$lockfile = "{$g['varrun_path']}/captiveportal.lock";
$clientip = $_ENV['REMOTE_ADDR'];
+if (!$clientip) {
+ /* not good - bail out */
+ exit;
+}
+
/* find MAC address for client */
-if ($clientip) {
- $clientmac = arp_get_mac_by_ip($clientip);
- if (!$clientmac) {
- /* unable to find MAC address - shouldn't happen! - bail out */
- exit;
- }
+$clientmac = arp_get_mac_by_ip($clientip);
+if (!$clientmac && !isset($config['captiveportal']['nomacfilter'])) {
+ /* unable to find MAC address - shouldn't happen! - bail out */
+ exit;
}
-if (portal_mac_fixed($clientmac)) {
+if ($clientmac && portal_mac_fixed($clientmac)) {
/* punch hole in ipfw for pass thru mac addresses */
- portal_allow($clientip, $clientmac,"unauthenticated") ;
+ portal_allow($clientip, $clientmac, "unauthenticated");
} else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
/* authenticate against radius server */
-
- $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r");
- if($fd) {
- $line = trim(fgets($fd));
- if($line)
- list($radiusip,$radiusport,$radiuskey) = explode(",",$line) ;
- }
- fclose($fd) ;
+ $radiusservers = captiveportal_get_radius_servers();
- if($_POST['auth_user'] && $_POST['auth_pass']) {
+ if ($_POST['auth_user'] && $_POST['auth_pass']) {
$auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'],
$_POST['auth_pass'],
- $radiusip,$radiusport,
- $radiuskey) ;
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['port'],
+ $radiusservers[0]['key']);
if ($auth_val == 2) {
- portal_allow($clientip, $clientmac,$_POST['auth_user']) ;
- if(isset($config['captiveportal']['radacct_enable'])) {
+ $sessionid = portal_allow($clientip, $clientmac, $_POST['auth_user']);
+ if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
$auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
- $radiusip,$radiusport,
- $radiuskey) ;
- }
+ $sessionid,
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
+ }
} else {
readfile("{$g['varetc_path']}/captiveportal-error.html");
}
}
} else if ($_POST['accept'] && $clientip) {
- portal_allow($clientip, $clientmac,"unauthenticated") ;
-} else if ($_POST['logout_id'] && ($clientmac == $_POST['logout_id']) ) {
- disconnect_client($_POST['logout_id']) ;
+ portal_allow($clientip, $clientmac, "unauthenticated");
+} else if ($_POST['logout_id']) {
+ disconnect_client($_POST['logout_id']);
echo <<<EOD
<HTML>
<HEAD><TITLE>Disconnecting...</TITLE></HEAD>
if (!$ruleno)
$ruleno = 10000; /* first rule number */
- $saved_ruleno = $ruleno ;
+ $saved_ruleno = $ruleno;
+
+ /* generate unique session ID */
+ $tod = gettimeofday();
+ $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
/* add ipfw rules for layer 3 */
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
/* add ipfw rules for layer 2 */
- $l2ruleno = $ruleno + 10000;
- exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
- exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
+ if (!isset($config['captiveportal']['nomacfilter'])) {
+ $l2ruleno = $ruleno + 10000;
+ exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
+ exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
+ }
- /* read in passthru mac database */
-
- $cpdb = array() ;
+ /* read in client database */
+ $cpdb = array();
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
if ($fd) {
$cpdb[] = explode(",",$line);
}
}
- fclose($fd) ;
+ fclose($fd);
}
+
+ $radiusservers = captiveportal_get_radius_servers();
- /* find entry and delete it */
-
+ /* find an existing entry and delete it */
for ($i = 0; $i < count($cpdb); $i++) {
- if(!strcasecmp($cpdb[$i][3],$clientmac)) {
- if(isset($config['captiveportal']['radacct_enable']) &&
- file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ if(!strcasecmp($cpdb[$i][2],$clientip)) {
+ if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
$cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
$cpdb[$i][0], // start time
- $config['captiveportal']['radiusip'],
- $config['captiveportal']['radiusport'],
- $config['captiveportal']['radiuskey'] ) ;
- }
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
+ }
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
- unset($cpdb[$i]) ;
+ unset($cpdb[$i]);
break;
}
}
foreach ($cpdb as $cpent) {
fwrite($fd, join(",", $cpent) . "\n");
}
- /* write in this new entry for clientmac */
- fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser}\n") ;
+ /* write in this new entry */
+ fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser},{$sessionid}\n") ;
fclose($fd);
}
LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
LogoutWin.document.write('<FORM METHOD="POST" ACTION="{$logouturl}">');
- LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$clientmac}">');
+ LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$sessionid}">');
LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
LogoutWin.document.write('</FORM>');
LogoutWin.document.write('</DIV></BODY>');
} else {
header("Location: " . $redirurl);
}
+
+ return $sessionid;
+}
+
+/* read RADIUS servers into array */
+function captiveportal_get_radius_servers() {
+
+ global $g;
+
+ if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r");
+ if ($fd) {
+ $radiusservers = array();
+ while (!feof($fd)) {
+ $line = trim(fgets($fd));
+ if ($line) {
+ $radsrv = array();
+ list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line);
+ $radiusservers[] = $radsrv;
+ }
+ }
+ fclose($fd);
+
+ return $radiusservers;
+ }
+ }
+
+ return false;
}
/* lock captive portal information, decide that the lock file is stale after
unlink($lockfile);
}
-/* remove a single client by mac address
- by Dinesh Nair Thu Jul 29 18:46:38 MYT 2004
+/* remove a single client by session ID
+ by Dinesh Nair
*/
-function disconnect_client($macaddr) {
+function disconnect_client($sessionid) {
global $g, $config;
$cpdb[] = explode(",",$line);
}
}
- fclose($fd) ;
+ fclose($fd);
}
+ $radiusservers = captiveportal_get_radius_servers();
+
/* find entry */
for ($i = 0; $i < count($cpdb); $i++) {
- if ($cpdb[$i][3] == $macaddr) {
+ if ($cpdb[$i][5] == $sessionid) {
/* this client needs to be deleted - remove ipfw rules */
- if(isset($config['captiveportal']['radacct_enable']) &&
- file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ if(isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
$cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
$cpdb[$i][0], // start time
- $config['captiveportal']['radiusip'],
- $config['captiveportal']['radiusport'],
- $config['captiveportal']['radiuskey'] ) ;
- }
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
+ }
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
unset($cpdb[$i]);
break;
foreach ($cpdb as $cpent) {
fwrite($fd, join(",", $cpent) . "\n");
}
+ fclose($fd);
}
portal_unlock();
*/
-function RADIUS_ACCOUNTING_START($username,$radiusip,$radiusport,$radiuskey) {
+function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
-\r
- $radiusport=getservbyname("radacct","udp");
exec("/bin/hostname", $nasHostname) ;
if(!$nasHostname[0])
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
$thisidentifier=rand()%256;
- $sessionid = $username."-".$nasHostname[0] ;
$length=4+ // header
16+ // auth code
// See RFC2866 for this.
}
-function RADIUS_ACCOUNTING_STOP($ruleno,$username,$start_time,$radiusip,$radiusport,$radiuskey) {
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey) {
$sharedsecret=$radiuskey ;
# $debug = 1 ;
-\r
- $radiusport=getservbyname("radacct","udp");
exec("/bin/hostname", $nasHostname) ;
if(!$nasHostname[0])
echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
$thisidentifier=rand()%256;
- $sessionid = $username."-".$nasHostname[0] ;
$length=4+ // header
16+ // auth code
$sharedsecret=$radiuskey ;
# $debug = 1 ;
- if(!$radiusport)
- $radiusport=0 ;
-
- // check your /etc/services. Some radius servers
- // listen on port 1812, some on 1645.
- if ($radiusport==0)
- $radiusport=getservbyname("radius","udp");
-
exec("/bin/hostname", $nasHostname) ;
if(!$nasHostname[0])
$nasHostname[0] = "m0n0wall" ;
# generate circular logfiles
clog -i -s 262144 /var/log/system.log
clog -i -s 262144 /var/log/filter.log
+clog -i -s 65536 /var/log/vpn.log
clog -i -s 32768 /var/log/dhcpd.log
-chmod 0600 /var/log/system.log /var/log/filter.log /var/log/dhcpd.log
+chmod 0600 /var/log/*.log
adjkerntz -i
# /etc/rc.initial
# part of m0n0wall (http://neon1.net/m0n0wall)
#
-# Copyright (C) 2003 Manuel Kasper <mk@neon1.net>.
+# Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
# All rights reserved.
# make sure the user can't kill us by pressing Ctrl-C
echo "3) Reset webGUI password"
echo "4) Reset to factory defaults"
echo "5) Reboot system"
+echo "6) Ping host"
echo
read -p "Enter a number: " opmode
5)
/etc/rc.initial.reboot
;;
+6)
+ /etc/rc.initial.ping
+ ;;
esac
done
if($config['captiveportal']['radiusport'])
$radiusport = $config['captiveportal']['radiusport'] ;
+ else
+ $radiusport = 1812;
- if($config['captiveportal']['radiuskey'])
- $radiuskey = $config['captiveportal']['radiuskey'] ;
+ if($config['captiveportal']['radiusacctport'])
+ $radiusacctport = $config['captiveportal']['radiusacctport'] ;
+ else
+ $radiusacctport = 1813;
+
+ $radiuskey = $config['captiveportal']['radiuskey'];
$fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w");
if (!$fd) {
printf("Error: cannot open radius DB file in captiveportal_configure().\n");
return 1;
} else {
- fwrite($fd,$radiusip . "," . $radiusport . "," . $radiuskey) ;
+ fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey) ;
}
fclose($fd) ;
}
}
/* remove clients that have been around for longer than the specified amount of time */
-/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac */
+/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid */
function captiveportal_prune_old() {
global $g, $config;
/* read database */
$cpdb = captiveportal_read_db();
+ $radiusservers = captiveportal_get_radius_servers();
+
for ($i = 0; $i < count($cpdb); $i++) {
$timedout = false;
if ($timedout) {
/* this client needs to be deleted - remove ipfw rules */
- if(isset($config['captiveportal']['radacct_enable']) &&
- file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
$cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
$cpdb[$i][0], // start time
- $config['captiveportal']['radiusip'],
- $config['captiveportal']['radiusport'],
- $config['captiveportal']['radiuskey'] ) ;
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
}
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
unset($cpdb[$i]);
/* read database */
$cpdb = captiveportal_read_db();
+ $radiusservers = captiveportal_get_radius_servers();
/* find entry */
for ($i = 0; $i < count($cpdb); $i++) {
if ($cpdb[$i][1] == $id) {
/* this client needs to be deleted - remove ipfw rules */
- if(isset($config['captiveportal']['radacct_enable']) &&
- file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ if (isset($config['captiveportal']['radacct_enable']) && isset($radiusservers[0])) {
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
$cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
$cpdb[$i][0], // start time
- $config['captiveportal']['radiusip'],
- $config['captiveportal']['radiusport'],
- $config['captiveportal']['radiuskey'] ) ;
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
}
mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
unset($cpdb[$i]);
/* send RADIUS acct stop for all current clients */
function captiveportal_radius_stop_all() {
- global $g, $config ;
-
- if(!isset($config['captiveportal']['radacct_enable']) ||
- !file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
- return ;
- }
+ global $g, $config;
captiveportal_lock() ;
$cpdb = captiveportal_read_db() ;
- for ($i = 0; $i < count($cpdb); $i++) {
- RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
- $cpdb[$i][4], // username
- $cpdb[$i][0], // start time
- $config['captiveportal']['radiusip'],
- $config['captiveportal']['radiusport'],
- $config['captiveportal']['radiuskey'] ) ;
+
+ $radiusservers = captiveportal_get_radius_servers();
+
+ if (isset($radiusservers[0])) {
+ for ($i = 0; $i < count($cpdb); $i++) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][5], // sessionid
+ $cpdb[$i][0], // start time
+ $radiusservers[0]['ipaddr'],
+ $radiusservers[0]['acctport'],
+ $radiusservers[0]['key']);
+ }
}
captiveportal_unlock() ;
}
}
}
+/* read RADIUS servers into array */
+function captiveportal_get_radius_servers() {
+
+ global $g;
+
+ if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r");
+ if ($fd) {
+ $radiusservers = array();
+ while (!feof($fd)) {
+ $line = trim(fgets($fd));
+ if ($line) {
+ $radsrv = array();
+ list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line);
+ $radiusservers[] = $radsrv;
+ }
+ }
+ fclose($fd);
+
+ return $radiusservers;
+ }
+ }
+
+ return false;
+}
+
/* lock captive portal information, decide that the lock file is stale after
10 seconds */
function captiveportal_lock() {
if ($g['booting'])
echo "Configuring firewall... ";
+ /* set TCP timeouts */
+ $tcpidletimeout = 9000;
+ if ($config['filter']['tcpidletimeout'])
+ $tcpidletimeout = $config['filter']['tcpidletimeout'];
+ mwexec("/sbin/sysctl net.inet.ipf.fr_tcpidletimeout={$tcpidletimeout}");
+ mwexec("/sbin/sysctl net.inet.ipf.fr_tcphalfclosed=480");
+
/* generate ipnat rules */
$ipnatrules = filter_nat_rules_generate();
}
}
+ if (($rule['protocol'] == "icmp") && $rule['icmptype']) {
+ $line .= "icmp-type {$rule['icmptype']} ";
+ }
+
if ($type == "pass") {
$line .= "keep state ";
require_once("shaper.inc");
require_once("vpn.inc");
require_once("captiveportal.inc");
+require_once("openvpn.inc");
?>
"n_pptp_units" => 16,
"pptp_subnet" => 28,
"debug" => false,
- "latest_config" => "1.4"
+ "latest_config" => "1.4",
+ "nopccard_platforms" => array("wrap", "net48xx")
);
?>
mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) .
" link " . escapeshellarg($lancfg['spoofmac']));
+ /* media */
+ if ($lancfg['media'] || $lancfg['mediaopt']) {
+ $cmd = "/sbin/ifconfig " . escapeshellarg($lancfg['if']);
+ if ($lancfg['media'])
+ $cmd .= " media " . escapeshellarg($lancfg['media']);
+ if ($lancfg['mediaopt'])
+ $cmd .= " mediaopt " . escapeshellarg($lancfg['mediaopt']);
+ mwexec($cmd);
+ }
+
mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " " .
escapeshellarg($lancfg['ipaddr'] . "/" . $lancfg['subnet']));
/* reload webgui */
system_webgui_start();
+
+ /* reload captive portal */
+ captiveportal_configure();
}
if ($g['booting'])
mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) .
" link " . escapeshellarg($optcfg['spoofmac']));
+ /* media */
+ if ($optcfg['media'] || $optcfg['mediaopt']) {
+ $cmd = "/sbin/ifconfig " . escapeshellarg($optcfg['if']);
+ if ($optcfg['media'])
+ $cmd .= " media " . escapeshellarg($optcfg['media']);
+ if ($optcfg['mediaopt'])
+ $cmd .= " mediaopt " . escapeshellarg($optcfg['mediaopt']);
+ mwexec($cmd);
+ }
+
+ /* OpenVPN configuration? */
+ if (isset($optcfg['ovpn'])) {
+ if (strstr($if, "tap"))
+ ovpn_link_tap();
+ }
+
/* bridged? */
if ($optcfg['bridge']) {
mwexec("/sbin/ifconfig " . escapeshellarg($optcfg['if']) .
if (file_exists("{$g['varetc_path']}/mpd.links")) {
unlink("{$g['varetc_path']}/mpd.links");
}
- /* remove ipsec.wanip, if it exists */
- if (file_exists("{$g['vardb_path']}/ipsec.wanip")) {
- unlink("{$g['vardb_path']}/ipsec.wanip");
- }
- /* remove bigpond.wanip, if it exists */
- if (file_exists("{$g['vardb_path']}/bigpond.wanip")) {
- unlink("{$g['vardb_path']}/bigpond.wanip");
+ /* remove wanip, if it exists */
+ if (file_exists("{$g['vardb_path']}/wanip")) {
+ unlink("{$g['vardb_path']}/wanip");
}
}
if ($wancfg['spoofmac'])
mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) .
