vpn: move legacy VPN (PPTP, PPPoE and L2TP) into pluggable ACL/Menu

src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml

@@ -283,14 +283,6 @@
             <Status url="/status_ntpd.php"/>
             <Log VisibleName="Log File" url="/diag_logs_ntpd.php"/>
         </NTP>
-        <PPPoEServer VisibleName="PPPoE Server" cssClass="fa fa-tty fa-fw">
-            <Settings order="10" url="/vpn_pppoe.php">
-                <Edit url="/vpn_pppoe_edit.php*" visibility="hidden"/>
-            </Settings>
-            <LogFile order="20" VisibleName="Log File" url="/diag_logs_poes.php">
-                <Type url="/diag_logs_poes.php*" visibility="hidden"/>
-            </LogFile>
-        </PPPoEServer>
         <SNMP VisibleName="SNMP" url="/services_snmp.php" cssClass="fa fa-database fa-fw"/>
         <UPnP VisibleName="Universal Plug and Play" cssClass="fa fa-plug fa-fw">
             <Settings url="/services_upnp.php">
@@ -326,15 +318,6 @@
             <SPD order="80" VisibleName="Security Policy Database" url="/diag_ipsec_spd.php"/>
             <Log order="90" VisibleName="Log File" url="/diag_logs_ipsec.php"/>
         </IPsec>
-        <L2TP cssClass="fa fa-unlock fa-fw" order="30">
-            <Settings order="10" url="/vpn_l2tp.php"/>
-            <Users order="20" url="/vpn_l2tp_users.php">
-                <Edit url="/vpn_l2tp_users_edit.php*" visibility="hidden"/>
-            </Users>
-            <LogFile order="30" VisibleName="Log File" url="/diag_logs_l2tp.php">
-                <Type url="/diag_logs_l2tp.php*" visibility="hidden"/>
-            </LogFile>
-        </L2TP>
         <OpenVPN cssClass="fa fa-lock fa-fw" order="20">
             <Servers order="10" url="/vpn_openvpn_server.php">
                 <Edit url="/vpn_openvpn_server.php?*" visibility="hidden"/>
@@ -352,15 +335,6 @@
             <Status order="60" VisibleName="Connection Status" url="/status_openvpn.php"/>
             <Log order="70" VisibleName="Log File" url="/diag_logs_openvpn.php"/>
         </OpenVPN>
-        <PPTP cssClass="fa fa-unlock fa-fw" order="40">
-            <Settings order="10" url="/vpn_pptp.php"/>
-            <Users order="20" url="/vpn_pptp_users.php">
-                <Edit url="/vpn_pptp_users_edit.php*" visibility="hidden"/>
-            </Users>
-            <LogFile order="30" VisibleName="Log File" url="/diag_logs_pptp.php">
-                <Type url="/diag_logs_pptp.php*" visibility="hidden"/>
-            </LogFile>
-        </PPTP>
     </VPN>
     <Help order="6" cssClass="fa fa-support">
         <OPNsense VisibleName="Documentation" order="10" url="https://docs.opnsense.org/" cssClass="fa fa-book" IsExternal="Y"/>

