From: mkasper Date: Sun, 8 Jan 2006 10:38:35 +0000 (+0000) Subject: Import m0n0wall 1.2 files. X-Git-Url: https://git.gsnw.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f8a69d5f94eee4cf81255a1885c31a756419e73;p=m0n0chwall.git Import m0n0wall 1.2 files. git-svn-id: https://svn.m0n0.ch/wall/trunk@25 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- diff --git a/captiveportal/radius_accounting.inc b/captiveportal/radius_accounting.inc index 14264f6..3459efd 100644 --- a/captiveportal/radius_accounting.inc +++ b/captiveportal/radius_accounting.inc @@ -32,6 +32,13 @@ // * now sends Framed-IP-Address (client IP) // * now sends Called-Station-ID (NAS IP) // * now sends Calling-Station-ID (client IP) + + // This version of radius_accounting.inc has been modified by + // Jonathan De Graeve . Changes made include: + // - RFC2869 (Radius Extensions) + // * now sends Acct-Input-Gigawords + // * now sends Acct-Output-Gigawords + */ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$radiuskey,$clientip) { @@ -60,6 +67,9 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; + /* Initialise rand function, make it more random */ + srand((double)microtime() * 1000000); + $thisidentifier=rand()%256; $length=4+ // header @@ -135,7 +145,7 @@ function RADIUS_ACCOUNTING_START($username,$sessionid,$radiusip,$radiusport,$rad // See RFC2866 for this. } -function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false) { +function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radiusip,$radiusport,$radiuskey,$clientip,$interimupdate=false, $radius_term_cause = 1) { $sharedsecret=$radiuskey ; # $debug = 1 ; @@ -143,17 +153,19 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius if(!$nasHostname[0]) $nasHostname[0] = "quewall" ; - $input_pkts = $input_bytes = $output_pkts = $output_bytes = 0 ; + $input_pkts = $input_bytes = $input_gigawords = $output_pkts = $output_bytes = $output_gigawords = 0 ; exec("/sbin/ipfw show {$ruleno}", $ipfw) ; preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ; $input_pkts = $matches[2] ; - $input_bytes = $matches[3] ; + $input_bytes = remainder($matches[3]) ; + $input_gigawords = gigawords($matches[3]) ; unset($matches) ; preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ; $output_pkts = $matches[2] ; - $output_bytes = $matches[3] ; + $output_bytes = remainder($matches[3]) ; + $output_gigawords = gigawords($matches[3]) ; $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ; if(!$fd) @@ -173,6 +185,9 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius if ($debug) echo "
radius-port: $radiusport
radius-host: $radiusip
username: $username
\n"; + /* Initialise rand function, make it more random */ + srand((double)microtime() * 1000000); + $thisidentifier=rand()%256; $length=4+ // header @@ -189,8 +204,10 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 6+ // Session time 6+ // input bytes 6+ // input packets + 6+ // input gigawords 6+ // output bytes 6+ // output packets + 6+ // output gigawords 2+strlen($nas_ip_address)+ //Called-Station-ID 2+strlen($clientip)+ //Calling-Station-ID @@ -201,9 +218,9 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius else $acctstatustype = 2; - // v v v v v v v v v 1 1 1 1 1 1 1 v - // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E - $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", + // v v v v v v v v v 1 1 1 1 1 1 1 1 1 v + // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 E + $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header 0,0,0,0, // authcode 6,6,0,0,0,1, // service type @@ -214,12 +231,14 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 40,6,0,0,0,$acctstatustype, // Acct Status Type 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID - 49,6,1, // Acct Terminate = User Request + 49,6,$radius_term_cause, // Acct Terminate = User Request 46,6,time() - $start_time, // Session Time 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets + 52,6,$input_gigawords, // Input Gigawords 43,6,$output_bytes, // Output Octets 48,6,$output_pkts, // Output Packets + 53,6,$output_gigawords, // Output Gigawords 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID 31,2+strlen($clientip),$clientip, //Calling-Station-ID @@ -229,9 +248,9 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius /* Generate Accounting Request Authenticator */ $RA = md5($data.$radiuskey) ; - // v v v v v v v v v 1 1 1 1 1 1 1 v - // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E - $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", + // v v v v v v v v v 1 1 1 1 1 1 1 1 1 v + // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 E + $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCNCCNCCNCCa*CCa*CCCCCC", 4,$thisidentifier,$length/256,$length%256, // header $RA, // authcode 6,6,0,0,0,1, // service type @@ -242,12 +261,14 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius 40,6,0,0,0,$acctstatustype, // Acct Status Type 45,6,0,0,0,1, // Acct RADIUS Authenticated 44,2+strlen($sessionid),$sessionid, // Acct Session ID - 49,6,1, // Acct Terminate = User Request + 49,6,$radius_term_cause, // Acct Terminate = User Request 46,6,time() - $start_time, // Session Time 42,6,$input_bytes, // Input Octets 47,6,$input_pkts, // Input Packets + 52,6,$input_gigawords, // Input Gigawords 43,6,$output_bytes, // Output Octets 48,6,$output_pkts, // Output Packets + 53,6,$output_gigawords, // Output Gigawords 30,2+strlen($nas_ip_address),$nas_ip_address, //Called-Station-ID 31,2+strlen($clientip),$clientip, //Calling-Station-ID @@ -287,4 +308,21 @@ function get_nas_ip() { return $config['interfaces']['wan']['ipaddr']; } +function gigawords($bytes) { + + /* We use BCMath functions since normal integers don't work with so large numbers */ + $gigawords = bcdiv( bcsub( $bytes, remainder($bytes) ) , 2147483647) ; + + return $gigawords; +} + +function remainder($bytes) { + + /* Calculate the bytes we are going to send to the radius. */ + $bytes = bcmod($bytes, 2147483647); + + return $bytes; +} + + ?> diff --git a/phpconf/config.xml b/phpconf/config.xml index 309e8a2..85a1c12 100644 --- a/phpconf/config.xml +++ b/phpconf/config.xml @@ -1,7 +1,7 @@ - 1.5 + 1.6 m0n0wall @@ -114,6 +114,7 @@ @@ -124,6 +125,8 @@ @@ -198,51 +201,6 @@ --> - - - diff --git a/webgui/interfaces_wan.php b/webgui/interfaces_wan.php index b89b0d6..bf9d389 100644 --- a/webgui/interfaces_wan.php +++ b/webgui/interfaces_wan.php @@ -614,15 +614,15 @@ function type_change(enable_change,enable_change_pptp) {   - > + + > Block private networks
- When set, this option blocks traffic from IP addresses that - are reserved for private
- networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as - well as loopback addresses
- (127/8). You should generally leave this option turned on, - unless your WAN network
- lies in such a private address space, too. + When set, this option blocks traffic from IP addresses + that are reserved for private networks as per RFC 1918 + (10/8, 172.16/12, 192.168/16) as well as loopback addresses + (127/8). You should generally leave this option turned on, + unless your WAN network lies in such a private address space, + too.   diff --git a/webgui/license.php b/webgui/license.php index 812201e..6138d5b 100644 --- a/webgui/license.php +++ b/webgui/license.php @@ -80,7 +80,7 @@ require("guiconfig.inc");
Peter Allgeyer (allgeyer@web.de)
    "reject" type filter rules; dial-on-demand; WAN connect/disconnect; auto-add proxy ARP
-     firewall log filtering; DynDNS server/port; OpenVPN improvements
+     firewall log filtering; DynDNS server/port; Diag: ARP improvements

Thierry Lechat (dev@lechat.org)
    SVG-based traffic grapher
@@ -110,9 +110,6 @@ require("guiconfig.inc"); Audun Larsen (larsen@xqus.com)
    CPU/memory usage display

- Peter Curran (peter@closeconsultants.com)
-     OpenVPN support
-
Pavel A. Grodek (pg@abletools.com)
    Traffic shaper packet loss rate/queue size

@@ -134,8 +131,11 @@ require("guiconfig.inc"); Joe Suhre (jsuhre@nullconcepts.com)
    DNS forwarder domain overriding

- Paul Taylor (paultaylor@winndixie.com)
-     ARP table, Traceroute and Filter state pages

+ Paul Taylor (paultaylor@winn-dixie.com)
+     ARP table, Traceroute and Filter state pages
+
+ Jonathan De Graeve (Jonathan.De.Graeve@imelda.be)
+     captive portal RADIUS accounting gigawords

m0n0wall is based upon/includes various free software packages, listed below.
diff --git a/webgui/plus_d.gif b/webgui/plus_d.gif new file mode 100644 index 0000000..9edce44 Binary files /dev/null and b/webgui/plus_d.gif differ diff --git a/webgui/services_dhcp.php b/webgui/services_dhcp.php index d2b182e..4f1b60d 100644 --- a/webgui/services_dhcp.php +++ b/webgui/services_dhcp.php @@ -41,7 +41,7 @@ $iflist = array("lan" => "LAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; - if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) { + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { $iflist['opt' . $i] = $oc['descr']; } } diff --git a/webgui/services_dhcp_relay.php b/webgui/services_dhcp_relay.php index 22807d2..337c0ed 100644 --- a/webgui/services_dhcp_relay.php +++ b/webgui/services_dhcp_relay.php @@ -62,7 +62,7 @@ $iflist = array("lan" => "LAN"); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $oc = $config['interfaces']['opt' . $i]; - if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge']) && (!$oc['ovpn'])) { + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { $iflist['opt' . $i] = $oc['descr']; } } diff --git a/webgui/services_proxyarp_edit.php b/webgui/services_proxyarp_edit.php index 033e2e1..d5a0883 100644 --- a/webgui/services_proxyarp_edit.php +++ b/webgui/services_proxyarp_edit.php @@ -168,7 +168,6 @@ function typesel_change() { 'WAN', 'lan' => 'LAN'); for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - if (!$config['interfaces']['opt' . $i]['ovpn']) $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; } foreach ($interfaces as $iface => $ifacename): ?> diff --git a/webgui/vpn_openvpn_cli.php b/webgui/vpn_openvpn_cli.php deleted file mode 100644 index 80786f3..0000000 --- a/webgui/vpn_openvpn_cli.php +++ /dev/null @@ -1,157 +0,0 @@ -#!/usr/local/bin/php - - - - -

-

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - - -
- -
- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.