" link " . escapeshellarg($wancfg['spoofmac']));
+
+ /* media */
+ if ($wancfg['media'] || $wancfg['mediaopt']) {
+ $cmd = "/sbin/ifconfig " . escapeshellarg($wancfg['if']);
+ if ($wancfg['media'])
+ $cmd .= " media " . escapeshellarg($wancfg['media']);
+ if ($wancfg['mediaopt'])
+ $cmd .= " mediaopt " . escapeshellarg($wancfg['mediaopt']);
+ mwexec($cmd);
+ }
switch ($wancfg['ipaddr']) {
printf("Error: cannot open mpd.conf in interfaces_wan_pppoe_configure().\n");
return 1;
}
-
+
+ $idle = 0;
+
+ if (isset($pppoecfg['ondemand'])) {
+ $ondemand = "enable";
+ if ($pppoecfg['timeout'])
+ $idle = $pppoecfg['timeout'];
+ } else {
+ $ondemand = "disable";
+ }
+
$mpdconf = <<<EOD
pppoe:
new -i ng0 pppoe pppoe
set iface route default
- set iface disable on-demand
- set iface idle 0
+ set iface {$ondemand} on-demand
+ set iface idle {$idle}
set iface up-script /usr/local/sbin/ppp-linkup
+
+EOD;
+
+ if (isset($pppoecfg['ondemand'])) {
+ $mpdconf .= <<<EOD
+ set iface addrs 10.0.0.1 10.0.0.2
+
+EOD;
+ }
+
+ $mpdconf .= <<<EOD
set bundle disable multilink
set bundle authname "{$pppoecfg['username']}"
set bundle password "{$pppoecfg['password']}"
printf("Error: cannot open mpd.conf in interfaces_wan_pptp_configure().\n");
return 1;
}
+
+ $idle = 0;
+
+ if (isset($pptpcfg['ondemand'])) {
+ $ondemand = "enable";
+ if ($pptpcfg['timeout'])
+ $idle = $pptpcfg['timeout'];
+ } else {
+ $ondemand = "disable";
+ }
$mpdconf = <<<EOD
pptp:
new -i ng0 pptp pptp
set iface route default
- set iface disable on-demand
- set iface idle 0
+ set iface {$ondemand} on-demand
+ set iface idle {$idle}
set iface up-script /usr/local/sbin/ppp-linkup
+
+EOD;
+
+ if (isset($pptpcfg['ondemand'])) {
+ $mpdconf .= <<<EOD
+ set iface addrs {$pptpcfg['local']} {$pptpcfg['remote']}
+
+EOD;
+ }
+
+ $mpdconf .= <<<EOD
set bundle disable multilink
set bundle authname "{$pptpcfg['username']}"
set bundle password "{$pptpcfg['password']}"
return 0;
}
-function interfaces_wan_bigpond_configure() {
+function interfaces_wan_bigpond_configure($curwanip) {
global $config, $g;
$bpcfg = $config['bigpond'];
- $curwanip = get_current_wan_address();
-
if (!$curwanip) {
/* IP address not configured yet, exit */
return 0;
}
-
- /* dhclient told us that the IP address has changed;
- let's see if that's really true to avoid reloading bpalogin
- when it's not really necessary (dhclient likes to
- execute its dhclient-exit-hooks also on renewals)
- */
- if (file_exists("{$g['vardb_path']}/bigpond.wanip")) {
- $oldwanip = chop(file_get_contents("{$g['vardb_path']}/bigpond.wanip"));
-
- if ($curwanip == $oldwanip)
- return 0; /* nothing to do */
- }
-
- /* write current WAN IP to file */
- $fd = fopen("{$g['vardb_path']}/bigpond.wanip", "w");
- if ($fd) {
- fwrite($fd, $curwanip);
- fclose($fd);
- }
/* kill bpalogin */
killbyname("bpalogin");
--- /dev/null
+<?php
+/*
+ openvpn.inc
+
+ Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* include all configuration functions */
+require_once("globals.inc");
+require_once("config.inc");
+require_once("functions.inc");
+
+function ovpn_configure() {
+ global $config;
+ if (is_array($config['ovpn']['server']))
+ ovpn_config_server();
+ if (is_array($config['ovpn']['client']))
+ ovpn_config_client();
+ return;
+}
+
+function ovpn_link_tap() {
+ /* Add a reference to the tap KLM. If ref count = 1, load it */
+ global $g;
+
+ if (!is_file($g['vardb_path'] ."/ovpn_tap_link")){
+ $link_count = 1;
+ mwexec("/sbin/kldload if_tap");
+ $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'w');
+ }
+ else {
+ $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'r+');
+ $link_count = fread($fd);
+ $link_count ++;
+ }
+ fwrite($fd, $link_count);
+ fclose($fd);
+ return true;
+}
+
+function ovpn_unlink_tap() {
+ /* Remove a reference to the tap KLM. If ref count = 0, unload it */
+ global $g;
+
+ if (!is_file($g['vardb_path'] ."/ovpn_tap_link"))
+ return false; //no file, no links so why are we called?
+
+ $fd = fopen($g['vardb_path'] ."/ovpn_tap_link", 'r+');
+ $link_count = fread($fd);
+ $link_count --;
+ fwrite($fd, $link_count);
+ fclose($fd);
+
+ if ($link_count == 0)
+ mwexec("/sbin/kldunload if_tap");
+ return true;
+}
+
+/*****************************/
+/* Server-related functions */
+
+/* Configure the server */
+function ovpn_config_server() {
+ global $config, $g;
+
+ if (isset($config['ovpn']['server']['enable'])) {
+
+ if ($g['booting'])
+ echo "Starting OpenVPN server... ";
+
+ /* kill any running openvpn daemon */
+ killbypid($g['varrun_path']."/ovpn_srv.pid");
+
+ /* Remove old certs & keys */
+ unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_srv_cert.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_srv_key.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_dh.pem");
+
+ /* Copy the TLS-Server certs & keys to disk */
+ $fd = @fopen("{$g['vardb_path']}/ovpn_ca_cert.pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($config['ovpn']['server']['ca_cert'])."\n");
+ fclose($fd);
+ }
+ $fd = @fopen("{$g['vardb_path']}/ovpn_srv_cert.pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($config['ovpn']['server']['srv_cert'])."\n");
+ fclose($fd);
+ }
+ $fd = @fopen("{$g['vardb_path']}/ovpn_srv_key.pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($config['ovpn']['server']['srv_key'])."\n");
+ fclose($fd);
+ }
+ $fd = @fopen("{$g['vardb_path']}/ovpn_dh.pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($config['ovpn']['server']['dh_param'])."\n");
+ fclose($fd);
+ }
+
+ /* Start the openvpn daemon */
+ mwexec("/usr/local/sbin/openvpn " . ovpn_srv_config_generate());
+
+ if ($g['booting'])
+ /* Send the boot message */
+ echo "done\n";
+ }
+ else {
+ if (!$g['booting']){
+ /* stop any processes, unload the tap module */
+ /* Remove old certs & keys */
+ unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_srv_cert.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_srv_key.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_dh.pem");
+ killbypid("{$g['varrun_path']}/ovpn_srv.pid");
+ if ($config['ovpn']['server']['tun_iface'] == 'tap0')
+ ovpn_unlink_tap();
+ }
+ }
+ return 0;
+}
+
+/* Generate the config for a OpenVPN server */
+function ovpn_srv_config_generate() {
+ global $config, $g;
+ $server = $config['ovpn']['server'];
+
+ /* First the generic stuff:
+ - We are a server
+ - We are a TLS Server (for authentication)
+ - We will run without privilege
+ */
+ $ovpn_config = "--daemon --user nobody --group nobody --verb {$server['verb']} ";
+
+ /* pid file */
+ $ovpn_config .= "--writepid {$g['varrun_path']}/ovpn_srv.pid ";
+
+ /* interface */
+ $ovpn_config .= "--dev {$server['tun_iface']} ";
+
+ /* port */
+ $ovpn_config .= "--port {$server['port']} ";
+
+ /* Interface binding - 1 or all */
+ if ($server['bind_iface'] != 'all') {
+ if ($ipaddr = ovpn_get_ip($server['bind_iface']))
+ $ovpn_config .= "--local $ipaddr ";
+ else
+ return "Interface bridged";
+
+ }
+
+ /* Client to client routing (off by default) */
+ if (isset($server['cli2cli']))
+ $ovpn_config .= "--client-to-client ";
+
+ /* Set maximum simultaneous clients */
+ $ovpn_config .= "--max-clients {$server['maxcli']} ";
+
+ /* New --server macro simplifies config */
+ $mask = ovpn_calc_mask($server['prefix']);
+ $ovpn_config .= "--server {$server['ipblock']} {$mask} ";
+
+ /* TLS-Server params */
+ $ovpn_config .= "--ca {$g['vardb_path']}/ovpn_ca_cert.pem ";
+ $ovpn_config .= "--cert {$g['vardb_path']}/ovpn_srv_cert.pem ";
+ $ovpn_config .= "--key {$g['vardb_path']}/ovpn_srv_key.pem ";
+ $ovpn_config .= "--dh {$g['vardb_path']}/ovpn_dh.pem ";
+
+ /* Data channel encryption cipher*/
+ $ovpn_config .= "--cipher {$server['crypto']} ";
+
+ /* Duplicate CNs */
+ if (isset($server['dupcn']))
+ $ovpn_config .= "--duplicate-cn ";
+
+ /* Client push - redirect gateway */
+ if (isset($server['psh_options']['redir'])){
+ if (isset($server['psh_options']['redir_loc']))
+ $ovpn_config .= "--push \"redirect-gateway 'local'\" ";
+ else
+ $ovpn_config .= "--push \"redirect-gateway\" ";
+ }
+
+ /* Client push - route delay */
+ if (isset($server['psh_options']['rte_delay']))
+ $ovpn_config .= "--push \"route-delay {$server['psh_options']['rte_delay']}\" ";
+
+ /* Client push - ping (note we set both server and client) */
+ if (isset ($server['psh_options']['ping'])){
+ $ovpn_config .= "--ping {$server['psh_options']['ping']} ";
+ $ovpn_config .= "--push \"ping {$server['psh_options']['ping']}\" ";
+ }
+
+ /* Client push - ping-restart (note server uses 2 x client interval) */
+ if (isset ($server['psh_options']['pingrst'])){
+ $interval = $server['psh_options']['pingrst'];
+ $ovpn_config .= "--ping-restart " . ($interval * 2) . " ";
+ $ovpn_config .= "--push \"ping-restart $interval\" ";
+ }
+
+ /* Client push - ping-exit (set on client) */
+ if (isset ($server['psh_options']['pingexit'])){
+ $ovpn_config .= "--ping-exit {$server['psh_options']['pingexit']} ";
+ $ovpn_config .= "--push \"ping-exit {$server['psh_options']['pingexit']}\" ";
+ }
+
+ /* Client push - inactive (set on client) */
+ if (isset ($server['psh_options']['inact'])){
+ $ovpn_config .= "--inactive {$server['psh_options']['pingexit']} ";
+ $ovpn_config .= "--push \"inactive {$server['psh_options']['inact']}\" ";
+ }
+
+ //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE);
+ return $ovpn_config;
+}
+
+/* Define an OVPN Server tunnel interface in the interfaces array and assign a name */
+function ovpn_server_iface(){
+ global $config, $g;
+
+ $i = 1;
+ while (true) {
+ $ifname = 'opt' . $i;
+ if (is_array($config['interfaces'][$ifname])) {
+ if ((isset($config['interfaces'][$ifname]['ovpn']))
+ && ($config['interfaces'][$ifname]['ovpn'] == 'server'))
+ /* Already an interface defined - overwrite */
+ break;
+ }
+ else {
+ /* No existing entry, this is first unused */
+ $config['interfaces'][$ifname] = array();
+ break;
+ }
+ $i++;
+ }
+ $config['interfaces'][$ifname]['descr'] = "OVPN server";
+ $config['interfaces'][$ifname]['if'] = $config['ovpn']['server']['tun_iface'];
+ $config['interfaces'][$ifname]['ipaddr'] = long2ip( ip2long($config['ovpn']['server']['ipblock']) + 1);
+ $config['interfaces'][$ifname]['subnet'] = $config['ovpn']['server']['prefix'];
+ $config['interfaces'][$ifname]['enable'] = isset($config['ovpn']['server']['enable']) ? true : false;
+ $config['interfaces'][$ifname]['ovpn'] = 'server';
+
+ write_config();
+
+ return "OpenVPN server interface defined";
+}
+
+/********************************************************/
+/* Client related functions */
+function ovpn_config_client() {
+ /* Boot time configuration */
+ global $config, $g;
+
+ foreach ($config['ovpn']['client']['tunnel'] as $id => $client) {
+ if (isset($client['enable'])) {
+
+ if ($g['booting'])
+ echo "Starting OpenVPN client $id... ";
+
+ /* kill any running openvpn daemon */
+ killbypid("{$g['varrun_path']}/ovpn_client{$id}.pid");
+
+ /* Remove old certs & keys */
+ unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert_{$id}.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_cli_cert_{$id}.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_cli_key_{$id}.pem");
+
+ /* Copy the TLS-Client certs & keys to disk */
+ /*$fd = @fopen("{$g['vardb_path']}/ovpn_ca_cert_{$id}.pem", "w");*/
+ $fd = fopen("{$g['vardb_path']}/ovpn_ca_cert_{$id}.pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($client['ca_cert'])."\n");
+ fclose($fd);
+ }
+ else
+ trigger_error("OVPN: No open for CA", E_USER_NOTICE);
+ $fd = fopen($g['vardb_path']."/ovpn_cli_cert_".$id.".pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($client['cli_cert'])."\n");
+ fclose($fd);
+ }
+ $fd = fopen($g['vardb_path']."/ovpn_cli_key_".$id.".pem", "w");
+ if ($fd) {
+ fwrite($fd, base64_decode($client['cli_key'])."\n");
+ fclose($fd);
+ }
+
+ /* Start openvpn for this client */
+ mwexec("/usr/local/sbin/openvpn " . ovpn_cli_config_generate($id));
+
+ if ($g['booting'])
+ /* Send the boot message */
+ echo "done\n";
+ }
+ else {
+ if (!$g['booting']){
+ /* stop any processes, unload the tap module */
+ /* Remove old certs & keys */
+ unlink_if_exists("{$g['vardb_path']}/ovpn_ca_cert_{$id}.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_cli_cert_{$id}.pem");
+ unlink_if_exists("{$g['vardb_path']}/ovpn_cli_key_{$id}.pem");
+ killbypid("{$g['varrun_path']}/ovpn_client{$id}.pid");
+ if ($client['type'] == "tap")
+ ovpn_unlink_tap();
+ }
+ }
+ }
+ return 0;
+
+}
+
+/* Kill off a running client process */
+function ovpn_client_kill($id) {
+ global $g;
+
+ killbypid("{$g['varrun_path']}/ovpn_client{$id}.pid");
+ return 0;
+}
+
+function ovpn_cli_config_generate($id) {
+ /* configure the named client */
+ global $config, $g;
+ $client = $config['ovpn']['client']['tunnel'];
+
+ /* Client support in 2.0 is very simple */
+
+ $ovpn_config = "--client --daemon --verb 1 ";
+
+ /* pid file */
+ $ovpn_config .= "--writepid {$g['varrun_path']}/ovpn_client{$id}.pid ";
+
+ /* interface */
+ $ovpn_config .= "--dev {$client[$id]['if']} ";
+
+ /* protocol */
+ $ovpn_config .= "--proto {$client[$id]['proto']} ";
+
+ /* port */
+ $ovpn_config .= "--lport {$client[$id]['cport']} ";
+
+ /* server location */
+ $ovpn_config .= "--remote {$client[$id]['saddr']} {$client[$id]['sport']} ";
+
+ /* TLS-Server params */
+ $ovpn_config .= "--ca {$g['vardb_path']}/ovpn_ca_cert_{$id}.pem ";
+ $ovpn_config .= "--cert {$g['vardb_path']}/ovpn_cli_cert_{$id}.pem ";
+ $ovpn_config .= "--key {$g['vardb_path']}/ovpn_cli_key_{$id}.pem ";
+
+ /* Data channel encryption cipher*/
