mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-15 09:04:39 +00:00
vpn: port pppoe server to mpd5
The local IP isn't used anywhere and the remote subnet assignment also seems off, but since this works I'll leave it for somebody else to maintain when it's moved to the plugins.
This commit is contained in:
Franco Fichtner
parent
f7b3e9e31f
commit
adbbbf8330
@ -989,7 +989,7 @@ function filter_generate_optcfg_array()
|
||||
$oic['virtual'] = true;
|
||||
$FilterIflist['l2tp'] = $oic;
|
||||
}
|
||||
if (isset($config['pppoes']['pppoe']) && is_array($config['pppoes']['pppoe']) && (count($config['pppoes']['pppoe']) > 0)) {
|
||||
if (isset($config['pppoes']['pppoe'])) {
|
||||
$pppoeifs = array();
|
||||
foreach($config['pppoes']['pppoe'] as $pppoe) {
|
||||
if ($pppoe['mode'] == "server") {
|
||||
|
||||
@ -167,19 +167,13 @@ EOD;
|
||||
$mpdconf .= " " . $pptpdcfg['dns2'];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (isset($config['dnsmasq']['enable'])) {
|
||||
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
|
||||
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
|
||||
if ($syscfg['dnsserver'][0]) {
|
||||
if (isset($syscfg['dnsserver'][0])) {
|
||||
$mpdconf .= " " . $syscfg['dnsserver'][0];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (isset($config['unbound']['enable'])) {
|
||||
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
|
||||
if ($syscfg['dnsserver'][0]) {
|
||||
$mpdconf .= " " . $syscfg['dnsserver'][0];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
|
||||
} elseif (isset($syscfg['dnsserver'][0])) {
|
||||
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
|
||||
}
|
||||
|
||||
@ -353,39 +347,21 @@ function vpn_pppoe_configure(&$pppoecfg)
|
||||
printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
|
||||
return 1;
|
||||
}
|
||||
$mpdconf = "\n\n";
|
||||
$mpdconf .= "poes:\n";
|
||||
|
||||
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
|
||||
$mpdconf .= " load poes{$pppoecfg['pppoeid']}{$i}\n";
|
||||
$iprange = $pppoecfg['remoteip'] . ' ';
|
||||
$iprange .= long2ip32(ip2long($pppoecfg['remoteip']) + $pppoecfg['n_pppoe_units'] - 1);
|
||||
|
||||
$iptype = 'ippool pool1';
|
||||
if (isset($pppoecfg['radius']['server']['enable']) && isset($pppoecfg['radius']['radiusissueips'])) {
|
||||
$iptype = '0.0.0.0/0';
|
||||
}
|
||||
|
||||
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
|
||||
$mpdconf = <<<EOD
|
||||
startup:
|
||||
|
||||
$clientip = long2ip32(ip2long($pppoecfg['remoteip']) + $i);
|
||||
|
||||
if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) {
|
||||
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0";
|
||||
} else {
|
||||
$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32";
|
||||
}
|
||||
|
||||
$mpdconf .=<<<EOD
|
||||
|
||||
poes{$pppoecfg['pppoeid']}{$i}:
|
||||
new -i poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i} poes{$pppoecfg['pppoeid']}{$i}
|
||||
{$isssue_ip_type}
|
||||
load pppoe_standard
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
||||
$mpdconf .=<<<EOD
|
||||
|
||||
pppoe_standard:
|
||||
set bundle no multilink
|
||||
set bundle enable compression
|
||||
set auth max-logins 1
|
||||
poes:
|
||||
set ippool add pool1 {$iprange}
|
||||
create bundle template B
|
||||
set iface up-script /usr/local/sbin/vpn-linkup
|
||||
set iface down-script /usr/local/sbin/vpn-linkdown
|
||||
set iface idle 0
|
||||
@ -393,18 +369,8 @@ pppoe_standard:
|
||||
set iface disable proxy-arp
|
||||
set iface enable tcpmssfix
|
||||
set iface mtu 1500
|
||||
set link no pap chap eap
|
||||
set link enable chap
|
||||
set link keep-alive 60 180
|
||||
set ipcp yes vjcomp
|
||||
set ipcp no vjcomp
|
||||
set link max-redial -1
|
||||
set link mtu 1492
|
||||
set link mru 1492
|
||||
set ccp yes mpp-e40
|
||||
set ccp yes mpp-e128
|
||||
set ccp yes mpp-stateless
|
||||
set link latency 1
|
||||
set ipcp ranges {$pppoecfg['localip']}/32 {$iptype}
|
||||
|
||||
EOD;
|
||||
|
||||
@ -414,22 +380,42 @@ EOD;
|
||||
$mpdconf .= " " . $pppoecfg['dns2'];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (isset($config['dnsmasq']['enable'])) {
|
||||
} elseif (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
|
||||
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
|
||||
if ($syscfg['dnsserver'][0]) {
|
||||
if (isset($syscfg['dnsserver'][0])) {
|
||||
$mpdconf .= " " . $syscfg['dnsserver'][0];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (isset($config['unbound']['enable'])) {
|
||||
$mpdconf .= " set ipcp dns " . get_interface_ip("lan");
|
||||
if ($syscfg['dnsserver'][0]) {
|
||||
$mpdconf .= " " . $syscfg['dnsserver'][0];
|
||||
}
|
||||
$mpdconf .= "\n";
|
||||
} elseif (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
|
||||
} elseif (isset($syscfg['dnsserver'][0])) {
|
||||
$mpdconf .= " set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
|
||||
}
|
||||
|
||||
$mpdconf .= <<<EOD
|
||||
|
||||
set bundle enable compression
|
||||
set ccp yes mppc
|
||||