- - - - - - - - - - - - - "; - $spane = ""; - } else { - $spans = $spane = ""; - } - ?> - - - - - - - - - - - - - - - -
InterfaceProtocolSocketServer addressVersionDescription
- - - - - - - - - - -   - -  
 
-
-
- diff --git a/webgui/vpn_openvpn_cli_edit.php b/webgui/vpn_openvpn_cli_edit.php deleted file mode 100644 index fa7fa12..0000000 --- a/webgui/vpn_openvpn_cli_edit.php +++ /dev/null @@ -1,397 +0,0 @@ -#!/usr/local/bin/php - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Disabled - > - Disable this client
- Set this option to disable this client without removing it from the list. -
Server information
Tunnel type - > TUN  -> TAP
Tunnel protocol -> UDP  -> TCP
- Important: These settings must match the server's configuration.
Port -
- Enter the server's port number (default is 1194).
Address - -
- Enter the server's IP address or FQDN.
Version - > 2.0  - > 1.x -
- Specify which version of the OpenVPN protocol the server runs.
Description - -
You may enter a description here for your reference (not parsed).
Client configuration
Interface - Auto -
Port - Auto -
CA certificate - -
- Paste a CA certificate in X.509 PEM format here.
Client certificate - -
- Paste a client certificate in X.509 PEM format here.
Client key - -
Paste the client RSA private key here.
Crypto - -
- Select the data channel encryption cipher. This must match the setting on the server. -
TLS auth - onClick="enable_change(false)"> - TLS auth
- The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification.
Pre-shared secret - -
- Paste your own pre-shared secret here.
Options - > - Client-pull
  - - - - -
-
- - diff --git a/webgui/vpn_openvpn_srv.php b/webgui/vpn_openvpn_srv.php deleted file mode 100644 index 2f4f9b7..0000000 --- a/webgui/vpn_openvpn_srv.php +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/local/bin/php - - - - -
-

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - - -
- -
- WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.

- - - - - - - - - - - - - "; - $spane = ""; - } else { - $spans = $spane = ""; - } - - if ($server['bind_iface'] == 'all') - $ipaddr = "0.0.0.0"; - else - $ipaddr = ovpn_get_ip($server['bind_iface']); - ?> - - - - - - - - - - - - - - - -
InterfaceProtocolSocketIP BlockCryptoDescription
- - - - - - - - - - -   - -  
 
-
-
- diff --git a/webgui/vpn_openvpn_srv_edit.php b/webgui/vpn_openvpn_srv_edit.php deleted file mode 100644 index d284390..0000000 --- a/webgui/vpn_openvpn_srv_edit.php +++ /dev/null @@ -1,560 +0,0 @@ -#!/usr/local/bin/php - - - - - - -
-WARNING: This feature is experimental and modifies your optional interface configuration. - Backup your configuration before using OpenVPN, and restore it before upgrading.
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Disabled - > - Disable this server
- Set this option to disable this server without removing it from the list. -
Tunnel type - > - TUN  - > - TAP -
OpenVPN protocol/port - > - UDP  - > - TCP

- Port: -
- Enter the port number to use for the server (default is 1194).
Interface binding - -
- Choose an interface for the OpenVPN server to listen on.
Dynamic IP address - > - Dynamic IP address
- Set this option to on, if your IP addresses are being assigned dynamically. Can only be used with interface binding set to ALL.
VPN client address pool - - / - -
- Enter the IP address block for the OpenVPN server and clients to use.
-
- Maximum number of simultaneous clients: - -
Description - -
You may enter a description here for your reference (not parsed).
CA certificate - -
- Paste a CA certificate in X.509 PEM format here.
Server certificate - -
- Paste a server certificate in X.509 PEM format here.
Server key - -
Paste the server RSA private key here.
DH parameters - -
- Paste the Diffie-Hellman parameters in PEM format here.
Crypto - -
- Select a data channel encryption cipher.
TLS auth - onClick="enable_change(false)"> - TLS auth
- The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification.
Pre-shared secret - -
- Paste your own pre-shared secret here.
Internal routing mode - > - Enable client-to-client routing
- If this option is on, clients are allowed to talk to each other.
Client authentication - > - Permit duplicate client certificates
- If this option is on, clients with duplicate certificates will not be disconnected.
Client-push options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - Redirect-gateway > - Local
> Route-delay  seconds
> - Inactive  - seconds
> Ping Interval: seconds
> Ping-exit Interval: seconds
> Ping-restart Interval: seconds
  - - - - - -
 Note:
- Changing any settings on this page will disconnect all clients! -
-
- -