Commit adbbbf83 authored by Franco Fichtner's avatar Franco Fichtner

vpn: port pppoe server to mpd5

The local IP isn't used anywhere and the remote subnet assignment
also seems off, but since this works I'll leave it for somebody
else to maintain when it's moved to the plugins.
parent f7b3e9e3
......@@ -989,7 +989,7 @@ function filter_generate_optcfg_array()
$oic['virtual'] = true;
$FilterIflist['l2tp'] = $oic;
}
if (isset($config['pppoes']['pppoe']) && is_array($config['pppoes']['pppoe']) && (count($config['pppoes']['pppoe']) > 0)) {
if (isset($config['pppoes']['pppoe'])) {
$pppoeifs = array();
foreach($config['pppoes']['pppoe'] as $pppoe) {
if ($pppoe['mode'] == "server") {
......
......@@ -167,19 +167,13 @@ EOD;
$mpdconf .= " " . $pptpdcfg['dns2'];
}
$mpdconf .= "\n";
} elseif (isset($config['dnsmasq']['enable'])) {
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
if ($syscfg['dnsserver'][0]) {
$mpdconf .= " " . $syscfg['dnsserver'][0];
}
$mpdconf .= "\n";
} elseif (isset($config['unbound']['enable'])) {
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
if ($syscfg['dnsserver'][0]) {
if (isset($syscfg['dnsserver'][0])) {
$mpdconf .= " " . $syscfg['dnsserver'][0];
}
$mpdconf .= "\n";
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
} elseif (isset($syscfg['dnsserver'][0])) {
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
}
......@@ -353,39 +347,21 @@ function vpn_pppoe_configure(&$pppoecfg)
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
return 1;
}
$mpdconf = "\n\n";
$mpdconf .= "poes:\n";
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$mpdconf .= " load poes{$pppoecfg['pppoeid']}{$i}\n";
}
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$iprange = $pppoecfg['remoteip'] . ' ';
$iprange .= long2ip32(ip2long($pppoecfg['remoteip']) + $pppoecfg['n_pppoe_units'] - 1);
$clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i);
if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) {
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0";
} else {
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32";
$iptype = 'ippool pool1';
if (isset($pppoecfg['radius']['server']['enable']) && isset($pppoecfg['radius']['radiusissueips'])) {
$iptype = '0.0.0.0/0';
}
$mpdconf .=<<<EOD
poes{$pppoecfg['pppoeid']}{$i}:
new -i poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i}
{$isssue_ip_type}
load pppoe_standard
EOD;
}
$mpdconf .=<<<EOD
$mpdconf = <<<EOD
startup:
pppoe_standard:
set bundle no multilink
set bundle enable compression
set auth max-logins 1
poes:
set ippool add pool1 {$iprange}
create bundle template B
set iface up-script /usr/local/sbin/vpn-linkup
set iface down-script /usr/local/sbin/vpn-linkdown
set iface idle 0
......@@ -393,18 +369,8 @@ pppoe_standard:
set iface disable proxy-arp
set iface enable tcpmssfix
set iface mtu 1500
set link no pap chap eap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp no vjcomp
set link max-redial -1
set link mtu 1492
set link mru 1492
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
set link latency 1
set ipcp ranges {$pppoecfg['localip']}/32 {$iptype}
EOD;
......@@ -414,22 +380,42 @@ EOD;
$mpdconf .= " " . $pppoecfg['dns2'];
}
$mpdconf .= "\n";
} elseif (isset($config['dnsmasq']['enable'])) {
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
if ($syscfg['dnsserver'][0]) {
$mpdconf .= " " . $syscfg['dnsserver'][0];
}
$mpdconf .= "\n";
} elseif (isset($config['unbound']['enable'])) {
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
if ($syscfg['dnsserver'][0]) {
if (isset($syscfg['dnsserver'][0])) {
$mpdconf .= " " . $syscfg['dnsserver'][0];
}
$mpdconf .= "\n";
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
} elseif (isset($syscfg['dnsserver'][0])) {
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
}
$mpdconf .= <<<EOD
set bundle enable compression
set ccp yes mppc
set mppc yes e40
set mppc yes e128
set mppc yes stateless
create link template L pppoe
set link action bundle B
set link no multilink
set link disable pap
set link disable eap
set link enable chap
set link keep-alive 10 60
set link max-redial -1
set link mtu 1492
set link mru 1492
set link latency 1
set pppoe service pppoe{$pppoecfg['pppoeid']}
set pppoe iface {$pppoe_interface}
set link enable incoming
set auth max-logins 1
EOD;
if (isset($pppoecfg['radius']['server']['enable'])) {
$radiusport = "";
$radiusacctport = "";
......@@ -459,32 +445,6 @@ EOD;
fclose($fd);
unset($mpdconf);
/* write mpd.links */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
if (!$fd) {
printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n");
return 1;
}
$mpdlinks = "";
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
$mpdlinks .=<<<EOD
poes{$pppoecfg['pppoeid']}{$i}:
set phys type pppoe
set pppoe iface {$pppoe_interface}
set pppoe service "*"
set pppoe disable originate
set pppoe enable incoming
EOD;
}
fwrite($fd, $mpdlinks);
fclose($fd);
unset($mpdlinks);
if ($pppoecfg['username']) {
/* write mpd.secret */
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
......
