From 0c6e70a3c2d2a8a52a13d801d2e67bc3c9c9539a Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Tue, 22 Mar 2016 19:20:12 +0100
Subject: [PATCH] vpn: templates solve the logging origin problem nicely

---
 src/etc/inc/plugins.inc.d/vpn.inc | 58 +++++++++++++++++++++----------
 src/sbin/vpn-linkdown             |  6 ----
 src/sbin/vpn-linkup               |  3 --
 src/www/diag_logs_vpn.inc         | 29 ++++------------
 4 files changed, 46 insertions(+), 50 deletions(-)
 delete mode 100755 src/sbin/vpn-linkdown
 delete mode 100755 src/sbin/vpn-linkup

diff --git a/src/etc/inc/plugins.inc.d/vpn.inc b/src/etc/inc/plugins.inc.d/vpn.inc
index cb5b0a89d..f3655f61f 100644
--- a/src/etc/inc/plugins.inc.d/vpn.inc
+++ b/src/etc/inc/plugins.inc.d/vpn.inc
@@ -103,6 +103,31 @@ function vpn_syslog()
     return $logfacilities;
 }
 
+function vpn_link_scripts($rootdir, $logtype)
+{
+    $up = <<<'EOD'
+#!/bin/sh
+
+/usr/bin/logger -p local3.info "login,%s,$4,$5"
+
+EOD;
+    $down = <<<'EOD'
+#!/bin/sh
+
+/usr/bin/logger -p local3.info "logout,%s,$4,$5"
+
+/sbin/pfctl -i $1 -Fs
+/sbin/pfctl -K $4/32
+
+EOD;
+
+    file_put_contents($rootdir . '/linkup', sprintf($up, $logtype));
+    file_put_contents($rootdir . '/linkdown', sprintf($down, $logtype));
+
+    chmod($rootdir . '/linkup', 0755);
+    chmod($rootdir . '/linkdown', 0755);
+}
+
 function vpn_pptpd_configure()
 {
     global $config;
@@ -126,11 +151,11 @@ function vpn_pptpd_configure()
         return;
     }
 
-    mkdir('/var/etc/pptp-vpn');
-
     switch ($pptpdcfg['mode']) {
         case 'server':
-            /* write mpd.conf */
+            mkdir('/var/etc/pptp-vpn');
+            vpn_link_scripts('/var/etc/pptp-vpn', 'pptp');
+
             $fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
             if (!$fd) {
                 printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
@@ -151,8 +176,8 @@ pptps:
   set iface enable proxy-arp
   set iface enable tcpmssfix
   set iface idle 1800
-  set iface up-script /usr/local/sbin/vpn-linkup
-  set iface down-script /usr/local/sbin/vpn-linkdown
+  set iface up-script /var/etc/pptp-vpn/linkup
+  set iface down-script /var/etc/pptp-vpn/linkdown
   set ipcp ranges {$pptpdcfg['localip']}/32 ippool pool1
   set ipcp yes vjcomp
 
@@ -245,7 +270,6 @@ EOD;
             fclose($fd);
             unset($mpdconf);
 
-            /* write mpd.secret */
             $fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
             if (!$fd) {
                 printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
@@ -335,13 +359,13 @@ function vpn_pppoe_configure(&$pppoecfg)
         echo gettext("Configuring PPPoE VPN service...");
     }
 
-    mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
-
     switch ($pppoecfg['mode']) {
         case 'server':
+            mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
+            vpn_link_scripts("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn", 'poes');
+
             $pppoe_interface = get_real_interface($pppoecfg['interface']);
 