src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.json

@@ -11,18 +11,6 @@
         "name": "User - VPN - IPsec xauth Dialin",
         "descr": "Indicates whether the user is allowed to dial in via IPsec xauth (Note: Does not allow shell access, but may allow the user to create ssh tunnels)"
     },
-    "user-l2tp-dialin": {
-        "name": "User - VPN - L2TP Dialin",
-        "descr": "Indicates whether the user is allowed to dial in via L2TP"
-    },
-    "user-pppoe-dialin": {
-        "name": "User - VPN - PPPOE Dialin",
-        "descr": "Indicates whether the user is allowed to dial in via PPPOE"
-    },
-    "user-pptp-dialin": {
-        "name": "User - VPN - PPTP Dialin",
-        "descr": "Indicates whether the user is allowed to dial in via PPTP"
-    },
     "user-proxy-auth": {
         "name": "User - Proxy - Login",
         "descr": "Indicates whether the user is allowed to use the proxy"
@@ -811,20 +799,6 @@
             "services_ntpd.php*"
         ]
     },
-    "page-services-pppoeserver": {
-        "name": "WebCfg - Services: PPPoE Server page",
-        "descr": "Allow access to the 'Services: PPPoE Server' page.",
-        "match": [
-            "vpn_pppoe.php*"
-        ]
-    },
-    "page-services-pppoeserver-edit": {
-        "name": "WebCfg - Services: PPPoE Server: Edit page",
-        "descr": "Allow access to the 'Services: PPPoE Server: Edit' page.",
-        "match": [
-            "vpn_pppoe_edit.php*"
-        ]
-    },
     "page-services-rfc2136clients": {
         "name": "WebCfg - Services: RFC 2136 clients page",
         "descr": "Allow access to the 'Services: RFC 2136 clients' page.",
@@ -1325,27 +1299,6 @@
             "vpn_ipsec_keys.php*"
         ]
     },
-    "page-vpn-vpnl2tp": {
-        "name": "WebCfg - VPN: L2TP page",
-        "descr": "Allow access to the 'VPN: L2TP' page.",
-        "match": [
-            "vpn_l2tp.php*"
-        ]
-    },
-    "page-vpn-vpnl2tp-users-edit": {
-        "name": "WebCfg - VPN: L2TP: Users : Edit page",
-        "descr": "Allow access to the 'VPN: L2TP: Users : Edit' page.",
-        "match": [
-            "vpn_l2tp_users_edit.php*"
-        ]
-    },
-    "page-vpn-vpnl2tp-users": {
-        "name": "WebCfg - VPN: L2TP: Users page",
-        "descr": "Allow access to the 'VPN: L2TP : Users' page.",
-        "match": [
-            "vpn_l2tp_users.php*"
-        ]
-    },
     "page-openvpn-client-export": {
         "name": "WebCfg - VPN: OpenVPN: Client Export Utility",
         "descr": "Allow access to the 'VPN: OpenVPN: Client Export Utility' page.",
@@ -1374,27 +1327,6 @@
             "vpn_openvpn_server.php*"
         ]
     },
-    "page-vpn-vpnpptp": {
-        "name": "WebCfg - VPN: PPTP page",
-        "descr": "Allow access to the 'VPN: PPTP' page.",
-        "match": [
-            "vpn_pptp.php*"
-        ]
-    },
-    "page-vpn-vpnpptp-user-edit": {
-        "name": "WebCfg - VPN: PPTP: User: Edit page",
-        "descr": "Allow access to the 'VPN: PPTP: User: Edit' page.",
-        "match": [
-            "vpn_pptp_users_edit.php*"
-        ]
-    },
-    "page-vpn-vpnpptp-users": {
-        "name": "WebCfg - VPN: PPTP: Users page",
-        "descr": "Allow access to the 'VPN: PPTP: Users' page.",
-        "match": [
-            "vpn_pptp_users.php*"
-        ]
-    },
     "page-xmlrpcinterfacestats": {
         "name": "WebCfg - XMLRPC Interface Stats page",
         "descr": "Allow access to the 'XMLRPC Interface Stats' page.",