+ $ovpn_config .= "--cipher {$client[$id]['crypto']} ";
+
+ //trigger_error("OVPN: $ovpn_config", E_USER_NOTICE);
+ return $ovpn_config;
+}
+
+/* Define an OVPN tunnel interface in the interfaces array for each client */
+function ovpn_client_iface(){
+ global $config;
+
+ foreach ($config['ovpn']['client']['tunnel'] as $id => $client) {
+ if (isset($client['enable'])) {
+ $i = 1;
+ while (true) {
+ $ifname = 'opt' . $i;
+ if (is_array($config['interfaces'][$ifname])) {
+ if ((isset($config['interfaces'][$ifname]['ovpn']))
+ && ($config['interfaces'][$ifname]['ovpn'] == "client{$id}"))
+ /* Already an interface defined - overwrite */
+ break;
+ }
+ else {
+ /* No existing entry, this is first unused */
+ $config['interfaces'][$ifname] = array();
+ break;
+ }
+ $i++;
+ }
+ if (isset($client['descr']))
+ $config['interfaces'][$ifname]['descr'] = $client['descr'];
+ else
+ $config['interfaces'][$ifname]['descr'] = "OVPN client-{$id}";
+ $config['interfaces'][$ifname]['if'] = $client['if'];
+ $config['interfaces'][$ifname]['ipaddr'] = "0.0.0.0";
+ $config['interfaces'][$ifname]['subnet'] = "0";
+ $config['interfaces'][$ifname]['enable'] = isset($client['enable']) ? true : false;
+ $config['interfaces'][$ifname]['ovpn'] = "client{$id}";
+ write_config();
+ }
+ }
+ return "OpenVPN client interfaces defined";
+}
+
+/* Delete a client interface definition */
+function ovpn_client_iface_del($id) {
+ global $config;
+
+ $i = 1;
+ while (true) {
+ $ifname = 'opt' . $i;
+ if (is_array($config['interfaces'][$ifname])) {
+ if ((isset($config['interfaces'][$ifname]['ovpn']))
+ && ($config['interfaces'][$ifname]['ovpn'] == "client{$id}"))
+ unset($config['interfaces'][$ifname]);
+ }
+ }
+}
+
+/******************/
+/* Misc functions */
+
+/* Calculate the last address in a range given the start and /prefix */
+function ovpn_calc_end($start, $prefix){
+
+ $first = ip2long($start);
+ $last = pow(2,(32 - $prefix)) - 1 + $first;
+ return long2ip($last);
+}
+
+/* Calculate a mask given a /prefix */
+function ovpn_calc_mask($prefix){
+
+ return long2ip(ip2long("255.255.255.255") - (pow( 2, (32 - $prefix)) - 1));
+}
+
+/* Read in a file from the $_FILES array */
+function ovpn_get_file($file){
+ global $g;
+
+ if (!is_uploaded_file($_FILES[$file]['tmp_name'])){
+ trigger_error("Bad file upload".$_FILES[$file]['error'], E_USER_NOTICE);
+ return NULL;
+ }
+ $contents = file_get_contents($_FILES[$file]['tmp_name']);
+ return $contents;
+}
+
+
+/* Get the IP address of a specified interface */
+function ovpn_get_ip($iface){
+ global $config;
+
+ if ($iface == 'wan')
+ return get_current_wan_address();
+
+ if ($config['interfaces'][$iface]['bridge'])
+ /* No bridging (yet) */
+ return false;
+ return $config['interfaces'][$iface]['ipaddr'];
+}
+
+/* Get a list of the cipher options supported by OpenVPN */
+function ovpn_get_cipher_list(){
+
+/* exec("/usr/local/sbin/openvpn --show-ciphers", $raw);
+ print_r ($raw);
+
+ $ciphers = preg_grep('/ bit default key /', $raw);
+
+ for($i = 0; $i <count($ciphers); $i++){
+ $tmp = explode(' ',$ciphers[$i]);
+ $cipher_list["$tmp[0]"] = "{$tmp[0]} ({$tmp[1]} {$tmp[2]})";
+ }
+*/
+ $cipher_list = array('DES-CBC' => 'DES-CBC (64 bit)',
+ 'RC2-CBC' => 'RC2-CBC (128 bit)',
+ 'DES-EDE-CBC' => 'DES-EDE-CBC (128 bit)',
+ 'DES-EDE3-CBC' => 'DES-EDE3-CBC (192 bit)',
+ 'DESX-CBC' => 'DESX-CBC (192 bit)',
+ 'BF-CBC' => 'BF-CBC (128 bit)',
+ 'RC2-40-CBC' => 'RC2-40-CBC (40 bit)',
+ 'CAST5-CBC' => 'CAST5-CBC (128 bit)',
+ 'RC5-CBC' => 'RC5-CBC (128 bit)',
+ 'RC2-64-CBC' => 'RC2-64-CBC (64 bit)',
+ 'AES-128-CBC' => 'AES-128-CBC (128 bit)',
+ 'AES-192-CBC' => 'AES-192-CBC (192 bit)',
+ 'AES-256-CBC' => 'AES-256-CBC (256 bit)');
+ return $cipher_list;
+}
+
+
+/* Build a list of the current real interfaces */
+function ovpn_real_interface_list(){
+ global $config;
+
+ $interfaces = array('all' => 'ALL',
+ 'lan' => 'LAN',
+ 'wan' => 'WAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['ovpn']))
+ /* Hide our own interface */
+ break;
+ if (isset($config['interfaces']['opt' . $i]['enable']))
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ return $interfaces;
+}
+
+
+/* lock openvpn information, decide that the lock file is stale after
+ 10 seconds */
+function ovpn_lock() {
+
+ global $g;
+
+ $lockfile = "{$g['varrun_path']}/ovpn.lock";
+
+ $n = 0;
+ while ($n < 10) {
+ /* open the lock file in append mode to avoid race condition */
+ if ($fd = @fopen($lockfile, "x")) {
+ /* succeeded */
+ fclose($fd);
+ return;
+ } else {
+ /* file locked, wait and try again */
+ sleep(1);
+ $n++;
+ }
+ }
+}
+
+/* unlock configuration file */
+function ovpn_unlock() {
+
+ global $g;
+
+ $lockfile = "{$g['varrun_path']}/ovpn.lock";
+
+ if (file_exists($lockfile))
+ unlink($lockfile);
+}
+
+?>
$dnscfg .= " option domain-name \"{$dhcpifconf['domain']}\";\n";
}
- if (isset($config['dnsmasq']['enable'])) {
+ if (is_array($dhcpifconf['dnsserver']) && ($dhcpifconf['dnsserver'][0])) {
+ $dnscfg .= " option domain-name-servers " . join(",", $dhcpifconf['dnsserver']) . ";";
+ } else if (isset($config['dnsmasq']['enable'])) {
$dnscfg .= " option domain-name-servers " . $ifcfg['ipaddr'] . ";";
} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
$dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";";
- }\r
-\r
- $dhcpdconf .= "subnet $subnet netmask $subnetmask {\n";\r
- $dhcpdconf .= " pool {\n";\r
- if (isset($dhcpifconf['denyunknown'])) \r
+ }
+
+ $dhcpdconf .= "subnet $subnet netmask $subnetmask {\n";
+ $dhcpdconf .= " pool {\n";
+ if (isset($dhcpifconf['denyunknown']))
$dhcpdconf .= " deny unknown clients;\n";
if ($dhcpifconf['gateway'])
return 0;
}
+function services_dhcrelay_configure() {
+ global $config, $g;
+
+ /* kill any running dhcrelay */
+ killbypid("{$g['varrun_path']}/dhcrelay.pid");
+
+ $dhcrelaycfg = $config['dhcrelay'];
+
+ /* DHCPRelay enabled on any interfaces? */
+ $dhcrelayenable = false;
+ foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
+ if (isset($dhcrelayifconf['enable']) &&
+ (($dhcrelayif == "lan") ||
+ (isset($config['interfaces'][$dhcrelayif]['enable']) &&
+ $config['interfaces'][$dhcrelayif]['if'] && (!$config['interfaces'][$dhcrelayif]['bridge']))))
+ $dhcrelayenable = true;
+ }
+
+ if (!$dhcrelayenable)
+ return 0;
+
+ if ($g['booting'])
+ echo "Starting DHCP relay service... ";
+ else
+ sleep(1);
+
+ $dhcrelayifs = array();
+ foreach ($dhcrelaycfg as $dhcrelayif => $dhcrelayifconf) {
+
+ $ifcfg = $config['interfaces'][$dhcrelayif];
+
+ if (!isset($dhcrelayifconf['enable']) ||
+ (($dhcrelayif != "lan") &&
+ (!isset($ifcfg['enable']) || !$ifcfg['if'] || $ifcfg['bridge'])))
+ continue;
+
+ $dhcrelayifs[] = $ifcfg['if'];
+ }
+
+ /* In order for the relay to work, it needs to be active on the
+ interface in which the destination server sits */
+ foreach ($config['interfaces'] as $ifname) {
+ $subnet = $ifname['ipaddr'] . "/" . $ifname['subnet'];
+ if (ip_in_subnet($dhcrelaycfg['server'],$subnet))
+ $destif = $ifname['if'];
+ }
+
+ if (!isset($destif))
+ $destif = $config['interfaces']['wan']['if'];
+
+ $dhcrelayifs[] = $destif;
+ $dhcrelayifs = array_unique($dhcrelayifs);
+
+ /* fire up dhcrelay */
+ $cmd = "/usr/local/sbin/dhcrelay -i " . join(" -i ", $dhcrelayifs);
+
+ if (isset($dhcrelaycfg['agentoption']))
+ $cmd .= " -a -m replace";
+
+ $cmd .= " {$dhcrelaycfg['server']}";
+ mwexec($cmd);
+
+ if (!$g['booting']) {
+ filter_configure();
+ } else
+ echo "done\n";
+
+ return 0;
+}
+
function services_dyndns_reset() {
global $config, $g;
if ($rule['iplen'])
$line .= "iplen {$rule['iplen']} ";
- \r
- if ($rule['iptos']) \r
+
+ if ($rule['iptos'])
$line .= "iptos {$rule['iptos']} ";
if ($rule['tcpflags'])
$syslogconf = <<<EOD
local0.* %/var/log/filter.log
+local3.* %/var/log/vpn.log
local7.* %/var/log/dhcpd.log
-*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none %/var/log/system.log
+*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none %/var/log/system.log
security.* %/var/log/system.log
auth.info;authpriv.info;daemon.info %/var/log/system.log
*.emerg *
EOD;
-
if (isset($syslogcfg['filter'])) {
$syslogconf .= <<<EOD
local0.* @{$syslogcfg['remoteserver']}
+EOD;
+ }
+
+ if (isset($syslogcfg['vpn'])) {
+ $syslogconf .= <<<EOD
+local3.* @{$syslogcfg['remoteserver']}
+
EOD;
}
if (substr($ifname, -1) == "*")
$ifname = substr($ifname, 0, strlen($ifname) - 1);
- if (!preg_match("/^(ppp|sl|gif|faith|lo|ng|tun|vlan)/", $ifname)) {
+ if (!preg_match("/^(ppp|sl|gif|faith|lo|ng|vlan)/", $ifname)) {
$iflist[$ifname] = array();
$iflist[$ifname]['mac'] = chop($alink[3]);
return 0;
}
+/* return true if $addr is in $subnet, false if not */
+function ip_in_subnet($addr,$subnet) {
+ list($ip, $mask) = explode('/', $subnet);
+ $mask = 0xffffffff << (32 - $mask);
+ return ((ip2long($addr) & $mask) == (ip2long($ip) & $mask));
+}
+
/* verify (and remove) the digital signature on a file - returns 0 if OK */
function verify_digital_signature($fname) {
$curwanip = get_current_wan_address();
- if ($ipchg) {
- /* dhclient or MPD told us that the IP address has changed;
- let's see if that's really true to avoid reloading the whole
- IPsec stuff when it's not really necessary (dhclient likes to
- execute its dhclient-exit-hooks also on renewals)
- */
- if (file_exists("{$g['vardb_path']}/ipsec.wanip")) {
- $oldwanip = chop(file_get_contents("{$g['vardb_path']}/ipsec.wanip"));
-
- if ($curwanip == $oldwanip)
- return 0; /* nothing to do */
- }
- }
-
$syscfg = $config['system'];
$ipseccfg = $config['ipsec'];
$lancfg = $config['interfaces']['lan'];
$myident = $tunnel['p1']['myident']['address'];
} else if (isset($tunnel['p1']['myident']['fqdn'])) {
$myidentt = "fqdn";
- $myident = $tunnel['p1']['myident']['fqdn'];\r
- } else if (isset($tunnel['p1']['myident']['ufqdn'])) {\r
- $myidentt = "user_fqdn";\r
- $myident = $tunnel['p1']['myident']['ufqdn'];\r
+ $myident = $tunnel['p1']['myident']['fqdn'];
+ } else if (isset($tunnel['p1']['myident']['ufqdn'])) {
+ $myidentt = "user_fqdn";
+ $myident = $tunnel['p1']['myident']['ufqdn'];
}
$racoonconf .= <<<EOD
peers_identifier address {$tunnel['remote-gateway']};
initial_contact on;
support_proxy on;
- proposal_check claim;
+ proposal_check obey;
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
} else if (isset($tunnel['p1']['myident']['fqdn'])) {
$myidentt = "fqdn";
$myident = $tunnel['p1']['myident']['fqdn'];
- } else if (isset($tunnel['p1']['myident']['ufqdn'])) {\r
- $myidentt = "user_fqdn";\r
- $myident = $tunnel['p1']['myident']['ufqdn'];\r
+ } else if (isset($tunnel['p1']['myident']['ufqdn'])) {
+ $myidentt = "user_fqdn";
+ $myident = $tunnel['p1']['myident']['ufqdn'];
}
$racoonconf .= <<<EOD
passive on;
generate_policy on;
support_proxy on;
- proposal_check claim;
+ proposal_check obey;
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
fwrite($fd, $pskconf);
fclose($fd);
chmod("{$g['varetc_path']}/psk.txt", 0600);
- \r
+
/* start racoon */
mwexec("/usr/local/sbin/racoon -d -f {$g['varetc_path']}/racoon.conf");
- foreach ($ipseccfg['tunnel'] as $tunnel) {\r
- if (isset($tunnel['auto'])) {\r
+ foreach ($ipseccfg['tunnel'] as $tunnel) {
+ if (isset($tunnel['auto'])) {
$remotehost = substr($tunnel['remote-subnet'],0,strpos($tunnel['remote-subnet'],"/"));
$srchost = vpn_endpoint_determine($tunnel, $curwanip);
- if ($srchost)\r
- mwexec_bg("/sbin/ping -c 1 -S {$srchost} {$remotehost}");\r
- }\r
+ if ($srchost)
+ mwexec_bg("/sbin/ping -c 1 -S {$srchost} {$remotehost}");
+ }
}
}
}
- /* write current WAN IP to file */
- $fd = fopen("{$g['vardb_path']}/ipsec.wanip", "w");
- if ($fd) {
- fwrite($fd, $curwanip);
- fclose($fd);
- }
-
if (!$g['booting']) {
/* reload the filter */
filter_configure();
set iface enable tcpmssfix
set iface idle 1800
set iface up-script /usr/local/sbin/vpn-linkup
+ set iface down-script /usr/local/sbin/vpn-linkdown
set bundle enable multilink
set bundle enable crypt-reqd
set link yes acfcomp protocomp
set bundle disable radius-fallback
EOD;
+
+ if (isset($pptpdcfg['radius']['accounting'])) {
+ $mpdconf .= <<<EOD
+ set bundle enable radius-acct
+
+EOD;
+ }
}
fwrite($fd, $mpdconf);
system_resolvconf_generate();
/* start pccardd */
- system_pccard_start();
+ if (!in_array($g['platform'], $g['nopccard_platforms']))
+ system_pccard_start();
/* establish ipfilter ruleset */
filter_configure();
/* set up Optional interfaces */
interfaces_optional_configure();
+
+ /* start OpenVPN server & clients */
+ ovpn_configure();
/* resync ipfilter */
filter_resync();
sleep(1);
}
+ $curwanip = get_current_wan_address();
+
+ /* dhclient or MPD told us that the IP address has changed;
+ let's see if that's really true to avoid reloading things
+ when it's not really necessary (dhclient likes to
+ execute its dhclient-exit-hooks also on renewals)
+ */
+ if (file_exists("{$g['vardb_path']}/wanip")) {
+ $oldwanip = chop(file_get_contents("{$g['vardb_path']}/wanip"));
+
+ if ($curwanip == $oldwanip)
+ return 0; /* nothing to do */
+ }
+
/* resync ipfilter */
filter_resync();
+ /* flush NAT table */
+ filter_flush_nat_table();
+
/* reconfigure IPsec tunnels */
vpn_ipsec_configure(true);
/* fire up the BigPond client, if necessary */
if ($config['interfaces']['wan']['ipaddr'] == "bigpond")
- interfaces_wan_bigpond_configure();
+ interfaces_wan_bigpond_configure($curwanip);
+
+ /* write current WAN IP to file */
+ $fd = @fopen("{$g['vardb_path']}/wanip", "w");
+ if ($fd) {
+ fwrite($fd, $curwanip);
+ fclose($fd);
+ }
?>
if ($mode) {
if ($mode == "download") {
config_lock();
+
+ $fn = "config-" . $config['system']['hostname'] . "." .
+ $config['system']['domain'] . "-" . date("YmdHis") . ".xml";
+
$fs = filesize($g['conf_path'] . "/config.xml");
header("Content-Type: application/octet-stream");
- header("Content-Disposition: attachment; filename=config.xml");
+ header("Content-Disposition: attachment; filename=$fn");
header("Content-Length: $fs");
readfile($g['conf_path'] . "/config.xml");
config_unlock();
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: Backup/restore</title>
+<title><?=gentitle("Diagnostics: Backup/restore");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: Factory defaults</title>
+<title><?=gentitle("Diagnostics: Factory defaults");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: DHCP leases</title>
+<title><?=gentitle("Diagnostics: DHCP leases");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: IPsec</title>
+<title><?=gentitle("Diagnostics: IPsec");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: IPsec</title>
+<title><?=gentitle("Diagnostics: IPsec");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: System logs</title>
+<title><?=gentitle("Diagnostics: System logs");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<li class="tabact">System</li>
<li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
<li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabinact"><a href="diag_logs_vpn.php">PPTP VPN</a></li>
<li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
</ul>
</td></tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: System logs</title>
+<title><?=gentitle("Diagnostics: System logs");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<li class="tabinact"><a href="diag_logs.php">System</a></li>
<li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
<li class="tabact">DHCP</li>
+ <li class="tabinact"><a href="diag_logs_vpn.php">PPTP VPN</a></li>
<li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
</ul>
</td></tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: System logs</title>
+<title><?=gentitle("Diagnostics: System logs");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<li class="tabinact"><a href="diag_logs.php">System</a></li>
<li class="tabact">Firewall</li>
<li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabinact"><a href="diag_logs_vpn.php">PPTP VPN</a></li>
<li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
</ul>
</td></tr>
$pconfig['remoteserver'] = $config['syslog']['remoteserver'];
$pconfig['filter'] = isset($config['syslog']['filter']);
$pconfig['dhcp'] = isset($config['syslog']['dhcp']);
+$pconfig['vpn'] = isset($config['syslog']['vpn']);
$pconfig['system'] = isset($config['syslog']['system']);
$pconfig['enable'] = isset($config['syslog']['enable']);
$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']);
$config['syslog']['remoteserver'] = $_POST['remoteserver'];
$config['syslog']['filter'] = $_POST['filter'] ? true : false;
$config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false;
+ $config['syslog']['vpn'] = $_POST['vpn'] ? true : false;
$config['syslog']['system'] = $_POST['system'] ? true : false;
$config['syslog']['enable'] = $_POST['enable'] ? true : false;
$oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: System logs</title>
+<title><?=gentitle("Diagnostics: System logs");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
document.iform.remoteserver.disabled = 0;
document.iform.filter.disabled = 0;
document.iform.dhcp.disabled = 0;
+ document.iform.vpn.disabled = 0;
document.iform.system.disabled = 0;
} else {
document.iform.remoteserver.disabled = 1;
document.iform.filter.disabled = 1;
document.iform.dhcp.disabled = 1;
+ document.iform.vpn.disabled = 1;
document.iform.system.disabled = 1;
}
}
<li class="tabinact"><a href="diag_logs.php">System</a></li>
<li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
<li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabinact"><a href="diag_logs_vpn.php">PPTP VPN</a></li>
<li class="tabact">Settings</li>
</ul>
</td></tr>
IP address of remote syslog server<br> <br> <input name="system" id="system" type="checkbox" value="yes" onclick="enable_change(false)" <?php if ($pconfig['system']) echo "checked"; ?>>
system events <br> <input name="filter" id="filter" type="checkbox" value="yes" <?php if ($pconfig['filter']) echo "checked"; ?>>
firewall events<br> <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>>
- DHCP service events</td>
+ DHCP service events<br> <input name="vpn" id="vpn" type="checkbox" value="yes" <?php if ($pconfig['vpn']) echo "checked"; ?>>
+ PPTP VPN events</td>
</tr>
<tr>
<td width="22%" valign="top"> </td>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ diag_logs_vpn.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("/usr/sbin/clog -i -s 65536 /var/log/vpn.log");
+}
+
+function dump_clog($logfile, $tail) {
+ global $g, $config;
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ $llent = explode(",", $logent[5]);
+
+ echo "<tr>\n";
+ echo "<td class=\"listlr\" nowrap>" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "</td>\n";
+
+ if ($llent[0] == "login")
+ echo "<td class=\"listr\"><img src=\"in.gif\" width=\"11\" height=\"11\" title=\"login\"></td>\n";
+ else
+ echo "<td class=\"listr\"><img src=\"out.gif\" width=\"11\" height=\"11\" title=\"logout\"></td>\n";
+
+ echo "<td class=\"listr\">" . htmlspecialchars($llent[3]) . "</td>\n";
+ echo "<td class=\"listr\">" . htmlspecialchars($llent[2]) . " </td>\n";
+ echo "</tr>\n";
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("Diagnostics: System logs");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Diagnostics: System logs</p>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_logs.php">System</a></li>
+ <li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
+ <li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabact">PPTP VPN</li>
+ <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0"><tr>
+ <td colspan="4" class="listtopic">
+ Last <?=$nentries;?> firewall log entries</td>
+ </tr>
+ <tr>
+ <td class="listhdrr">Time</td>
+ <td class="listhdrr">Action</td>
+ <td class="listhdrr">User</td>
+ <td class="listhdrr">IP address</td>
+ </tr>
+ <?php dump_clog("/var/log/vpn.log", $nentries); ?>
+ </table>
+ <br><form action="diag_logs_vpn.php" method="post">
+<input name="clear" type="submit" class="formbtn" value="Clear log">
+</form>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+</body>
+</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: Ping</title>
+<title><?=gentitle("Diagnostics: Ping");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Diagnostics: Reset state</title>
+<title><?=gentitle("Diagnostics: Reset state");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<br>
<a href="/interfaces_lan.php" class="navlnk">LAN</a><br>
<a href="/interfaces_wan.php" class="navlnk">WAN</a><br>
- <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
+ <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): if (!isset($config['interfaces']['opt' . $i]['ovpn'])): ?>
<a href="/interfaces_opt.php?index=<?=$i;?>" class="navlnk"><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?></a><br>
- <?php endfor; ?>
+ <?php endif; endfor; ?>
<strong>Firewall</strong><br>
<a href="/firewall_rules.php" class="navlnk">Rules</a><br>
<a href="/firewall_nat.php" class="navlnk">NAT</a><br>
<a href="/services_dnsmasq.php" class="navlnk">DNS forwarder</a><br>
<a href="/services_dyndns.php" class="navlnk">Dynamic
DNS</a><br>
- <a href="/services_dhcp.php" class="navlnk">DHCP</a><br>
+ <a href="/services_dhcp.php" class="navlnk">DHCP server</a><br>
+ <a href="/services_dhcp_relay.php" class="navlnk">DHCP relay</a><br>
<a href="/services_snmp.php" class="navlnk">SNMP</a><br>
<a href="/services_proxyarp.php" class="navlnk">Proxy ARP</a><br>
<a href="/services_captiveportal.php" class="navlnk">Captive portal</a><br>
<a href="/services_wol.php" class="navlnk">Wake on LAN</a><br>
<strong>VPN</strong><br>
- <a href="/vpn_ipsec.php" class="navlnk">IPsec</a><br>
- <a href="/vpn_pptp.php" class="navlnk">PPTP</a><br>
+ <a href="/vpn_ipsec.php" class="navlnk">IPsec</a><br>
+ <a href="/vpn_pptp.php" class="navlnk">PPTP</a><br>
+ <a href="/vpn_openvpn.php" class="navlnk">OpenVPN</a><br>
<strong>Status</strong><br>
<a href="/index.php" class="navlnk">System</a><br>
<a href="/status_interfaces.php" class="navlnk">Interfaces</a><br>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Aliases</title>
+<title><?=gentitle("Firewall: Aliases");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: Firewall: Aliases: Edit alias</title>
+<title><?=gentitle("System: Firewall: Aliases: Edit alias");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT</title>
+<title><?=gentitle("Firewall: NAT");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT</title>
+<title><?=gentitle("Firewall: NAT");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT: Edit 1:1</title>
+<title><?=gentitle("Firewall: NAT: Edit 1:1");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT: Edit</title>
+<title><?=gentitle("Firewall: NAT: Edit");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT</title>
+<title><?=gentitle("Firewall: NAT");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT: Edit outbound mapping</title>
+<title><?=gentitle("Firewall: NAT: Edit outbound mapping");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT</title>
+<title><?=gentitle("Firewall: NAT");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: NAT: Edit Server NAT</title>
+<title><?=gentitle("Firewall: NAT: Edit Server NAT");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Rules</title>
+<title><?=gentitle("Firewall: Rules");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
else
$pconfig['proto'] = "any";
+ if ($a_filter[$id]['protocol'] == "icmp")
+ $pconfig['icmptype'] = $a_filter[$id]['icmptype'];
+
address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
$pconfig['srcmask'], $pconfig['srcnot'],
$pconfig['srcbeginport'], $pconfig['srcendport']);
$filterent['protocol'] = $_POST['proto'];
else
unset($filterent['protocol']);
+
+ if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
+ $filterent['icmptype'] = $_POST['icmptype'];
+ else
+ unset($filterent['icmptype']);
pconfig_to_address($filterent['source'], $_POST['src'],
$_POST['srcmask'], $_POST['srcnot'],
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Rules: Edit</title>
+<title><?=gentitle("Firewall: Rules: Edit");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
portsenabled = 0;
}
+ if (document.iform.proto.selectedIndex == 3) {
+ document.iform.icmptype.disabled = 0;
+ } else {
+ document.iform.icmptype.disabled = 1;
+ }
+
ext_change();
}
match.<br>
Hint: in most cases, you should specify <em>TCP</em> here.</span></td>
</tr>
+ <tr>
+ <td valign="top" class="vncell">ICMP type</td>
+ <td class="vtable">
+ <select name="icmptype" class="formfld">
+ <?php
+
+ $icmptypes = array(
+ "" => "any",
+ "unreach" => "Destination unreachable",
+ "echo" => "Echo",
+ "echorep" => "Echo reply",
+ "squench" => "Source quench",
+ "redir" => "Redirect",
+ "timex" => "Time exceeded",
+ "paramprob" => "Parameter problem",
+ "timest" => "Timestamp",
+ "timestrep" => "Timestamp reply",
+ "inforeq" => "Information request",
+ "inforep" => "Information reply",
+ "maskreq" => "Address mask request",
+ "maskrep" => "Address mask reply"
+ );
+
+ foreach ($icmptypes as $icmptype => $descr): ?>
+ <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>>
+ <?=htmlspecialchars($descr);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ <br>
+ <span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Source</td>
<td width="78%" class="vtable">
the destination of the packet for this rule.<br>
Hint: you can leave the <em>'to'</em> field empty if you only
want to filter a single port</span></td>
+
<tr>
<td width="22%" valign="top" class="vncellreq">Fragments</td>
<td width="78%" class="vtable">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper</title>
+<title><?=gentitle("Firewall: Traffic shaper");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p>
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?>>
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
<strong>Enable traffic shaper<br>
</strong></p></td>
</tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper: Edit rule</title>
+<title><?=gentitle("Firewall: Traffic shaper: Edit rule");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
function populate_p2p(&$rulei) {
global $config;
- /* To add p2p clients, push Descr,Protocol,Start,End onto p2plist */
+ /* To add p2p clients, push Descr,Protocol,Start,End,src/dest/both onto p2plist */
$p2plist[] = array('BitTorrent','tcp','6881','6999','both');
- $p2plist[] = array('DirectConnect','','412','412','source');
- $p2plist[] = array('DirectFileExpress','','1044','1045','source');
- $p2plist[] = array('FastTrack','','1214','1214','source');
- $p2plist[] = array('CuteMX','','2340','2340','source');
- $p2plist[] = array('iMest','','4329','4329','source');
- $p2plist[] = array('EDonkey2000','','4661','4665','source');
- $p2plist[] = array('SongSpy','','5190','5190','source');
- $p2plist[] = array('HotlineConnect','','5500','5503','source');
- $p2plist[] = array('Gnutella','','6346','6346','source');
- $p2plist[] = array('dcc','','6666','6668','source');
- $p2plist[] = array('Napster','','6699','6701','source');
- $p2plist[] = array('Aimster','','7668','7668','source');
- $p2plist[] = array('BuddyShare','','7788','7788','source');
- $p2plist[] = array('Scour','','8311','8311','source');
- $p2plist[] = array('OpenNap','','8888','8889','source');
- $p2plist[] = array('hotComm','','28864','28865','source');
+ $p2plist[] = array('DirectConnect','','412','412','both');
+ $p2plist[] = array('DirectFileExpress','','1044','1045','both');
+ $p2plist[] = array('FastTrack','','1214','1214','both');
+ $p2plist[] = array('CuteMX','','2340','2340','both');
+ $p2plist[] = array('iMest','','4329','4329','both');
+ $p2plist[] = array('EDonkey2000','','4661','4665','both');
+ $p2plist[] = array('SongSpy','','5190','5190','both');
+ $p2plist[] = array('HotlineConnect','','5500','5503','both');
+ $p2plist[] = array('Gnutella','','6346','6346','both');
+ $p2plist[] = array('dcc','','6666','6668','both');
+ $p2plist[] = array('Napster','','6699','6701','both');
+ $p2plist[] = array('Aimster','','7668','7668','both');
+ $p2plist[] = array('BuddyShare','','7788','7788','both');
+ $p2plist[] = array('Scour','','8311','8311','both');
+ $p2plist[] = array('OpenNap','','8888','8889','both');
+ $p2plist[] = array('hotComm','','28864','28865','both');
/* Set up/down p2p as lowest weight */
$direction = array("in","out");
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper</title>
+<title><?=gentitle("Firewall: Traffic shaper");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<td width="78%" class="vtable"><p>
- <input name="p2plow" type="checkbox" id="p2plow" value="yes" <?php if ($pconfig['p2plow'] == "yes") echo "checked";?>>
+ <input name="p2plow" type="checkbox" id="p2plow" value="yes" <?php if ($pconfig['p2plow']) echo "checked";?>>
Set P2P traffic to lowest priority<br>
</p></td>
</tr>
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<td width="78%" class="vtable"><p>
- <input name="maskq" type="checkbox" id="maskq" value="yes" <?php if ($pconfig['maskq'] == "yes") echo "checked";?>>
+ <input name="maskq" type="checkbox" id="maskq" value="yes" <?php if ($pconfig['maskq']) echo "checked";?>>
Share bandwidth evenly on LAN<br>
</p></td>
</tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper</title>
+<title><?=gentitle("Firewall: Traffic shaper");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper: Edit pipe</title>
+<title><?=gentitle("Firewall: Traffic shaper: Edit pipe");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper</title>
+<title><?=gentitle("Firewall: Traffic shaper");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Firewall: Traffic shaper: Edit queue</title>
+<title><?=gentitle("Firewall: Traffic shaper: Edit queue");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
$d_sysrebootreqd_path = $g['varrun_path'] . "/sysreboot.reqd";
$d_passthrumacsdirty_path = $g['varrun_path'] . "/passthrumacs.dirty";
$d_allowedipsdirty_path = $g['varrun_path'] . "/allowedips.dirty";
+$d_ovpnclidirty_path = $g['varrun_path'] . "/ovpnclient.dirty";
if (file_exists($d_firmwarelock_path)) {
if (!$d_isfwfile) {
usort($config['wol']['wolentry'], "wolcmp");
}
+function gentitle($pgname) {
+ global $config;
+ return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
+}
+
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI</title>
+<title><?=gentitle("m0n0wall webGUI");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Interfaces: Assign network ports</title>
+<title><?=gentitle("Interfaces: Assign network ports");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Interfaces: LAN</title>
+<title><?=gentitle("Interfaces: LAN");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Interfaces: Optional <?=$index;?> (<?=htmlspecialchars($optcfg['descr']);?>)</title>