......@@ -140,16 +140,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("A valid RADIUS server address must be specified.");
}
$pconfig['remoteip'] = gen_subnet($pconfig['remoteip'], $pconfig['pppoe_subnet']);
$subnet_start = ip2ulong($pconfig['remoteip']);
$subnet_end = ip2ulong($pconfig['remoteip']) + $pconfig['pppoe_subnet'] - 1;
if ((ip2ulong($pconfig['localip']) >= $subnet_start) &&
(ip2ulong($pconfig['localip']) <= $subnet_end)) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($pconfig['localip'] == get_interface_ip($pconfig['interface'])) {
$input_errors[] = gettext("The specified server address is equal to an interface ip address.");
}
}
if (!empty($pconfig['pppoeid']) && !is_numeric($_POST['pppoeid'])) {
......@@ -305,18 +301,11 @@ legacy_html_escape_form_data($pconfig);
</td>
</tr>
<tr>
<td><a id="help_for_pppoe_subnet" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Subnet netmask"); ?></td>
<td><a id="help_for_localip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Server address"); ?></td>
<td>
<select id="pppoe_subnet" name="pppoe_subnet">
<?php
for ($x=0; $x<33; $x++):?>
<option value="<?=$x;?>" <?=$x == $pconfig['pppoe_subnet'] ? "selected=\"selected\"" : "" ;?>>
<?=$x;?>
<?php
endfor;?>
</select>
<div class="hidden" for="help_for_pppoe_subnet">
<?=gettext("Hint: 24 is 255.255.255.0"); ?>
<input name="localip" type="text" value="<?=$pconfig['localip'];?>" />
<div class="hidden" for="help_for_localip">
<?=gettext("Enter the IP address the PPPoE server should give to clients for use as their \"gateway\"."); ?>
</div>
</td>
</tr>
......@@ -338,25 +327,27 @@ legacy_html_escape_form_data($pconfig);
</td>
</tr>
<tr>
<td><a id="help_for_localip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Server address"); ?></td>
<td><a id="help_for_remoteip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Remote address range"); ?></td>
<td>
<input name="localip" type="text" value="<?=$pconfig['localip'];?>" />
<div class="hidden" for="help_for_localip">
<?=gettext("Enter the IP address the PPPoE server should give to clients for use as their \"gateway\"."); ?>
<br />
<?=gettext("Typically this is set to an unused IP just outside of the client range."); ?>
<br />
<br />
<?=gettext("NOTE: This should NOT be set to any IP address currently in use on this firewall."); ?>
<input name="remoteip" type="text" value="<?=$pconfig['remoteip'];?>" />
<div class="hidden" for="help_for_remoteip">
<?=gettext("Specify the starting address for the client IP address subnet."); ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_remoteip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Remote address range"); ?></td>
<td><a id="help_for_pppoe_subnet" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Subnet netmask"); ?></td>
<td>
<input name="remoteip" type="text" value="<?=$pconfig['remoteip'];?>" />
<div class="hidden" for="help_for_remoteip">
<?=gettext("Specify the starting address for the client IP address subnet."); ?>
<select id="pppoe_subnet" name="pppoe_subnet">
<?php
for ($x=0; $x<33; $x++):?>
<option value="<?=$x;?>" <?=$x == $pconfig['pppoe_subnet'] ? "selected=\"selected\"" : "" ;?>>
<?=$x;?>
<?php
endfor;?>
</select>
<div class="hidden" for="help_for_pppoe_subnet">
<?=gettext("Hint: 24 is 255.255.255.0"); ?>
</div>
</td>
</tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment