From f7b3e9e31ff12d30291ca587b708791490ae1a4e Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 21 Mar 2016 23:12:41 +0100 Subject: [PATCH] vpn: more progress on logs, l2tp localip fixup --- src/sbin/vpn-linkdown | 4 ++-- src/sbin/vpn-linkup | 15 +-------------- src/www/diag_logs_vpn.inc | 29 +++++++++++++++++++++++------ src/www/vpn_l2tp.php | 11 ----------- 4 files changed, 26 insertions(+), 33 deletions(-) diff --git a/src/sbin/vpn-linkdown b/src/sbin/vpn-linkdown index b6d033c0c..8ea2825b0 100755 --- a/src/sbin/vpn-linkdown +++ b/src/sbin/vpn-linkdown @@ -1,6 +1,6 @@ #!/bin/sh -# record logout -/usr/bin/logger -p local3.info "logout,$1,$4,$5" +/usr/bin/logger -p local3.info "logout,$1,$4,$5,$3" + /sbin/pfctl -i $1 -Fs /sbin/pfctl -K $4/32 diff --git a/src/sbin/vpn-linkup b/src/sbin/vpn-linkup index bca7b6edf..bca818a15 100755 --- a/src/sbin/vpn-linkup +++ b/src/sbin/vpn-linkup @@ -1,16 +1,3 @@ #!/bin/sh -# record login -/usr/bin/logger -p local3.info "login,$1,$4,$5" - -case `/bin/echo $1 | /usr/bin/cut -c1-4` in - pptp) - /sbin/ifconfig $1 group pptp - ;; - poes) - /sbin/ifconfig $1 group pppoe - ;; - l2tp) - /sbin/ifconfig $1 group l2tp - ;; -esac +/usr/bin/logger -p local3.info "login,$1,$4,$5,$3" diff --git a/src/www/diag_logs_vpn.inc b/src/www/diag_logs_vpn.inc index 42ff6a0ec..b7bfb7f7d 100644 --- a/src/www/diag_logs_vpn.inc +++ b/src/www/diag_logs_vpn.inc @@ -47,19 +47,36 @@ function dump_clog_vpn($logfile, $tail, $logtype) { global $config; - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + $sort = isset($config['syslog']['reverse']) ? '-r' : ''; + $servers = array(); + + switch ($logtype) { + case 'pptp': + if (isset($config['pptpd']['localip'])) { + $servers[] = $config['pptpd']['localip']; + } + break; + case 'l2tp': + if (isset($config['l2tp']['localip'])) { + $servers[] = $config['l2tp']['localip']; + } + break; + default: + break; + } $logarr = ""; - - exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | tail {$sor} -n " . $tail, $logarr); + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | tail {$sort} -n " . $tail, $logarr); foreach ($logarr as $logent) { $logent = preg_split("/\s+/", $logent, 6); $llent = explode(",", $logent[5]); - $iftype = substr($llent[1], 0, 4); - if ($iftype != $logtype) { + + $srv = explode('/', $llent[4]); + if (!is_array($srv) || !in_array($srv[0], $servers)) { continue; } + echo "\n"; echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; @@ -104,7 +121,7 @@ include("head.inc"); - + diff --git a/src/www/vpn_l2tp.php b/src/www/vpn_l2tp.php index 2759215da..1272ddb33 100644 --- a/src/www/vpn_l2tp.php +++ b/src/www/vpn_l2tp.php @@ -78,9 +78,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { $input_errors[] = gettext("A valid server address must be specified."); } - if (is_ipaddr_configured($_POST['localip'])) { - $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); - } if ($_POST['localip'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } @@ -96,9 +93,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { (ip2ulong($_POST['localip']) <= $subnet_end)) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } - if ($_POST['localip'] == get_interface_ip("lan")) { - $input_errors[] = gettext("The specified server address is equal to the LAN interface address."); - } } } @@ -222,11 +216,6 @@ include("head.inc");