";
if ($syscfg['dnsserver'][0]) } elseif (isset($config['unbound']['enable'])) {
$mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
$mpdconf .= "\n"; if ($syscfg['dnsserver'][0]) {
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { $mpdconf .= " " . $syscfg['dnsserver'][0];
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; }
} $mpdconf .= "\n";
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
if (isset ($pppoecfg['radius']['server']['enable'])) { $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
$radiusport = ""; }
$radiusacctport = "";
if (isset($pppoecfg['radius']['server']['port'])) if (isset($pppoecfg['radius']['server']['enable'])) {
$radiusport = $pppoecfg['radius']['server']['port']; $radiusport = "";
if (isset($pppoecfg['radius']['server']['acctport'])) $radiusacctport = "";
$radiusacctport = $pppoecfg['radius']['server']['acctport']; if (isset($pppoecfg['radius']['server']['port'])) {
$mpdconf .=<<<EOD $radiusport = $pppoecfg['radius']['server']['port'];
}
if (isset($pppoecfg['radius']['server']['acctport'])) {
$radiusacctport = $pppoecfg['radius']['server']['acctport'];
}
$mpdconf .=<<<EOD
set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" {$radiusport} {$radiusacctport} set radius server {$pppoecfg['radius']['server']['ip']} "{$pppoecfg['radius']['server']['secret']}" {$radiusport} {$radiusacctport}
set radius retries 3 set radius retries 3
set radius timeout 10 set radius timeout 10
...@@ -479,29 +488,29 @@ EOD; ...@@ -479,29 +488,29 @@ EOD;
EOD; EOD;
if (isset ($pppoecfg['radius']['accounting'])) { if (isset($pppoecfg['radius']['accounting'])) {
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set auth enable radius-acct set auth enable radius-acct
EOD; EOD;
} }
} }
fwrite($fd, $mpdconf); fwrite($fd, $mpdconf);
fclose($fd); fclose($fd);
unset($mpdconf); unset($mpdconf);
/* write mpd.links */ /* write mpd.links */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w"); $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n"); printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n");
return 1; return 1;
} }
$mpdlinks = ""; $mpdlinks = "";
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) { for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$mpdlinks .=<<<EOD $mpdlinks .=<<<EOD
poes{$pppoecfg['pppoeid']}{$i}: poes{$pppoecfg['pppoeid']}{$i}:
set phys type pppoe set phys type pppoe
...@@ -511,108 +520,109 @@ poes{$pppoecfg['pppoeid']}{$i}: ...@@ -511,108 +520,109 @@ poes{$pppoecfg['pppoeid']}{$i}:
set pppoe enable incoming set pppoe enable incoming
EOD; EOD;
} }
fwrite($fd, $mpdlinks);
fclose($fd);
unset($mpdlinks);
if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
return 1;
}
$mpdsecret = "\n\n";
if (!empty($pppoecfg['username'])) {
$item = explode(" ", $pppoecfg['username']);
foreach($item as $userdata) {
$data = explode(":", $userdata);
$mpdsecret .= "{$data[0]} \"" . base64_decode($data[1]) . "\" {$data[2]}\n";
}
}
fwrite($fd, $mpdsecret); fwrite($fd, $mpdlinks);
fclose($fd); fclose($fd);
unset($mpdsecret); unset($mpdlinks);
chmod("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
} if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
return 1;
}
$mpdsecret = "\n\n";
if (!empty($pppoecfg['username'])) {
$item = explode(" ", $pppoecfg['username']);
foreach ($item as $userdata) {
$data = explode(":", $userdata);
$mpdsecret .= "{$data[0]} \"" . base64_decode($data[1]) . "\" {$data[2]}\n";
}
}
fwrite($fd, $mpdsecret);
fclose($fd);
unset($mpdsecret);
chmod("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
}
legacy_netgraph_attach($pppoe_interface); legacy_netgraph_attach($pppoe_interface);
mwexec("/usr/local/sbin/mpd5 -b -d /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn -p /var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes"); mwexec("/usr/local/sbin/mpd5 -b -d /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn -p /var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