+<title><?=gentitle("Interfaces: Optional $index (" . htmlspecialchars($optcfg['descr']) . ")");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Interfaces: Assign network ports: VLANs</title>
+<title><?=gentitle("Interfaces: Assign network ports: VLANs");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>m0n0wall webGUI - Interfaces: Assign network ports: VLANs: Edit</title>
+<html><head>
+<title><?=gentitle("Interfaces: Assign network ports: VLANs: Edit");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
$pconfig['username'] = $config['pppoe']['username'];
$pconfig['password'] = $config['pppoe']['password'];
$pconfig['provider'] = $config['pppoe']['provider'];
+$pconfig['pppoe_dialondemand'] = isset($config['pppoe']['ondemand']);
+$pconfig['pppoe_idletimeout'] = $config['pppoe']['timeout'];
$pconfig['pptp_username'] = $config['pptp']['username'];
$pconfig['pptp_password'] = $config['pptp']['password'];
$pconfig['pptp_local'] = $config['pptp']['local'];
$pconfig['pptp_subnet'] = $config['pptp']['subnet'];
$pconfig['pptp_remote'] = $config['pptp']['remote'];
+$pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']);
+$pconfig['pptp_idletimeout'] = $config['pptp']['timeout'];
$pconfig['bigpond_username'] = $config['bigpond']['username'];
$pconfig['bigpond_password'] = $config['bigpond']['password'];
$reqdfieldsn = explode(",", "IP address,Subnet bit count,Gateway");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
} else if ($_POST['type'] == "PPPoE") {
- $reqdfields = explode(" ", "username password");
- $reqdfieldsn = explode(",", "PPPoE username,PPPoE password");
+ if ($_POST['pppoe_dialondemand']) {
+ $reqdfields = explode(" ", "username password pppoe_dialondemand pppoe_idletimeout");
+ $reqdfieldsn = explode(",", "PPPoE username,PPPoE password,Dial on demand,Idle timeout value");
+ } else {
+ $reqdfields = explode(" ", "username password");
+ $reqdfieldsn = explode(",", "PPPoE username,PPPoE password");
+ }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
} else if ($_POST['type'] == "PPTP") {
- $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote");
- $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address");
+ if ($_POST['pptp_dialondemand']) {
+ $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote pptp_dialondemand pptp_idletimeout");
+ $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address,Dial on demand,Idle timeout value");
+ } else {
+ $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote");
+ $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address");
+ }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
} else if ($_POST['type'] == "BigPond") {
$reqdfields = explode(" ", "bigpond_username bigpond_password");
if (($_POST['provider'] && !is_domain($_POST['provider']))) {
$input_errors[] = "The service name contains invalid characters.";
}
+ if ($_POST['pppoe_idletimeout'] && !is_numericint($_POST['pppoe_idletimeout'])) {
+ $input_errors[] = "The idle timeout value must be an integer.";
+ }
if (($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local']))) {
$input_errors[] = "A valid PPTP local IP address must be specified.";
}
if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) {
$input_errors[] = "A valid PPTP remote IP address must be specified.";
}
+ if ($_POST['pptp_idletimeout'] && !is_numericint($_POST['pptp_idletimeout'])) {
+ $input_errors[] = "The idle timeout value must be an integer.";
+ }
if (($_POST['bigpond_authserver'] && !is_domain($_POST['bigpond_authserver']))) {
$input_errors[] = "The authentication server name contains invalid characters.";
}
unset($config['pppoe']['username']);
unset($config['pppoe']['password']);
unset($config['pppoe']['provider']);
+ unset($config['pppoe']['ondemand']);
+ unset($config['pppoe']['timeout']);
unset($config['pptp']['username']);
unset($config['pptp']['password']);
unset($config['pptp']['local']);
unset($config['pptp']['subnet']);
unset($config['pptp']['remote']);
+ unset($config['pptp']['ondemand']);
+ unset($config['pptp']['timeout']);
unset($config['bigpond']['username']);
unset($config['bigpond']['password']);
unset($config['bigpond']['authserver']);
$config['pppoe']['username'] = $_POST['username'];
$config['pppoe']['password'] = $_POST['password'];
$config['pppoe']['provider'] = $_POST['provider'];
+ $config['pppoe']['ondemand'] = $_POST['pppoe_dialondemand'] ? true : false;
+ $config['pppoe']['timeout'] = $_POST['pppoe_idletimeout'];
} else if ($_POST['type'] == "PPTP") {
$wancfg['ipaddr'] = "pptp";
$config['pptp']['username'] = $_POST['pptp_username'];
$config['pptp']['local'] = $_POST['pptp_local'];
$config['pptp']['subnet'] = $_POST['pptp_subnet'];
$config['pptp']['remote'] = $_POST['pptp_remote'];
+ $config['pptp']['ondemand'] = $_POST['pptp_dialondemand'] ? true : false;
+ $config['pptp']['timeout'] = $_POST['pptp_idletimeout'];
} else if ($_POST['type'] == "BigPond") {
$wancfg['ipaddr'] = "bigpond";
$config['bigpond']['username'] = $_POST['bigpond_username'];
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Interfaces: WAN</title>
+<title><?=gentitle("Interfaces: WAN");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!--
-function type_change() {
+function enable_change(enable_change) {
+ if (document.iform.pppoe_dialondemand.checked || enable_change) {
+ document.iform.pppoe_idletimeout.disabled = 0;
+ } else {
+ document.iform.pppoe_idletimeout.disabled = 1;
+ }
+}
+
+function enable_change_pptp(enable_change_pptp) {
+ if (document.iform.pptp_dialondemand.checked || enable_change_pptp) {
+ document.iform.pptp_idletimeout.disabled = 0;
+ document.iform.pptp_local.disabled = 0;
+ document.iform.pptp_remote.disabled = 0;
+ } else {
+ document.iform.pptp_idletimeout.disabled = 1;
+ }
+}
+
+function type_change(enable_change,enable_change_pptp) {
switch (document.iform.type.selectedIndex) {
case 0:
document.iform.username.disabled = 1;
document.iform.password.disabled = 1;
document.iform.provider.disabled = 1;
+ document.iform.pppoe_dialondemand.disabled = 1;
+ document.iform.pppoe_idletimeout.disabled = 1;
document.iform.ipaddr.disabled = 0;
document.iform.subnet.disabled = 0;
document.iform.gateway.disabled = 0;
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.pptp_dialondemand.disabled = 1;
+ document.iform.pptp_idletimeout.disabled = 1;
document.iform.bigpond_username.disabled = 1;
document.iform.bigpond_password.disabled = 1;
document.iform.bigpond_authserver.disabled = 1;
document.iform.username.disabled = 1;
document.iform.password.disabled = 1;
document.iform.provider.disabled = 1;
+ document.iform.pppoe_dialondemand.disabled = 1;
+ document.iform.pppoe_idletimeout.disabled = 1;
document.iform.ipaddr.disabled = 1;
document.iform.subnet.disabled = 1;
document.iform.gateway.disabled = 1;
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.pptp_dialondemand.disabled = 1;
+ document.iform.pptp_idletimeout.disabled = 1;
document.iform.bigpond_username.disabled = 1;
document.iform.bigpond_password.disabled = 1;
document.iform.bigpond_authserver.disabled = 1;
document.iform.username.disabled = 0;
document.iform.password.disabled = 0;
document.iform.provider.disabled = 0;
+ document.iform.pppoe_dialondemand.disabled = 0;
+ if (document.iform.pppoe_dialondemand.checked || enable_change) {
+ document.iform.pppoe_idletimeout.disabled = 0;
+ } else {
+ document.iform.pppoe_idletimeout.disabled = 1;
+ }
document.iform.ipaddr.disabled = 1;
document.iform.subnet.disabled = 1;
document.iform.gateway.disabled = 1;
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.pptp_dialondemand.disabled = 1;
+ document.iform.pptp_idletimeout.disabled = 1;
document.iform.bigpond_username.disabled = 1;
document.iform.bigpond_password.disabled = 1;
document.iform.bigpond_authserver.disabled = 1;
document.iform.username.disabled = 1;
document.iform.password.disabled = 1;
document.iform.provider.disabled = 1;
+ document.iform.pppoe_dialondemand.disabled = 1;
+ document.iform.pppoe_idletimeout.disabled = 1;
document.iform.ipaddr.disabled = 1;
document.iform.subnet.disabled = 1;
document.iform.gateway.disabled = 1;
document.iform.pptp_local.disabled = 0;
document.iform.pptp_subnet.disabled = 0;
document.iform.pptp_remote.disabled = 0;
+ document.iform.pptp_dialondemand.disabled = 0;
+ if (document.iform.pptp_dialondemand.checked || enable_change_pptp) {
+ document.iform.pptp_idletimeout.disabled = 0;
+ } else {
+ document.iform.pptp_idletimeout.disabled = 1;
+ }
document.iform.bigpond_username.disabled = 1;
document.iform.bigpond_password.disabled = 1;
document.iform.bigpond_authserver.disabled = 1;
document.iform.username.disabled = 1;
document.iform.password.disabled = 1;
document.iform.provider.disabled = 1;
+ document.iform.pppoe_dialondemand.disabled = 1;
+ document.iform.pppoe_idletimeout.disabled = 1;
document.iform.ipaddr.disabled = 1;
document.iform.subnet.disabled = 1;
document.iform.gateway.disabled = 1;
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.pptp_dialondemand.disabled = 1;
+ document.iform.pptp_idletimeout.disabled = 1;
document.iform.bigpond_username.disabled = 0;
document.iform.bigpond_password.disabled = 0;
document.iform.bigpond_authserver.disabled = 0;
<br> <span class="vexpl">Hint: this field can usually be left
empty</span></td>
</tr>
+ <tr>
+ <td valign="top" class="vncell">Dial on demand</td>
+ <td class="vtable"><input name="pppoe_dialondemand" type="checkbox" id="pppoe_dialondemand" value="enable" <?php if ($pconfig['pppoe_dialondemand']) echo "checked"; ?> onClick="enable_change(false)" >
+ <strong>Enable Dial-On-Demand mode</strong><br>
+ This option causes the interface to operate in dial-on-demand mode, allowing you to have a <i>virtual full time</i> connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Idle timeout</td>
+ <td class="vtable">
+ <input name="pppoe_idletimeout" type="text" class="formfld" id="pppoe_idletimeout" size="8" value="<?=htmlspecialchars($pconfig['pppoe_idletimeout']);?>">
+ seconds<br>
+ If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</td>
+ </tr>
<tr>
<td colspan="2" valign="top" height="16"></td>
</tr>
<td class="vtable"> <input name="pptp_remote" type="text" class="formfld" id="pptp_remote" size="20" value="<?=htmlspecialchars($pconfig['pptp_remote']);?>">
</td>
</tr>
- <tr>
+ <tr>
+ <td valign="top" class="vncell">Dial on demand</td>
+ <td class="vtable"><input name="pptp_dialondemand" type="checkbox" id="pptp_dialondemand" value="enable" <?php if ($pconfig['pptp_dialondemand']) echo "checked"; ?> onClick="enable_change_pptp(false)" >
+ <strong>Enable Dial-On-Demand mode</strong><br>
+ This option causes the interface to operate in dial-on-demand mode, allowing you to have a <i>virtual full time</i> connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Idle timeout</td>
+ <td class="vtable">
+ <input name="pptp_idletimeout" type="text" class="formfld" id="pptp_idletimeout" size="8" value="<?=htmlspecialchars($pconfig['pptp_idletimeout']);?>">
+ seconds<br>
+ If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature.</td>
+ </tr>
+ <tr>
<td colspan="2" valign="top" height="16"></td>
</tr>
<tr>
</tr>
<tr>
<td valign="middle"> </td>
- <td class="vtable"> <input name="blockpriv" type="checkbox" id="blockpriv" value="yes" <?php if ($pconfig['blockpriv'] == "yes") echo "checked"; ?>>
+ <td class="vtable"> <input name="blockpriv" type="checkbox" id="blockpriv" value="yes" <?php if ($pconfig['blockpriv']) echo "checked"; ?>>
<strong>Block private networks</strong><br>
When set, this option blocks traffic from IP addresses that
are reserved for private<br>
</tr>
<tr>
<td width="100" valign="top"> </td>
- <td> <br> <input name="Submit" type="submit" class="formbtn" value="Save">
+ <td> <br> <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change_pptp(true)&&enable_change(true)">
</td>
</tr>
</table>
</tr>
<tr>
<td valign="top" class="vncell">WEP</td>
- <td class="vtable"> <input name="wep_enable" type="checkbox" id="wep_enable" value="yes" <?php if ($pconfig['wep_enable'] == "yes") echo "checked"; ?>>
+ <td class="vtable"> <input name="wep_enable" type="checkbox" id="wep_enable" value="yes" <?php if ($pconfig['wep_enable']) echo "checked"; ?>>
<strong>Enable WEP</strong><br>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - License</title>
+<title><?=gentitle("License");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<em><font color="#666666">DHCP lease list page</font></em><br>
<br>
Peter Allgeyer (<a href="mailto:allgeyer@web.de">allgeyer@web.de</a>)<br>
- <em><font color="#666666">"reject" type filter rules</font></em><br>
+ <em><font color="#666666">"reject" type filter rules; dial-on-demand</font></em><br>
<br>
Thierry Lechat (<a href="mailto:dev@lechat.org">dev@lechat.org</a>)<br>
<em><font color="#666666">SVG-based traffic grapher</font></em><br>
<br>
Justin Ellison (<a href="mailto:justin@techadvise.com">justin@techadvise.com</a>)<br>
<em><font color="#666666">traffic shaper TOS matching; magic shaper; DHCP deny unknown clients;<br>
- IPsec user FQDNs</font></em><br>
+ IPsec user FQDNs; DHCP relay</font></em><br>
<br>
Fred Wright (<a href="mailto:fw@well.com">fw@well.com</a>)<br>
<em><font color="#666666">ipfilter window scaling fix; ipnat ICMP checksum adjustment fix; IPsec dead SA fixes</font></em><br>
<br>
- Michael Hanselmann (<a href="mailto:public@hansmi.ch">public@hansmi.ch</a>)<br>
+ Michael Hanselmann (<a href="mailto:m0n0@hansmi.ch">m0n0@hansmi.ch</a>)<br>
<em><font color="#666666">IDE hard disk standby</font></em><br>
<br>
Audun Larsen (<a href="mailto:larsen@xqus.com">larsen@xqus.com</a>)<br>
- <em><font color="#666666">CPU/memory usage display</font></em></p>
+ <em><font color="#666666">CPU/memory usage display</font></em><br>
+ <br>
+ Peter Curran (<a href="mailto:peter@closeconsultants.com">peter@closeconsultants.com</a>)<br>
+ <em><font color="#666666">OpenVPN support</font></em></p>
<hr size="1">
<p>m0n0wall is based upon/includes various free software packages,
listed below.<br>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Reboot system</title>
+<title><?=gentitle("Reboot system");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
+$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
+$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
if ($_POST) {
if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
}
+ if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
+ }
if (!$input_errors) {
$config['captiveportal']['interface'] = $_POST['cinterface'];
$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
+ $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
$config['captiveportal']['redirurl'] = $_POST['redirurl'];
$config['captiveportal']['radiusip'] = $_POST['radiusip'];
$config['captiveportal']['radiusport'] = $_POST['radiusport'];
+ $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
/* file upload? */
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Captive portal</title>
+<title><?=gentitle("Services: Captive portal");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
document.iform.cert.disabled = 0;
document.iform.key.disabled = 0;
document.iform.logoutwin_enable.disabled = 0;
+ document.iform.nomacfilter.disabled = 0;
document.iform.htmlfile.disabled = 0;
document.iform.errfile.disabled = 0;
} else {
document.iform.cert.disabled = 1;
document.iform.key.disabled = 1;
document.iform.logoutwin_enable.disabled = 1;
+ document.iform.nomacfilter.disabled = 1;
document.iform.htmlfile.disabled = 1;
document.iform.errfile.disabled = 1;
}
If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried
to access after they've authenticated.</td>
</tr>
+ <tr>
+ <td valign="top" class="vncell">MAC filtering </td>
+ <td class="vtable">
+ <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
+ <strong>Disable MAC filtering</strong><br>
+ If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. This is required when the MAC address of cannot be determined (usually because there are routers between m0n0wall and the clients).</td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">RADIUS server</td>
<td width="78%" class="vtable">
</tr><tr>
<td>Shared secret: </td>
<td><input name="radiuskey" type="text" class="formfld" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"> </td>
- </tr><tr>
- <td>RADIUS accounting: </td>
- <td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?> onClick="radacct_change()"></td>
- </tr></table>
+ </tr>
+ <tr>
+ <td>Accounting: </td>
+ <td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?> onClick="radacct_change()"></td>
+ </tr>
+ <tr>
+ <td>Accounting port: </td>
+ <td><input name="radiusacctport" type="text" class="formfld" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"></td>
+ </tr></table>
<br>
- Enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave blank to disable RADIUS authentication. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to port 1813 of the RADIUS server if RADIUS accounting is enabled.
+ Enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave blank to disable RADIUS authentication. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to the RADIUS server if accounting is enabled (default port is 1813).
</tr>
<tr>
<td valign="top" class="vncell">HTTPS login</td>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Captive portal: Allowed IP addresses</title>
+<title><?=gentitle("Services: Captive portal");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Captive portal: Edit allowed IP address</title>
+<title><?=gentitle("Services: Captive portal: Edit allowed IP address");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Captive portal: Pass-through MAC addresses</title>
+<title><?=gentitle("Services: Captive portal");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Captive portal: Edit pass-through MAC address</title>
+<title><?=gentitle("Services: Captive portal: Edit pass-through MAC address");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
if (ip2long($_POST['range_from']) > ip2long($_POST['range_to']))
$input_errors[] = "The range is invalid (first element higher than second element).";
+
+ /* make sure that the DHCP Relay isn't enabled on this interface */
+ if (isset($config['dhcrelay'][$if]['enable']))
+ $input_errors[] = "You must disable the DHCP relay on the {$iflist[$if]} interface before enabling the DHCP server.";
}
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: DHCP</title>
+<title><?=gentitle("Services: DHCP server");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
-<p class="pgtitle">Services: DHCP</p>
+<p class="pgtitle">Services: DHCP server</p>
<form action="services_dhcp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: DHCP: Edit static mapping</title>
+<title><?=gentitle("Services: DHCP: Edit static mapping");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_dhcp.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Justin Ellison <justin@techadvise.com>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function get_wan_dhcp_server() {
+ global $config, $g;
+ $dhclientfn = $g['vardb_path'] . "/dhclient.leases";
+ $leases = file($dhclientfn);
+ /* Start at the end, work backwards finding the latest lease for the WAN */
+ for ($i = (count($leases)-1); $i >= 0; $i--) {
+ if ($leases[$i] == "}") {
+ unset($iface);
+ unset($dhcpserver);
+ } elseif (strstr($leases[$i],"interface")) {
+ preg_match("/\s+interface \"(\w+)\";/",$leases[$i],$iface);
+ } elseif (strstr($leases[$i],"dhcp-server-identifier")) {
+ preg_match("/\s+dhcp-server-identifier (\d+\.\d+\.\d+\.\d+);/",$leases[$i],$dhcpserver);
+ }
+ if ($iface == $config['interfaces']['wan'] && isset($dhcpserver)) {
+ break;
+ }
+ }
+ return $dhcpserver[1];
+}
+
+
+require("guiconfig.inc");
+
+$if = $_GET['if'];
+if ($_POST['if'])
+ $if = $_POST['if'];
+
+$iflist = array("lan" => "LAN");
+
+for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $oc = $config['interfaces']['opt' . $i];
+
+ if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) {
+ $iflist['opt' . $i] = $oc['descr'];
+ }
+}
+
+if (!$if || !isset($iflist[$if]))
+ $if = "lan";
+
+$pconfig['enable'] = isset($config['dhcrelay'][$if]['enable']);
+$pconfig['server'] = $config['dhcrelay']['server'];
+$pconfig['proxydhcp'] = isset($config['dhcrelay']['proxydhcp']);
+$pconfig['agentoption'] = isset($config['dhcrelay']['agentoption']);
+
+$ifcfg = $config['interfaces'][$if];
+
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['enable']) {
+ if (isset($_POST['proxydhcp']))
+ $_POST['server'] = get_wan_dhcp_server();
+ $reqdfields = explode(" ", "server");
+ $reqdfieldsn = explode(",", "Destination Server");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (($_POST['server'] && !is_ipaddr($_POST['server'])))
+ $input_errors[] = "A valid Destination Server IP address must be specified.";
+
+ if (!$input_errors) {
+ /* make sure that the DHCP server isn't enabled on this interface */
+ if (isset($config['dhcpd'][$if]['enable']))
+ $input_errors[] = "You must disable the DHCP server on the {$iflist[$if]} interface before enabling the DHCP Relay.";
+ /* make sure that the DHCP server isn't running on any of the implied interfaces */
+ foreach ($config['interfaces'] as $ifname => $ifcfg) {
+ $subnet = $ifcfg['ipaddr'] . "/" . $ifcfg['subnet'];
+ if (ip_in_subnet($_POST['server'],$subnet))
+ $destif = $ifname;
+ }
+ if (!isset($destif))
+ $destif = "wan";
+ if (isset($config['dhcpd'][$destif]['enable']))
+ $input_errors[] = "You must disable the DHCP server on the {$destif} interface before enabling the DHCP Relay.";
+
+ /* if proxydhcp is selected, make sure DHCP is enabled on WAN */
+ if (isset($config['dhcrelay']['proxydhcp']) && $config['interfaces']['wan']['ipaddr'] != "dhcp")
+ $input_errors[] = "You must have DHCP active on the WAN interface before enabling the DHCP proxy option.";
+ }
+ }
+
+ if (!$input_errors) {
+ $config['dhcrelay']['agentoption'] = $_POST['agentoption'] ? true : false;
+ $config['dhcrelay']['proxydhcp'] = $_POST['proxydhcp'] ? true : false;
+ $config['dhcrelay']['server'] = $_POST['server'];
+ $config['dhcrelay'][$if]['enable'] = $_POST['enable'] ? true : false;
+
+ write_config();
+
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ config_lock();
+ $retval = services_dhcrelay_configure();
+ config_unlock();
+ }
+ $savemsg = get_std_save_message($retval);
+
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("Services: DHCP relay");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+<script language="JavaScript">
+<!--
+function enable_change(enable_over) {
+ if (document.iform.enable.checked || enable_over) {
+ document.iform.server.disabled = 0;
+ document.iform.agentoption.disabled = 0;
+ document.iform.proxydhcp.disabled = 0;
+ } else {
+ document.iform.server.disabled = 1;
+ document.iform.agentoption.disabled = 1;
+ document.iform.proxydhcp.disabled = 1;
+ }
+ if (document.iform.proxydhcp.checked) {
+ document.iform.server.disabled = 1;
+ }
+}
+//-->
+</script>
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: DHCP relay</p>
+<form action="services_dhcp_relay.php" method="post" name="iform" id="iform">
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+<?php foreach ($iflist as $ifent => $ifname):
+ if ($ifent == $if): ?>
+ <li class="tabact"><?=htmlspecialchars($ifname);?></li>
+<?php else: ?>
+ <li class="tabinact"><a href="services_dhcp_relay.php?if=<?=$ifent;?>"><?=htmlspecialchars($ifname);?></a></li>
+<?php endif; ?>
+<?php endforeach; ?>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
+ <strong>Enable DHCP relay on
+ <?=htmlspecialchars($iflist[$if]);?>
+ interface</strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+<input name="agentoption" type="checkbox" value="yes" <?php if ($pconfig['agentoption']) echo "checked"; ?>>
+ <strong>Append circuit ID and agent ID to requests</strong><br>
+ If this is checked, the DHCP relay will append the circuit ID (m0n0wall interface number) and the agent ID to the DHCP request.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Destination server</td>
+ <td width="78%" class="vtable">
+ <input name="proxydhcp" type="checkbox" value="yes" <?php if ($pconfig['proxydhcp']) echo "checked"; ?> onClick="enable_change(false)"> Proxy requests to DHCP server on WAN subnet
+ <br><br><input name="server" type="text" class="formfld" id="server" size="20" value="<?=htmlspecialchars($pconfig['server']);?>">
+ <br>
+ This is the IP address of the server to which the DHCP packet is relayed. Select "Proxy requests to DHCP server on WAN subnet" to relay DHCP packets to the server that was used on the WAN interface.
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="if" type="hidden" value="<?=$if;?>">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: DNS forwarder</title>
+<title><?=gentitle("Services: DNS forwarder");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p>
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?>>
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
<strong>Enable DNS forwarder<br>
</strong></p></td>
</tr>
<tr>
<td class="vtable"><p>
- <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>>
+ <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp']) echo "checked";?>>
<strong>Register DHCP leases in DNS forwarder<br>
</strong>If this option is set, then machines that specify
their hostname when requesting a DHCP lease will be registered
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: DNS forwarder: Edit host</title>
+<title><?=gentitle("Services: DNS forwarder: Edit host");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Dynamic DNS client</title>
+<title><?=gentitle("Services: Dynamic DNS client");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<tr>
<td width="22%" valign="top" class="vncellreq">Wildcards</td>
<td width="78%" class="vtable">
- <input name="wildcard" type="checkbox" id="wildcard" value="yes" <?php if ($pconfig['wildcard'] == "yes") echo "checked"; ?>>
+ <input name="wildcard" type="checkbox" id="wildcard" value="yes" <?php if ($pconfig['wildcard']) echo "checked"; ?>>
Enable Wildcard</td>
</tr>
<tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Proxy ARP</title>
+<title><?=gentitle("Services: Proxy ARP");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Proxy ARP: Edit</title>
+<title><?=gentitle("Services: Proxy ARP: Edit");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: SNMP</title>
+<title><?=gentitle("Services: SNMP");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Wake on LAN</title>
+<title><?=gentitle("Services: Wake on LAN");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Services: Wake on LAN: Edit entry</title>
+<title><?=gentitle("Services: Wake on LAN: Edit entry");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Status: Captive portal</title>
+<title><?=gentitle("Status: Captive portal");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<?php foreach ($cpdb as $cpent): ?>
<tr>
<td class="listlr"><?=$cpent[2];?></td>
- <td class="listr"><?=$cpent[3];?></td>
+ <td class="listr"><?=$cpent[3];?> </td>
<td class="listr"><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
<?php if ($_GET['showact']): ?>
<td class="listr"><?php if ($cpent[4]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[4]));?></td>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Status: Traffic graph</title>
+<title><?=gentitle("Status: Traffic graph");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
$ifinfo['status'] = "up";
}
- if ($ifinfo['if'] != $g['pppoe_interface']) {
+ if (($ifinfo['if'] != $g['pppoe_interface']) && (!strstr($ifinfo['if'],'tun'))) {
$ifinfo['macaddr'] = $linkinfo[3];
$ifinfo['inpkts'] = $linkinfo[4];
$ifinfo['inerrs'] = $linkinfo[5];
$ifinfo['macaddr'] = $matches[1];
}
}
+
+ /* get pppoe link status for dial on demand */
+ unset($ifconfiginfo);
+ exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo);
+
+ $ifinfo['pppoelink'] = "up";
+
+ foreach ($ifconfiginfo as $ici) {
+ if (strpos($ici, 'LINK0') !== false)
+ $ifinfo['pppoelink'] = "down";
+ }
+ }
+
+ /* get ppptp link status for dial on demand */
+ if (($ifdescr == "wan") && ($config['interfaces']['wan']['ipaddr'] == "pptp")) {
+
+ unset($ifconfiginfo);
+ exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo);
+
+ $ifinfo['pptplink'] = "up";
+
+ foreach ($ifconfiginfo as $ici) {
+ if (strpos($ici, 'LINK0') !== false)
+ $ifinfo['pptplink'] = "down";
+ }
}
}
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Status: Interfaces</title>
+<title><?=gentitle("Status: Interfaces");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<td width="78%" class="listr">
<?=htmlspecialchars($ifinfo['status']);?>
</td>
- </tr><?php if ($ifinfo['macaddr']): ?>
+ </tr><?php if ($ifinfo['pppoelink']): ?>
+ <tr>
+ <td width="22%" class="listhdrr">PPPoE</td>
+ <td width="78%" class="listr">
+ <?=htmlspecialchars($ifinfo['pppoelink']);?>
+ </td>
+ </tr><?php endif; if ($ifinfo['pptplink']): ?>
+ <tr>
+ <td width="22%" class="listhdrr">PPTP</td>
+ <td width="78%" class="listr">
+ <?=htmlspecialchars($ifinfo['pptplink']);?>
+ </td>
+ </tr><?php endif; if ($ifinfo['macaddr']): ?>
<tr>
<td width="22%" class="listhdrr">MAC address</td>
<td width="78%" class="listr">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - Status: Wireless</title>
+<title><?=gentitle("Status: Wireless");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: General setup</title>
+<title><?=gentitle("System: General setup");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<span class="vexpl">IP addresses; these are also used for
the DHCP service, DNS forwarder and for PPTP VPN clients<br>
<br>
- <input name="dnsallowoverride" type="checkbox" id="dnsallowoverride" value="yes" <?php if ($pconfig['dnsallowoverride'] == "yes") echo "checked"; ?>>
+ <input name="dnsallowoverride" type="checkbox" id="dnsallowoverride" value="yes" <?php if ($pconfig['dnsallowoverride']) echo "checked"; ?>>
<strong>Allow DNS server list to be overridden by DHCP/PPP
on WAN</strong><br>
If this option is set, m0n0wall will use DNS servers assigned
if ($g['platform'] == "generic-pc")
$pconfig['harddiskstandby'] = $config['system']['harddiskstandby'];
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
+$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- /* input validation */
+ /* input validation */
if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
$input_errors[] = "You must specify an IP address to NAT IPv6 packets.";
- }
+ }
+ if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
+ $input_errors[] = "The TCP idle timeout must be an integer.";
+ }
if (($_POST['cert'] && !$_POST['key']) || ($_POST['key'] && !$_POST['cert'])) {
$input_errors[] = "Certificate and key must always be specified together.";
} else if ($_POST['cert'] && $_POST['key']) {
$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
}
$config['system']['webgui']['noantilockout'] = $_POST['noantilockout'] ? true : false;
+ $config['filter']['tcpidletimeout'] = $_POST['tcpidletimeout'];
write_config();
if (!file_exists($d_sysrebootreqd_path)) {
config_lock();
$retval = filter_configure();
- $retval = interfaces_optional_configure();
+ $retval |= interfaces_optional_configure();
config_unlock();
}
$savemsg = get_std_save_message($retval);
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: Advanced functions</title>
+<title><?=gentitle("System: Advanced functions");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell"> </td>
<td width="78%" class="vtable">
<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)">
<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893)
<td colspan="2" valign="top" class="listtopic">Filtering bridge</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell"> </td>
<td width="78%" class="vtable">
<input name="filteringbridge_enable" type="checkbox" id="filteringbridge_enable" value="yes" <?php if ($pconfig['filteringbridge_enable']) echo "checked"; ?>>
<strong>Enable filtering bridge</strong><span class="vexpl"><br>
<td colspan="2" valign="top" class="listtopic">Miscellaneous</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell">Console menu </td>
<td width="78%" class="vtable">
<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?>>
<strong>Disable console menu</strong><span class="vexpl"><br>
Changes to this option will take effect after a reboot.</span></td>
</tr>
<tr>
- <td valign="top" class="vtable"> </td>
+ <td valign="top" class="vncell">Firmware version check </td>
<td class="vtable">
<input name="disablefirmwarecheck" type="checkbox" id="disablefirmwarecheck" value="yes" <?php if ($pconfig['disablefirmwarecheck']) echo "checked"; ?>>
<strong>Disable firmware version check</strong><span class="vexpl"><br>
This will cause m0n0wall not to check for newer firmware versions when the <a href="system_firmware.php">System: Firmware</a> page is viewed.</span></td>
</tr>
+ <tr>