src/opnsense/mvc/app/models/OPNsense/LegacyVPN/ACL/ACL.xml

@@ -0,0 +1,59 @@
+<acl>
+    <!-- unique acl key, must be globally unique for all acl's  -->
+    <page-vpn-vpnl2tp>
+        <name>WebCfg - VPN: L2TP page</name>
+        <description>Allow access to the 'VPN: L2TP' page.</description>
+        <patterns>
+            <pattern>vpn_l2tp.php*</pattern>
+        </patterns>
+    </page-vpn-vpnl2tp>
+    <page-vpn-vpnl2tp-users-edit>
+        <name>WebCfg - VPN: L2TP: Users : Edit page</name>
+        <description>Allow access to the 'VPN: L2TP: Users : Edit' page.</description>
+        <patterns>
+            <pattern>vpn_l2tp_users_edit.php*</pattern>
+        </patterns>
+    </page-vpn-vpnl2tp-users-edit>
+    <page-vpn-vpnl2tp-users>
+        <name>WebCfg - VPN: L2TP: Users page</name>
+        <description>Allow access to the 'VPN: L2TP : Users' page.</description>
+        <patterns>
+            <pattern>vpn_l2tp_users.php*</pattern>
+        </patterns>
+    </page-vpn-vpnl2tp-users>
+    <page-services-pppoeserver>
+        <name>WebCfg - Services: PPPoE Server page</name>
+        <description>Allow access to the 'Services: PPPoE Server' page.</description>
+        <patterns>
+            <pattern>vpn_pppoe.php*</pattern>
+        </patterns>
+    </page-services-pppoeserver>
+    <page-services-pppoeserver-edit>
+        <name>WebCfg - Services: PPPoE Server: Edit page</name>
+        <description>Allow access to the 'Services: PPPoE Server: Edit' page.</description>
+        <patterns>
+            <pattern>vpn_pppoe_edit.php*</pattern>
+        </patterns>
+    </page-services-pppoeserver-edit>
+    <page-vpn-vpnpptp>
+        <name>WebCfg - VPN: PPTP page</name>
+        <description>Allow access to the 'VPN: PPTP' page.</description>
+        <patterns>
+            <pattern>vpn_pptp.php*</pattern>
+        </patterns>
+    </page-vpn-vpnpptp>
+    <page-vpn-vpnpptp-user-edit>
+        <name>WebCfg - VPN: PPTP: User: Edit page</name>
+        <description>Allow access to the 'VPN: PPTP: User: Edit' page.</description>
+        <patterns>
+            <pattern>vpn_pptp_users_edit.php*</pattern>
+        </patterns>
+    </page-vpn-vpnpptp-user-edit>
+    <page-vpn-vpnpptp-users>
+        <name>WebCfg - VPN: PPTP: Users page</name>
+        <description>Allow access to the 'VPN: PPTP: Users' page.</description>
+        <patterns>
+            <pattern>vpn_pptp_users.php*</pattern>
+        </patterns>
+    </page-vpn-vpnpptp-users>
+</acl>

src/opnsense/mvc/app/models/OPNsense/LegacyVPN/Menu/Menu.xml

@@ -0,0 +1,30 @@
+<menu>
+    <VPN>
+        <L2TP cssClass="fa fa-unlock fa-fw" order="100">
+            <Settings order="10" url="/vpn_l2tp.php"/>
+            <Users order="20" url="/vpn_l2tp_users.php">
+                <Edit url="/vpn_l2tp_users_edit.php*" visibility="hidden"/>
+            </Users>
+            <LogFile order="30" VisibleName="Log File" url="/diag_logs_l2tp.php">
+                <Type url="/diag_logs_l2tp.php*" visibility="hidden"/>
+            </LogFile>
+        </L2TP>
+        <PPPoE cssClass="fa fa-tty fa-fw" order="110">
+            <Settings order="10" url="/vpn_pppoe.php">
+                <Edit url="/vpn_pppoe_edit.php*" visibility="hidden"/>
+            </Settings>
+            <LogFile order="20" VisibleName="Log File" url="/diag_logs_poes.php">
+                <Type url="/diag_logs_poes.php*" visibility="hidden"/>
+            </LogFile>
+        </PPPoE>
+        <PPTP cssClass="fa fa-unlock fa-fw" order="120">
+            <Settings order="10" url="/vpn_pptp.php"/>
+            <Users order="20" url="/vpn_pptp_users.php">
+                <Edit url="/vpn_pptp_users_edit.php*" visibility="hidden"/>
+            </Users>
+            <LogFile order="30" VisibleName="Log File" url="/diag_logs_pptp.php">
+                <Type url="/diag_logs_pptp.php*" visibility="hidden"/>
+            </LogFile>
+        </PPTP>
+    </VPN>
+</menu>