-            /* write mpd.conf */
             $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
             if (!$fd) {
                 printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
@@ -362,8 +386,8 @@ startup:
 poes:
   set ippool add pool1 {$iprange}
   create bundle template B
-  set iface up-script /usr/local/sbin/vpn-linkup
-  set iface down-script /usr/local/sbin/vpn-linkdown
+  set iface up-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkup
+  set iface down-script /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/linkdown
   set iface idle 0
   set iface disable on-demand
   set iface disable proxy-arp
@@ -446,7 +470,6 @@ EOD;
             unset($mpdconf);
 
             if ($pppoecfg['username']) {
-                /* write mpd.secret */
                 $fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
                 if (!$fd) {
                     printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
@@ -505,12 +528,12 @@ function vpn_l2tp_configure()
         echo gettext('Configuring L2TP VPN service...');
     }
 
-    mkdir('/var/etc/l2tp-vpn');
-
     switch ($l2tpcfg['mode']) {
         case 'server':
 
-            /* write mpd.conf */
+            mkdir('/var/etc/l2tp-vpn');
+            vpn_link_scripts('/var/etc/l2tp-vpn', 'l2tp');
+
             $fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
             if (!$fd) {
                 printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
@@ -534,8 +557,8 @@ l2tps:
   create bundle template B
   set iface disable on-demand
   set iface enable proxy-arp
-  set iface up-script /usr/local/sbin/vpn-linkup
-  set iface down-script /usr/local/sbin/vpn-linkdown
+  set iface up-script /var/etc/l2tp-vpn/linkup
+  set iface down-script /var/etc/l2tp-vpn/linkdown
   set ipcp ranges {$l2tpcfg['localip']}/32 {$iptype}
   set ipcp yes vjcomp
 
@@ -610,7 +633,6 @@ EOD;
             fclose($fd);
             unset($mpdconf);
 
-            /* write mpd.secret */
             $fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
             if (!$fd) {
                 printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
diff --git a/src/sbin/vpn-linkdown b/src/sbin/vpn-linkdown
deleted file mode 100755
index 8ea2825b0..000000000
--- a/src/sbin/vpn-linkdown
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-/usr/bin/logger -p local3.info "logout,$1,$4,$5,$3"
-
-/sbin/pfctl -i $1 -Fs
-/sbin/pfctl -K $4/32
diff --git a/src/sbin/vpn-linkup b/src/sbin/vpn-linkup
deleted file mode 100755
index bca818a15..000000000
--- a/src/sbin/vpn-linkup
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/bin/logger -p local3.info "login,$1,$4,$5,$3"
diff --git a/src/www/diag_logs_vpn.inc b/src/www/diag_logs_vpn.inc
index b7bfb7f7d..aa7ae1f98 100644
--- a/src/www/diag_logs_vpn.inc
+++ b/src/www/diag_logs_vpn.inc
@@ -43,37 +43,20 @@ if ($_POST['clear']) {
     clear_clog($logfile);
 }
 
-function dump_clog_vpn($logfile, $tail, $logtype)
+function dump_clog_vpn($file, $tail, $type)
 {
     global $config;
 
     $sort = isset($config['syslog']['reverse']) ? '-r' : '';
-    $servers = array();
+    $logarr = array();
 
-    switch ($logtype) {
-    case 'pptp':
-        if (isset($config['pptpd']['localip'])) {
-            $servers[] = $config['pptpd']['localip'];
-        }
-        break;
-    case 'l2tp':
-        if (isset($config['l2tp']['localip'])) {
-            $servers[] = $config['l2tp']['localip'];
-        }
-        break;
-    default:
-        break;
-    }
-
-    $logarr = "";
-    exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | tail {$sort} -n " . $tail, $logarr);
+    exec("/usr/local/sbin/clog " . escapeshellarg($file) . " | tail {$sort} -n " . escapeshellarg($tail), $logarr);
 
     foreach ($logarr as $logent) {
-        $logent = preg_split("/\s+/", $logent, 6);
-        $llent = explode(",", $logent[5]);
+        $logent = preg_split('/\s+/', $logent, 6);
+        $llent = explode(',', $logent[5]);
 
-	$srv = explode('/', $llent[4]);
-        if (!is_array($srv) || !in_array($srv[0], $servers)) {
+        if ($llent[1] !== $type) {
             continue;
         }