+ <td valign="top" class="vncell">TCP idle timeout </td>
+ <td class="vtable"> <span class="vexpl">
+ <input name="tcpidletimeout" type="text" class="formfld" id="tcpidletimeout" size="8" value="<?=htmlspecialchars($pconfig['tcpidletimeout']);?>">
+ seconds<br>
+ Idle TCP connections will be removed from the state table after no packets have been received for the specified number of seconds. Don't set this too high or your state table could become full of connections that have been improperly shut down. The default is 2.5 hours.</span></td>
+ </tr>
<?php if ($g['platform'] == "generic-pc"): ?>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell">Hard disk standby time </td>
<td width="78%" class="vtable">
- <strong>Hard disk standby time: </strong>
<select name="harddiskstandby" class="formfld">
<?php
/* Values from ATA-2
</tr>
<?php endif; ?>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell">Navigation</td>
<td width="78%" class="vtable">
<input name="expanddiags" type="checkbox" id="expanddiags" value="yes" <?php if ($pconfig['expanddiags']) echo "checked"; ?>>
<strong>Keep diagnostics in navigation expanded </strong></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vtable"> </td>
+ <td width="22%" valign="top" class="vncell">webGUI anti-lockout</td>
<td width="78%" class="vtable">
<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?>>
<strong>Disable webGUI anti-lockout rule</strong><br>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: Firmware</title>
+<title><?=gentitle("System: Firmware");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: Static routes</title>
+<title><?=gentitle("System: Static routes");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - System: Static routes: Edit route</title>
+<title><?=gentitle("System: Static routes: Edit route");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: IPsec</title>
+<title><?=gentitle("VPN: IPsec");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p><span class="vexpl"> </span>
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?>>
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked";?>>
<strong>Enable IPsec<br>
</strong></p></td>
</tr>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: IPsec: Edit tunnel</title>
+<title><?=gentitle("VPN: IPsec: Edit tunnel");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: IPsec</title>
+<title><?=gentitle("VPN: IPsec");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: IPsec: Edit pre-shared key</title>
+<title><?=gentitle("VPN: IPsec: Edit pre-shared key");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: IPsec</title>
+<title><?=gentitle("VPN: IPsec");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_openvpn.php
+
+ Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require_once("openvpn.inc");
+
+if (!is_array($config['ovpn']))
+ $config['ovpn'] = array();
+if (!is_array($config['ovpn']['server'])){
+ $config['ovpn']['server'] = array();
+ $config['ovpn']['server']['tun_iface'] = "tun0";
+ $config['ovpn']['server']['psh_options'] = array();
+ /* Initialise with some sensible defaults */
+ $config['ovpn']['server']['port'] = 5000;
+ $config['ovpn']['server']['proto'] = 'UDP';
+ $config['ovpn']['server']['maxcli'] = 25;
+ $config['ovpn']['server']['crypto'] = 'BF-CBC';
+ $config['ovpn']['server']['dupcn'] = true;
+ $config['ovpn']['server']['verb'] = 1;
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+
+ /* input validation */
+ if ($_POST['enable']) {
+ $reqdfields = explode(" ", "tun_iface bind_iface ipblock");
+ $reqdfieldsn = explode(",", "Tunnel type,Interface binding,IP address block start");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ }
+
+ /* need a test here to make sure prefix and max_clients are coherent */
+
+ /* Sort out the cert+key files */
+ if (is_null($_POST['ca_cert']))
+ $input_errors[] = "You must provide a CA certificate file";
+ elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
+ $input_errors[] = "The CA certificate does not appear to be valid.";
+
+ if (is_null($_POST['srv_cert']))
+ $input_errors[] = "You must provide a server certificate file";
+ elseif (!strstr($_POST['srv_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['srv_cert'], "END CERTIFICATE"))
+ $input_errors[] = "The server certificate does not appear to be valid.";
+
+ if (is_null($_POST['srv_key']))
+ $input_errors[] = "You must provide a server key file";
+ elseif (!strstr($_POST['srv_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['srv_key'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "The server key does not appear to be valid.";
+
+ if (is_null($_POST['dh_param']))
+ $input_errors[] = "You must provide a DH parameters file";
+ elseif (!strstr($_POST['dh_param'], "BEGIN DH PARAMETERS") || !strstr($_POST['dh_param'], "END DH PARAMETERS"))
+ $input_errors[] = "The DH parameters do not appear to be valid.";
+
+ if (!$input_errors) {
+ $server =& $config['ovpn']['server'];
+ $server['enable'] = $_POST['enable'] ? true : false;
+
+ /* Make sure that the tunnel interface type has not changed */
+ if ($server['tun_iface'] != $_POST['tun_iface']){
+ $server['tun_iface'] = $_POST['tun_iface'];
+ touch($d_sysrebootreqd_path);
+ }
+
+ $server['bind_iface'] = $_POST['bind_iface'];
+ $server['port'] = $_POST['port'];
+ $server['proto'] = $_POST['proto'];
+
+ /* Make sure the IP address and/or prefix have not changed */
+ if ($server['ipblock'] != $_POST['ipblock']){
+ $server['ipblock'] = $_POST['ipblock'];
+ touch($d_sysrebootreqd_path);
+ }
+ if ($server['prefix'] != $_POST['prefix']){
+ $server['prefix'] = $_POST['prefix'];
+ touch($d_sysrebootreqd_path);
+ }
+
+ $server['maxcli'] = $_POST['maxcli'];
+ $server['crypto'] = $_POST['crypto'];
+ $server['cli2cli'] = $_POST['cli2cli'] ? true : false;
+ $server['dupcn'] = $_POST['dupcn'] ? true : false;
+ $server['psh_options']['redir'] = $_POST['psh_redir'] ? true : false;
+ $server['psh_options']['redir_loc'] = $_POST['psh_redir_loc'] ? true : false;
+ if ($_POST['psh_rtedelay'])
+ $server['psh_options']['rtedelay'] = $_POST['psh_rtedelay_int'];
+ if ($_POST['psh_ping'])
+ $server['psh_options']['ping'] = $_POST['psh_ping_int'];
+ if ($_POST['psh_pingexit'])
+ $server['psh_options']['pingexit'] = $_POST['psh_pingexit_int'];
+ if ($_POST['psh_pingrst'])
+ $server['psh_options']['pingrst'] = $_POST['psh_pingrst_int'];
+ if ($_POST['inact'])
+ $server['psh_options']['inact'] = $_POST['psh_inact_int'];
+ $server['ca_cert'] = base64_encode($_POST['ca_cert']);
+ $server['srv_cert'] = base64_encode($_POST['srv_cert']);
+ $server['srv_key'] = base64_encode($_POST['srv_key']);
+ $server['dh_param'] = base64_encode($_POST['dh_param']);
+
+ write_config();
+
+ $retval = 0;
+ if (file_exists($d_sysrebootreqd_path)) {
+ /* Rewrite interface definitions */
+ $retval = ovpn_server_iface();
+ }
+ else{
+ ovpn_lock();
+ $retval = ovpn_config_server();
+ ovpn_unlock();
+ }
+ $savemsg = get_std_save_message($retval);
+ }
+}
+
+/* Simply take a copy of the array */
+$pconfig = $config['ovpn']['server'];
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("VPN: OpenVPN");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">VPN: OpenVPN</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
+
+<form action="vpn_openvpn.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Server</li>
+ <li class="tabinact"><a href="vpn_openvpn_cli.php">Client</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration.
+ Backup your configuration before using OpenVPN, and restore it before upgrading.<br>
+ <br>
+ </span></strong><table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+ <input name="enable" type="checkbox" value="yes" <?php if (isset($pconfig['enable'])) echo "checked"; ?>>
+ <strong>Enable OpenVPN server </strong></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Tunnel type</td>
+ <td width="78%" class="vtable">
+ <input type="radio" name="tun_iface" class="formfld" value="tun0" <?php if ($pconfig['tun_iface'] == 'tun0') echo "checked"; ?>>
+ TUN
+ <input type="radio" name="tun_iface" class="formfld" value="tap0" <?php if ($pconfig['tun_iface'] == 'tap0') echo "checked"; ?>>
+ TAP
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">OpenVPN protocol/port</td>
+ <td width="78%" class="vtable">
+ <input type="radio" name="proto" class="formfld" value="UDP" <?php if ($pconfig['proto'] == 'UDP') echo "checked"; ?>>
+ UDP
+ <input type="radio" name="proto" class="formfld" value="TCP" <?php if ($pconfig['proto'] == 'TCP') echo "checked"; ?>>
+ TCP<br><br>
+ Port:
+ <input name="port" type="text" class="formfld" size="5" maxlength="5" value="<?= $pconfig['port']; ?>"><br>
+ Enter the port number to use for the server (default is 5000).</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface binding</td>
+ <td width="78%" class="vtable">
+ <select name="bind_iface" class="formfld">
+ <?php
+ $interfaces = ovpn_real_interface_list();
+ foreach ($interfaces as $key => $iface):
+ ?>
+ <option value="<?=$key;?>" <?php if ($key == $pconfig['bind_iface']) echo "selected"; ?>> <?= $iface;?>
+ </option>
+ <?php endforeach;?>
+ </select>
+ <span class="vexpl"><br>
+ Choose an interface for the OpenVPN server to listen on.</span></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">IP address block</td>
+ <td width="78%" class="vtable">
+ <input name="ipblock" type="text" class="formfld" size="20" value="<?=htmlspecialchars($pconfig['ipblock']);?>">
+ /
+ <select name="prefix" class="formfld">
+ <?php for ($i = 29; $i > 19; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['prefix']) echo "selected"; ?>>
+ <?=$i;?>
+ </option>
+ <?php endfor; ?>
+ </select>
+ <br>
+ Enter the IP address block for the OpenVPN server and clients to use.<br>
+ <br>
+ Maximum number of simultaneous clients:
+ <input name="maxcli" type="text" class="formfld" size="3" maxlength="3" value="<?=htmlspecialchars($pconfig['maxcli']);?>">
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">CA certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
+ <br>
+ Paste a CA certificate in X.509 PEM format here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Server certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="srv_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_cert']));?></textarea>
+ <br>
+ Paste a server certificate in X.509 PEM format here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Server key</td>
+ <td width="78%" class="vtable">
+ <textarea name="srv_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['srv_key']));?></textarea>
+ <br>Paste the server RSA private key here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">DH parameters</td>
+ <td width="78%" class="vtable">
+ <textarea name="dh_param" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['dh_param']));?></textarea>
+ <br>
+ Paste the Diffie-Hellman parameters in PEM format here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Crypto</td>
+ <td width="78%" class="vtable">
+ <select name="crypto" class="formfld">
+ <?php $cipher_list = ovpn_get_cipher_list();
+ foreach($cipher_list as $key => $value){
+ ?>
+ <option value="<?= $key ?>" <?php if ($pconfig['crypto'] == $key) echo "selected"; ?>>
+ <?= $value ?>
+ </option>
+ <?php
+ }
+ ?>
+ </select>
+ <br>
+ Select a data channel encryption cipher.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Internal routing mode</td>
+ <td width="78%" class="vtable">
+ <input name="cli2cli" type="checkbox" value="yes" <?php if (isset($pconfig['cli2cli'])) echo "checked"; ?>>
+ <strong>Enable client-to-client routing</strong><br>
+ If this option is on, clients are allowed to talk to each other.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Client authentication</td>
+ <td width="78%" class="vtable">
+ <input name="dupcn" type="checkbox" value="yes" <?php if (isset($pconfig['dupcn'])) echo "checked"; ?>>
+ <strong>Permit duplicate client certificates</strong><br>
+ If this option is on, clients with duplicate certificates will not be disconnected.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Client-push options</td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><input type="checkbox" name="psh_redir" value="yes" <?php if (isset($pconfig['psh_options']['redir'])) echo "checked"; ?>>
+ Redirect-gateway</td>
+ <td> </td>
+ <td><input type="checkbox" name="psh_redir_loc" value="yes" <?php if (isset($pconfig['psh_options']['redir_loc'])) echo "checked"; ?>>
+ Local</td>
+ </tr>
+ <tr>
+ <td><input type="checkbox" name="psh_rtedelay" value="yes" <?php if (isset($pconfig['psh_options']['rtedelay'])) echo "checked"; ?>> Route-delay</td>
+ <td width="16"> </td>
+ <td><input type="text" name="psh_rtedelay_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['rtedelay']?>"> seconds</td>
+ </tr>
+ <tr>
+ <td><input type="checkbox" name="psh_inact" value="yes" <?php if (isset($pconfig['psh_options']['inact'])) echo "checked"; ?>>
+ Inactive</td>
+ <td> </td>
+ <td><input type="text" name="psh_inact_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['inact']?>">
+ seconds</td>
+ </tr>
+ <tr>
+ <td><input type="checkbox" name="psh_ping" value="yes" <?php if (isset($pconfig['psh_options']['ping'])) echo "checked"; ?>> Ping</td>
+ <td> </td>
+ <td>Interval: <input type="text" name="psh_ping_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['ping']?>"> seconds</td>
+ </tr>
+ <tr>
+ <td><input type="checkbox" name="psh_pingexit" value="yes" <?php if (isset($pconfig['psh_options']['pingexit'])) echo "checked"; ?>> Ping-exit</td>
+ <td> </td>
+ <td>Interval: <input type="text" name="psh_pingexit_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['pingexit']?>"> seconds</td>
+ </tr>
+ <tr>
+ <td><input type="checkbox" name="psh_pingrst" value="yes" <?php if (isset($pconfig['psh_options']['pingrst'])) echo "checked"; ?>> Ping-restart</td>
+ <td> </td>
+ <td>Interval: <input type="text" name="psh_pingrst_int" class="formfld" size="4" value="<?= $pconfig['psh_options']['pingrst']?>"> seconds</td>
+ </tr>
+ </table></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>Changing any settings on this page will disconnect all clients!</span>
+ </td>
+ </tr>
+ </table> </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_openvpn_cli.php
+
+ Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require_once("openvpn.inc");
+
+if (!is_array($config['ovpn']))
+ $config['ovpn'] = array();
+if (!is_array($config['ovpn']['client'])){
+ $config['ovpn']['client'] = array();
+ $config['ovpn']['client']['tunnel'] = array();
+}
+
+$ovpncli =& $config['ovpn']['client']['tunnel'];
+
+if ($_POST['apply']) {
+ $retval = 0;
+ if (file_exists($d_sysrebootreqd_path)) {
+ /* Rewrite interface definitions */
+ $retval = ovpn_client_iface();
+ }
+ else{
+ ovpn_lock();
+ $retval = ovpn_config_client();
+ ovpn_unlock();
+ }
+ if (file_exists($d_ovpnclidirty_path))
+ unlink($d_ovpnclidirty_path);
+ $savemsg = get_std_save_message($retval);
+}
+
+if ($_GET['act'] == "del") {
+ if ($ovpncli[$_GET['id']]) {
+ unset($ovpncli[$_GET['id']]);
+ write_config();
+ ovpn_client_kill($_GET['id']);
+ touch($d_ovpnclidirty_path);
+ header("Location: vpn_openvpn_cli.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("VPN: OpenVPN");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">VPN: OpenVPN</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if (file_exists($d_sysrebootreqd_path) && !file_exists($d_ovpnclidirty_path)) print_info_box(get_std_save_message(0)); ?>
+<form action="vpn_openvpn_cli.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<?php if (file_exists($d_ovpnclidirty_path)): ?><p>
+<?php print_info_box_np("The OpenVPN client configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_openvpn.php">Server</a></li>
+ <li class="tabact">Client</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <strong><span class="red">WARNING: This feature is experimental and modifies your optional interface configuration.