break; break;
} }
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
echo gettext("done") . "\n"; echo gettext("done") . "\n";
} }
return 0; return 0;
} }
function vpn_l2tp_configure() function vpn_l2tp_configure()
{ {
global $config; global $config;
killbypid('/var/run/l2tp-vpn.pid', 'TERM', true); killbypid('/var/run/l2tp-vpn.pid', 'TERM', true);
$syscfg = $config['system']; $syscfg = $config['system'];
if (isset($config['l2tp'])) { if (isset($config['l2tp'])) {
$l2tpcfg = $config['l2tp']; $l2tpcfg = $config['l2tp'];
} else { } else {
return 0; return 0;
} }
if (!isset($l2tpcfg['mode']) || $l2tpcfg['mode'] == 'off') { if (!isset($l2tpcfg['mode']) || $l2tpcfg['mode'] == 'off') {
return 0; return 0;
} }
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
echo gettext('Configuring L2TP VPN service...'); echo gettext('Configuring L2TP VPN service...');
} }
@mkdir('/var/etc/l2tp-vpn'); @mkdir('/var/etc/l2tp-vpn');
switch (isset($l2tpcfg['mode'])?$l2tpcfg['mode']:null) { switch (isset($l2tpcfg['mode'])?$l2tpcfg['mode']:null) {
case 'server' : case 'server':
if ($l2tpcfg['paporchap'] == "chap") if ($l2tpcfg['paporchap'] == "chap") {
$paporchap = "set link enable chap"; $paporchap = "set link enable chap";
else } else {
$paporchap = "set link enable pap"; $paporchap = "set link enable pap";
}
/* write mpd.conf */
$fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w"); /* write mpd.conf */
if (!$fd) { $fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n"); if (!$fd) {
return 1; printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
} return 1;
$mpdconf = "\n\n"; }
$mpdconf .=<<<EOD $mpdconf = "\n\n";
$mpdconf .=<<<EOD
l2tps: l2tps:
EOD; EOD;
for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) {
$mpdconf .= " load l2tp{$i}\n"; $mpdconf .= " load l2tp{$i}\n";
} }
for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) {
$clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i); $clientip = long2ip32(ip2long($l2tpcfg['remoteip']) + $i);
if (isset ($l2tpcfg['radius']['radiusissueips']) && isset ($l2tpcfg['radius']['enable'])) { if (isset($l2tpcfg['radius']['radiusissueips']) && isset($l2tpcfg['radius']['enable'])) {
$isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0"; $isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 0.0.0.0/0";
} else { } else {
$isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 {$clientip}/32"; $isssue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 {$clientip}/32";
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
l2tp{$i}: l2tp{$i}:
new -i l2tp{$i} l2tp{$i} l2tp{$i} new -i l2tp{$i} l2tp{$i} l2tp{$i}
...@@ -620,9 +630,9 @@ l2tp{$i}: ...@@ -620,9 +630,9 @@ l2tp{$i}:
load l2tp_standard load l2tp_standard
EOD; EOD;
} }
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
l2tp_standard: l2tp_standard:
set bundle disable multilink set bundle disable multilink
...@@ -642,30 +652,33 @@ l2tp_standard: ...@@ -642,30 +652,33 @@ l2tp_standard:
EOD; EOD;
if (is_ipaddr($l2tpcfg['wins'])) { if (is_ipaddr($l2tpcfg['wins'])) {
$mpdconf .= " set ipcp nbns {$l2tpcfg['wins']}\n"; $mpdconf .= " set ipcp nbns {$l2tpcfg['wins']}\n";
} }
if (is_ipaddr($l2tpcfg['dns1'])) { if (is_ipaddr($l2tpcfg['dns1'])) {
$mpdconf .= " set ipcp dns " . $l2tpcfg['dns1']; $mpdconf .= " set ipcp dns " . $l2tpcfg['dns1'];
if (is_ipaddr($l2tpcfg['dns2'])) if (is_ipaddr($l2tpcfg['dns2'])) {
$mpdconf .= " " . $l2tpcfg['dns2']; $mpdconf .= " " . $l2tpcfg['dns2'];
$mpdconf .= "\n"; }
} elseif (isset ($config['dnsmasq']['enable'])) { $mpdconf .= "\n";
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); } elseif (isset($config['dnsmasq']['enable'])) {
if ($syscfg['dnsserver'][0]) $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
$mpdconf .= " " . $syscfg['dnsserver'][0]; if ($syscfg['dnsserver'][0]) {
