- add PfSense ideas (slighty different implemented):

  * Import CP SSL idea from PfSense: Redirect both HTTP and HTTPS to the Captive Portal keeping in mind a SSL error (cert mismatch)
  * Add preliminary support for CP WPA and PPPoE pass-through

git-svn-id: https://svn.m0n0.ch/wall/trunk@145 e36fee2c-cc09-0410-a7cc-ebac5c6737de

diff --git a/CHANGELOG b/CHANGELOG
index 65651ebaf534b46f1a30962205081abd5dbf14d1..c150cb7f90571e5496170d0b95a867ebcda6cdb4 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,14 @@ $Id$
 *** Note: Please add new entries to the top of this file. ***
 -------------------------------------------------------------------------------
 
+1.23b2
+------
+
+- changes in Captive portal (jdegraeve):
+  - add PfSense ideas (slighty different implemented):
+  * Import CP SSL idea from PfSense: Redirect both HTTP and HTTPS to the Captive Portal keeping in mind a SSL error (cert mismatch)
+  * Add preliminary support for WPA and PPPoE pass-through
+
 1.23b1
 ------
 

diff --git a/phpconf/inc/captiveportal.inc b/phpconf/inc/captiveportal.inc
index c08693c52edd17ce27157d39bb066d04cf2d7003..d1bfa6721d31365e64a01a688d14af32e826252b 100644 (file)
--- a/phpconf/inc/captiveportal.inc
+++ b/phpconf/inc/captiveportal.inc
@@ -339,6 +339,31 @@ EOD;
 add 1304 set 1 pass tcp from any to $cpip 8001 in
 add 1305 set 1 pass tcp from $cpip 8001 to any out
 
+## REDIR SSL
+# redirect non-authenticated clients to captive portal on ssl
+add 19900 set 1 fwd 127.0.0.1,8001 tcp from any to any 443 in
+
+# let the responses from the captive portal webserver back out
+add 19901 set 1 pass tcp from any 443 to any out
+
+EOD;
+    }
+
+    if (isset($config['captiveportal']['pppoeaccess'])) {
+        $cprules .= <<<EOD
+#PPPoE Discovery Stage
+add 1100 set 1 pass layer2 mac-type 0x8863
+#PPPoE Session Stage
+add 1100 set 1 pass layer2 mac-type 0x8864
+
+EOD;
+    }
+
+    if (isset($config['captiveportal']['wpaaccess'])) {
+        $cprules .= <<<EOD
+# Allow WPA
+add 1100 set 1 pass layer2 mac-type 0x888e
+
 EOD;
     }
 
@@ -347,11 +372,11 @@ EOD;
 # ... 10000-19899: rules per authenticated client go here...
 
 # redirect non-authenticated clients to captive portal
-add 19900 set 1 fwd 127.0.0.1,8000 tcp from any to any 80 in
+add 19902 set 1 fwd 127.0.0.1,8000 tcp from any to any 80 in
 # let the responses from the captive portal web server back out
-add 19901 set 1 pass tcp from any 80 to any out
+add 19903 set 1 pass tcp from any 80 to any out
 # block everything else
-add 19902 set 1 deny all from any to any
+add 19904 set 1 deny all from any to any
 
 # ... 20000-29899: layer2 block rules per authenticated client go here...
 

diff --git a/webgui/guiconfig.inc b/webgui/guiconfig.inc
index 012fb477bd3a997b4dc9b6fa54404e25481db302..b510cfefc0a267d52b94e047e8b8723f84113949 100644 (file)
--- a/webgui/guiconfig.inc
+++ b/webgui/guiconfig.inc
@@ -85,7 +85,7 @@ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
        
 $medias = array("auto" => "autoselect", "100full" => "100BASE-TX full-duplex",
        "100half" => "100BASE-TX half-duplex", "10full" => "10BASE-T full-duplex",
-       "10half" => "10BASE-T half-duplex");
+       "10half" => "10BASE-T half-duplex", "1000full" => "1000BASE-TX full-duplex");
        
 /* platforms that support firmware updating */
 $fwupplatforms = array('net45xx', 'net48xx', 'generic-pc', 'wrap');