set mppc yes e40
|
||||
set mppc yes e128
|
||||
set mppc yes stateless
|
||||
|
||||
create link template L pppoe
|
||||
set link action bundle B
|
||||
set link no multilink
|
||||
set link disable pap
|
||||
set link disable eap
|
||||
set link enable chap
|
||||
set link keep-alive 10 60
|
||||
set link max-redial -1
|
||||
set link mtu 1492
|
||||
set link mru 1492
|
||||
set link latency 1
|
||||
set pppoe service pppoe{$pppoecfg['pppoeid']}
|
||||
set pppoe iface {$pppoe_interface}
|
||||
set link enable incoming
|
||||
set auth max-logins 1
|
||||
|
||||
EOD;
|
||||
|
||||
if (isset($pppoecfg['radius']['server']['enable'])) {
|
||||
$radiusport = "";
|
||||
$radiusacctport = "";
|
||||
@ -459,32 +445,6 @@ EOD;
|
||||
fclose($fd);
|
||||
unset($mpdconf);
|
||||
|
||||
/* write mpd.links */
|
||||
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
|
||||
if (!$fd) {
|
||||
printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
$mpdlinks = "";
|
||||
|
||||
for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
|
||||
$mpdlinks .=<<<EOD
|
||||
|
||||
poes{$pppoecfg['pppoeid']}{$i}:
|
||||
set phys type pppoe
|
||||
set pppoe iface {$pppoe_interface}
|
||||
set pppoe service "*"
|
||||
set pppoe disable originate
|
||||
set pppoe enable incoming
|
||||
|
||||
EOD;
|
||||
}
|
||||
|
||||
fwrite($fd, $mpdlinks);
|
||||
fclose($fd);
|
||||
unset($mpdlinks);
|
||||
|
||||
if ($pppoecfg['username']) {
|
||||
/* write mpd.secret */
|
||||
$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
|
||||
|
||||
@ -140,16 +140,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$input_errors[] = gettext("A valid RADIUS server address must be specified.");
|
||||
}
|
||||
|
||||
$pconfig['remoteip'] = gen_subnet($pconfig['remoteip'], $pconfig['pppoe_subnet']);
|
||||
$subnet_start = ip2ulong($pconfig['remoteip']);
|
||||
$subnet_end = ip2ulong($pconfig['remoteip']) + $pconfig['pppoe_subnet'] - 1;
|
||||
if ((ip2ulong($pconfig['localip']) >= $subnet_start) &&
|
||||
(ip2ulong($pconfig['localip']) <= $subnet_end)) {
|
||||
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
|
||||
}
|
||||
if ($pconfig['localip'] == get_interface_ip($pconfig['interface'])) {
|
||||
$input_errors[] = gettext("The specified server address is equal to an interface ip address.");
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($pconfig['pppoeid']) && !is_numeric($_POST['pppoeid'])) {
|
||||
@ -305,18 +301,11 @@ legacy_html_escape_form_data($pconfig);
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_pppoe_subnet" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Subnet netmask"); ?></td>
|
||||
<td><a id="help_for_localip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Server address"); ?></td>
|
||||
<td>
|
||||
<select id="pppoe_subnet" name="pppoe_subnet">
|
||||
<?php
|
||||
for ($x=0; $x<33; $x++):?>
|
||||
<option value="<?=$x;?>" <?=$x == $pconfig['pppoe_subnet'] ? "selected=\"selected\"" : "" ;?>>
|
||||
<?=$x;?>
|
||||
<?php
|
||||
endfor;?>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_pppoe_subnet">
|
||||
<?=gettext("Hint: 24 is 255.255.255.0"); ?>
|
||||
<input name="localip" type="text" value="<?=$pconfig['localip'];?>" />
|
||||
<div class="hidden" for="help_for_localip">
|
||||
<?=gettext("Enter the IP address the PPPoE server should give to clients for use as their \"gateway\"."); ?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
@ -337,20 +326,6 @@ legacy_html_escape_form_data($pconfig);
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_localip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Server address"); ?></td>
|
||||
<td>
|
||||
<input name="localip" type="text" value="<?=$pconfig['localip'];?>" />
|
||||
<div class="hidden" for="help_for_localip">
|
||||
<?=gettext("Enter the IP address the PPPoE server should give to clients for use as their \"gateway\"."); ?>
|
||||
<br />
|
||||
<?=gettext("Typically this is set to an unused IP just outside of the client range."); ?>
|
||||
<br />
|
||||
<br />
|
||||
<?=gettext("NOTE: This should NOT be set to any IP address currently in use on this firewall."); ?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_remoteip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Remote address range"); ?></td>
|
||||
<td>
|
||||
@ -360,6 +335,22 @@ legacy_html_escape_form_data($pconfig);
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_pppoe_subnet" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Subnet netmask"); ?></td>
|
||||
<td>
|
||||
<select id="pppoe_subnet" name="pppoe_subnet">
|
||||
<?php
|
||||
for ($x=0; $x<33; $x++):?>
|
||||
<option value="<?=$x;?>" <?=$x == $pconfig['pppoe_subnet'] ? "selected=\"selected\"" : "" ;?>>
|
||||
<?=$x;?>
|
||||
<?php
|
||||
endfor;?>
|
||||
</select>
|
||||
<div class="hidden" for="help_for_pppoe_subnet">
|
||||
<?=gettext("Hint: 24 is 255.255.255.0"); ?>
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Description"); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user