$mpdconf .= "\n"; $mpdconf .= " " . $syscfg['dnsserver'][0];
} elseif (isset ($config['unbound']['enable'])) { }
$mpdconf .= " set ipcp dns " . get_interface_ip("lan"); $mpdconf .= "\n";
if ($syscfg['dnsserver'][0]) } elseif (isset($config['unbound']['enable'])) {
$mpdconf .= " " . $syscfg['dnsserver'][0]; $mpdconf .= " set ipcp dns " . get_interface_ip("lan");
$mpdconf .= "\n"; if ($syscfg['dnsserver'][0]) {
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) { $mpdconf .= " " . $syscfg['dnsserver'][0];
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n"; }
} $mpdconf .= "\n";
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
if (isset ($l2tpcfg['radius']['enable'])) { $mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
$mpdconf .=<<<EOD }
if (isset($l2tpcfg['radius']['enable'])) {
$mpdconf .=<<<EOD
set radius server {$l2tpcfg['radius']['server']} "{$l2tpcfg['radius']['secret']}" set radius server {$l2tpcfg['radius']['server']} "{$l2tpcfg['radius']['secret']}"
set radius retries 3 set radius retries 3
set radius timeout 10 set radius timeout 10
...@@ -673,29 +686,29 @@ EOD; ...@@ -673,29 +686,29 @@ EOD;
EOD; EOD;
if (isset ($l2tpcfg['radius']['accounting'])) { if (isset($l2tpcfg['radius']['accounting'])) {
$mpdconf .=<<<EOD $mpdconf .=<<<EOD
set auth enable radius-acct set auth enable radius-acct
EOD; EOD;
} }
} }
fwrite($fd, $mpdconf); fwrite($fd, $mpdconf);
fclose($fd); fclose($fd);
unset($mpdconf); unset($mpdconf);
/* write mpd.links */ /* write mpd.links */
$fd = fopen("/var/etc/l2tp-vpn/mpd.links", "w"); $fd = fopen("/var/etc/l2tp-vpn/mpd.links", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_l2tp_configure().") . "\n"); printf(gettext("Error: cannot open mpd.links in vpn_l2tp_configure().") . "\n");
return 1; return 1;
} }
$mpdlinks = ""; $mpdlinks = "";
for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) { for ($i = 0; $i < $l2tpcfg['n_l2tp_units']; $i++) {
$mpdlinks .=<<<EOD $mpdlinks .=<<<EOD
l2tp{$i}: l2tp{$i}:
set link type l2tp set link type l2tp
...@@ -703,46 +716,48 @@ l2tp{$i}: ...@@ -703,46 +716,48 @@ l2tp{$i}:
set l2tp disable originate set l2tp disable originate
EOD; EOD;
if (!empty($l2tpcfg['secret'])) if (!empty($l2tpcfg['secret'])) {
$mpdlinks .= "set l2tp secret {$l2tpcfg['secret']}\n"; $mpdlinks .= "set l2tp secret {$l2tpcfg['secret']}\n";
} }
}
fwrite($fd, $mpdlinks); fwrite($fd, $mpdlinks);
fclose($fd); fclose($fd);
unset($mpdlinks); unset($mpdlinks);
/* write mpd.secret */ /* write mpd.secret */
$fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w"); $fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
if (!$fd) { if (!$fd) {
printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n"); printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
return 1; return 1;
} }
$mpdsecret = "\n\n"; $mpdsecret = "\n\n";
if (is_array($l2tpcfg['user'])) { if (is_array($l2tpcfg['user'])) {
foreach ($l2tpcfg['user'] as $user) foreach ($l2tpcfg['user'] as $user) {
$mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n"; $mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
} }
}
fwrite($fd, $mpdsecret); fwrite($fd, $mpdsecret);
fclose($fd); fclose($fd);
unset($mpdsecret); unset($mpdsecret);
chmod('/var/etc/l2tp-vpn/mpd.secret', 0600); chmod('/var/etc/l2tp-vpn/mpd.secret', 0600);
legacy_netgraph_attach(get_real_interface($l2tpcfg['interface'])); legacy_netgraph_attach(get_real_interface($l2tpcfg['interface']));
mwexec('/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps'); mwexec('/usr/local/sbin/mpd5 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps');
break; break;
case 'redir' : case 'redir':
break; break;
} }
if (file_exists('/var/run/booting')) { if (file_exists('/var/run/booting')) {
echo gettext("done") . "\n"; echo gettext("done") . "\n";
} }
return 0; return 0;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023