+ Backup your configuration before using OpenVPN, and restore it before upgrading.<br>
+ <br>
+ </span></strong>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="10%" class="listhdrr">Interface</td>
+ <td width="30%" class="listhdrr">Server address</td>
+ <td width="10%" class="listhdrr" align="middle">Version</td>
+ <td width="40%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+
+ <?php $i = 0; foreach ($ovpncli as $client):
+ if (!isset($client['enable'])) {
+ $spans = "<span class=\"gray\">";
+ $spane = "</span>";
+ } else {
+ $spans = $spane = "";
+ }
+ ?>
+
+ <tr>
+ <td class="listlr"><?=$spans;?>
+ <?= $client['if'].":".$client['cport'];?>
+ <?=$spane;?></td>
+ <td class="listr"><?=$spans;?>
+ <?= $client['saddr'].":".$client['sport'];?>
+ <?=$spane;?></td>
+ <td align="middle" class="listr"><?=$spans;?>
+ <?= $client['ver'];?>
+ <?=$spane;?></td>
+ <td class="listbg"><?=$spans;?>
+ <?= $client['descr'];?>
+ <?=$spane;?></td>
+ <td valign="middle" nowrap class="list"> <a href="vpn_openvpn_cli_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ <a href="vpn_openvpn_cli.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this client configuration?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="4"> </td>
+ <td class="list"> <a href="vpn_openvpn_cli_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ vpn_openvpn_cli_edit.php
+
+ Copyright (C) 2004 Peter Curran (peter@closeconsultants.com).
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require_once("openvpn.inc");
+
+if (!is_array($config['ovpn']))
+ $config['ovpn'] = array();
+if (!is_array($config['ovpn']['client'])){
+ $config['ovpn']['client'] = array();
+ $config['ovpn']['client']['tunnel'] = array();
+}
+
+function getnxt_if($type) {
+ /* find the first available device of type $type */
+ global $config;
+ $a_client = $config['ovpn']['client']['tunnel'];
+ $max = ($type == 'tun') ? 17 : 4;
+ for ($i = 1; $i < $max ; $i++) {
+ $hit = false;
+ foreach ($a_client as $client) {
+ if ($client['iface'] == $type . $i) {
+ $hit = true;
+ break;
+ }
+ }
+ if (!$hit)
+ return $type . $i;
+ }
+ return false;
+}
+
+
+function getnxt_port() {
+ /* Get first unused port */
+ global $config;
+ $a_client = $config['ovpn']['client']['tunnel'];
+ $port = 5001;
+ while (true) {
+ $hit = false;
+ foreach ($a_client as $client) {
+ if ($client['cport'] == $port) {
+ $hit = true;
+ break;
+ }
+ }
+ if (!$hit)
+ return $port;
+ $port++;
+ }
+ return false; /* should never get here */
+}
+
+
+$ovpncli =& $config['ovpn']['client']['tunnel'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $ovpncli[$id]) {
+ $pconfig = $config['ovpn']['client']['tunnel'][$id];
+ if (isset($ovpncli[$id]['pull']))
+ $pconfig['pull'] = true;
+}
+else {
+ /* creating - set defaults */
+ $pconfig = array();
+ $pconfig['type'] = 'tun';
+ $pconfig['proto'] = 'udp';
+ $pconfig['sport'] = '5000';
+ $pconfig['ver'] = '2';
+ $pconfig['crypto'] = 'BF-CBC';
+ $pconfig['pull'] = true;
+ $pconfig['enable'] = true;
+}
+
+if (isset($_POST['pull'])) {
+ /* Called from form */
+ unset($input_errors);
+ if (is_null($_POST['ca_cert']))
+ $input_errors[] = "You must provide a CA certificate file";
+ elseif (!strstr($_POST['ca_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['ca_cert'], "END CERTIFICATE"))
+ $input_errors[] = "The CA certificate does not appear to be valid.";
+
+ if (is_null($_POST['cli_cert']))
+ $input_errors[] = "You must provide a client certificate file";
+ elseif (!strstr($_POST['cli_cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cli_cert'], "END CERTIFICATE"))
+ $input_errors[] = "The client certificate does not appear to be valid.";
+
+ if (is_null($_POST['cli_key']))
+ $input_errors[] = "You must provide a client key file";
+ elseif (!strstr($_POST['cli_key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['cli_key'], "END RSA PRIVATE KEY"))
+ $input_errors[] = "The client key does not appear to be valid.";
+
+ if (!$input_errors) {
+ if (isset($id)) {
+ /* Editing an existing entry */
+ $ovpnent = $ovpncli[$id];
+ /* Test Server type hasn't changed */
+ if ($ovpnent['type'] != $_POST['type']) {
+ $nxt_if = getnxt_if($_POST['type']);
+ if (!$nxt_if)
+ $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
+ else
+ $ovpnent['if'] = $nxt_if;
+ /* Need to reboot in order to create interfaces cleanly */
+ touch($d_sysrebootreqd_path);
+ }
+ /* Has the enable/disable state changed? */
+ if (isset($ovpnent['enable']) && isset($_POST['disabled'])) {
+ touch($d_sysrebootreqd_path);
+ touch($d_ovpnclidirty_path);
+ ovpn_client_kill($id);
+ ovpn_client_iface_del($id);
+ }
+ if (!isset($ovpnent['enable']) && !isset($_POST['disabled'])) {
+ touch($d_sysrebootreqd_path);
+ touch($d_ovpnclidirty_path);
+ }
+ }
+ else {
+ /* Creating a new entry */
+ $ovpnent = array();
+ $nxt_if = getnxt_if($_POST['type']);
+ if (!$nxt_if)
+ $input_errors[] = "Run out of devices for a tunnel of type {$_POST['type']}";
+ else
+ $ovpnent['if'] = $nxt_if;
+ $ovpnent['cport'] = getnxt_port();
+ /* I think we have to reboot to have the interface created cleanly */
+ touch($d_sysrebootreqd_path);
+ }
+ $ovpnent['type'] = $_POST['type'];
+ $ovpnent['proto'] = $_POST['proto'];
+ $ovpnent['sport'] = $_POST['sport'];
+ $ovpnent['ver'] = $_POST['ver'];
+ $ovpnent['saddr'] = $_POST['saddr'];
+ $ovpnent['descr'] = $_POST['descr'];
+ $ovpnent['ca_cert'] = base64_encode($_POST['ca_cert']);
+ $ovpnent['cli_cert'] = base64_encode($_POST['cli_cert']);
+ $ovpnent['cli_key'] = base64_encode($_POST['cli_key']);
+ $ovpnent['crypto'] = $_POST['crypto'];
+ $ovpnent['pull'] = true; //This is a fixed config for this version
+ $ovpnent['enable'] = isset($_POST['disabled']) ? false : true;
+
+
+ if (isset($id) && $ovpncli[$id]){
+ $ovpncli[$id] = $ovpnent;
+ }
+ else{
+ $ovpncli[] = $ovpnent;
+ }
+
+ write_config();
+ touch($d_ovpnclidirty_path);
+ header("Location: vpn_openvpn_cli.php");
+ exit;
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title><?=gentitle("VPN: OpenVPN: Edit client");?></title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">VPN: OpenVPN: Edit client</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+
+<form action="vpn_openvpn_cli_edit.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Disabled</td>
+ <td width="78%" class="vtable">
+ <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if (!isset($pconfig['enable'])) echo "checked"; ?>>
+ <strong>Disable this client</strong><br>
+ <span class="vexpl">Set this option to disable this client without removing it from the list.</span>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Server information</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">Tunnel type</td>
+ <td class="vtable">
+ <input name="type" type="radio" class="formfld" value="tun" <?php if ($pconfig['type'] == 'tun') echo "checked"; ?>> TUN
+<input name="type" type="radio" class="formfld" value="tap" <?php if ($pconfig['type'] == 'tap') echo "checked"; ?>> TAP</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Tunnel protocol</td>
+ <td width="78%" class="vtable">
+<input name="proto" type="radio" class="formfld" value="udp" <?php if ($pconfig['proto'] == 'udp') echo "checked"; ?>> UDP
+<input name="proto" type="radio" class="formfld" value="tcp" <?php if ($pconfig['proto'] == 'tcp') echo "checked"; ?>> TCP<br>
+ <span class="vexpl">Important: These settings must match the server's configuration.</span></td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Port</td>
+ <td width="78%" class="vtable">
+ <input name="sport" type="text" class="formfld" size="5" maxlength="5" value="<?=htmlspecialchars($pconfig['sport']);?>"><br>
+ Enter the server's port number (default is 5000).</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Address</td>
+ <td width="78%" class="vtable">
+ <input name="saddr" type="text" class="formfld" size="20" maxlength="255" value="<?=htmlspecialchars($pconfig['saddr']);?>">
+ <br>
+ Enter the server's IP address or FQDN.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Version</td>
+ <td width="78%" class="vtable">
+ <input name="ver" type="radio" class="formfld" value="2" <?php if ($pconfig['ver'] == '2') echo "checked"; ?>> 2.0
+ <input name="ver" type="radio" class="formfld" value="1" <?php if ($pconfig['ver'] == '1') echo "checked"; ?>> 1.x
+ <br>
+ Specify which version of the OpenVPN protocol the server runs.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td>
+ </tr>
+
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Client configuration</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Interface</td>
+ <td width="78%" class="vtable">
+ <strong>Auto</strong>
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Port</td>
+ <td width="78%" class="vtable">
+ <strong>Auto</strong>
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">CA certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="ca_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['ca_cert']));?></textarea>
+ <br>
+ Paste a CA certificate in X.509 PEM format here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Client certificate</td>
+ <td width="78%" class="vtable">
+ <textarea name="cli_cert" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['cli_cert']));?></textarea>
+ <br>
+ Paste a client certificate in X.509 PEM format here.</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Client key</td>
+ <td width="78%" class="vtable">
+ <textarea name="cli_key" cols="65" rows="4" class="formpre"><?=htmlspecialchars(base64_decode($pconfig['cli_key']));?></textarea>
+ <br>Paste the client RSA private key here.</td>
+ </tr>
+
+
+ <tr>
+ <td width="22%" valign="top" class="vncell">Crypto</td>
+ <td width="78%" class="vtable">
+ <select name="crypto" class="formfld">
+ <?php $cipher_list = ovpn_get_cipher_list();
+ foreach($cipher_list as $key => $value){
+ ?>
+ <option value="<?= $key ?>" <?php if ($pconfig['crypto'] == $key) echo "selected"; ?>>
+ <?= $value ?>
+ </option>
+ <?php
+ }
+ ?>
+ </select>
+ <br>
+ Select the data channel encryption cipher. This must match the setting on the server.
+ </td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Options</td>
+ <td width="78%" class="vtable">
+ <input type="checkbox" name="pull" value="yes" <?php if ($pconfig['pull']) echo "checked"; ?>>
+ Client-pull</td>
+ </tr>
+
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id)): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
$pconfig['mode'] = $pptpcfg['mode'];
$pconfig['req128'] = isset($pptpcfg['req128']);
$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']);
+$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']);
$pconfig['radiusserver'] = $pptpcfg['radius']['server'];
$pconfig['radiussecret'] = $pptpcfg['radius']['secret'];
$pptpcfg['mode'] = $_POST['mode'];
$pptpcfg['req128'] = $_POST['req128'] ? true : false;
$pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false;
+ $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false;
$pptpcfg['radius']['server'] = $_POST['radiusserver'];
$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>m0n0wall webGUI - VPN: PPTP</title>
+<html><head>
+<title><?=gentitle("VPN: PPTP");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
<script language="JavaScript">
document.iform.radiusenable.disabled = 0;
if (document.iform.radiusenable.checked || enable_over) {
+ document.iform.radacct_enable.disabled = 0;
document.iform.radiusserver.disabled = 0;
document.iform.radiussecret.disabled = 0;
} else {
+ document.iform.radacct_enable.disabled = 1;
document.iform.radiusserver.disabled = 1;
document.iform.radiussecret.disabled = 1;
}
document.iform.localip.disabled = 1;
document.iform.req128.disabled = 1;
document.iform.radiusenable.disabled = 1;
+ document.iform.radacct_enable.disabled = 1;
document.iform.radiusserver.disabled = 1;
document.iform.radiussecret.disabled = 1;
}
<td width="22%" valign="top" class="vncell">RADIUS</td>
<td width="78%" class="vtable">
<p>
- <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>>
+ <input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable']) echo "checked"; ?>>
<strong>Use a RADIUS server for authentication<br>
</strong>When set, all users will be authenticated using
the RADIUS server specified below. The local user database
- will not be used.</p></td>
+ will not be used.<br>
+ <br>
+ <input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable']) echo "checked"; ?>>
+ <strong>Enable RADIUS accounting <br>
+ </strong>Sends accounting packets to the RADIUS server. </p></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">RADIUS server </td>
<tr>
<td width="22%" valign="middle"> </td>
<td width="78%" class="vtable">
- <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>>
+ <input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128']) echo "checked"; ?>>
<strong>Require 128-bit encryption</strong><br>
When set, 128-bit encryption will be accepted. Otherwise,
40-bit and 56-bit encryption will be accepted, too. Note that
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: PPTP: Users</title>
+<title><?=gentitle("VPN: PPTP: Users");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
-<title>m0n0wall webGUI - VPN: PPTP: Users: Edit</title>
+<title><?=gentitle("VPN: PPTP: Users: Edit");?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="gui.css" rel="stylesheet" type="text/css">
</head>
projects / m0n0chwall.git / commitdiff