/usr/local/www/vpn_pptp.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_pptp.php @ 857d33cf

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5			vpn_pptp.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	78cf56c6	Scott Ullrich
8	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10	78cf56c6	Scott Ullrich
11	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	78cf56c6	Scott Ullrich
14	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	78cf56c6	Scott Ullrich
17	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	78cf56c6	Scott Ullrich
21	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31			*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['pptpd']['radius'])) {
36			$config['pptpd']['radius'] = array();
37			}
38			$pptpcfg = &$config['pptpd'];
39
40			$pconfig['remoteip'] = $pptpcfg['remoteip'];
41			$pconfig['localip'] = $pptpcfg['localip'];
42			$pconfig['redir'] = $pptpcfg['redir'];
43			$pconfig['mode'] = $pptpcfg['mode'];
44			$pconfig['req128'] = isset($pptpcfg['req128']);
45			$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']);
46			$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']);
47			$pconfig['radiusserver'] = $pptpcfg['radius']['server'];
48			$pconfig['radiussecret'] = $pptpcfg['radius']['secret'];
49
50			if ($_POST) {
51
52			unset($input_errors);
53			$pconfig = $_POST;
54
55			/* input validation */
56			if ($_POST['mode'] == "server") {
57			$reqdfields = explode(" ", "localip remoteip");
58			$reqdfieldsn = explode(",", "Server address,Remote start address");
59	78cf56c6	Scott Ullrich
60	5b237745	Scott Ullrich	if ($_POST['radiusenable']) {
61			$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
62	78cf56c6	Scott Ullrich	$reqdfieldsn = array_merge($reqdfieldsn,
63	5b237745	Scott Ullrich	explode(",", "RADIUS server address,RADIUS shared secret"));
64			}
65	78cf56c6	Scott Ullrich
66	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
67	78cf56c6	Scott Ullrich
68	5b237745	Scott Ullrich	if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
69			$input_errors[] = "A valid server address must be specified.";
70			}
71			if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) {
72			$input_errors[] = "A valid remote start address must be specified.";
73			}
74			if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
75			$input_errors[] = "A valid RADIUS server address must be specified.";
76			}
77	78cf56c6	Scott Ullrich
78			if (!$input_errors) {
79	5b237745	Scott Ullrich	$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']);
80			$subnet_start = ip2long($_POST['remoteip']);
81			$subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1;
82	78cf56c6	Scott Ullrich
83			if ((ip2long($_POST['localip']) >= $subnet_start) &&
84	5b237745	Scott Ullrich	(ip2long($_POST['localip']) <= $subnet_end)) {
85	78cf56c6	Scott Ullrich	$input_errors[] = "The specified server address lies in the remote subnet.";
86	5b237745	Scott Ullrich	}
87			if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) {
88	78cf56c6	Scott Ullrich	$input_errors[] = "The specified server address is equal to the LAN interface address.";
89	5b237745	Scott Ullrich	}
90			}
91			} else if ($_POST['mode'] == "redir") {
92			$reqdfields = explode(" ", "redir");
93			$reqdfieldsn = explode(",", "PPTP redirection target address");
94	78cf56c6	Scott Ullrich
95	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
96	78cf56c6	Scott Ullrich
97	5b237745	Scott Ullrich	if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
98			$input_errors[] = "A valid target address must be specified.";
99			}
100			}
101
102			if (!$input_errors) {
103			$pptpcfg['remoteip'] = $_POST['remoteip'];
104			$pptpcfg['redir'] = $_POST['redir'];
105			$pptpcfg['localip'] = $_POST['localip'];
106			$pptpcfg['mode'] = $_POST['mode'];
107			$pptpcfg['req128'] = $_POST['req128'] ? true : false;
108			$pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false;
109			$pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false;
110			$pptpcfg['radius']['server'] = $_POST['radiusserver'];
111			$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
112	78cf56c6	Scott Ullrich
113			if (($pconfig['mode'] == "server")) {
114			/*
115			* traverse ruleset. if no PPTP rule is found
116			* install one.
117			*/
118			$found_pptp_rule = 0;
119			foreach($config['filter']['rule'] as $rule) {
120			$pos = strpos($rule['descr'], "PPTP");
121			if ( $pos <> false ) $found_pptp_rule = 1;
122			}
123			if($found_pptp_rule == 0) {
124			/* no PPTP rule found. craete one. */
125			add_default_pptp_rule();
126			}
127			}
128
129	5b237745	Scott Ullrich	write_config();
130	78cf56c6	Scott Ullrich
131	5b237745	Scott Ullrich	$retval = 0;
132			if (!file_exists($d_sysrebootreqd_path)) {
133			config_lock();
134			$retval = vpn_pptpd_configure();
135			config_unlock();
136			}
137			$savemsg = get_std_save_message($retval);
138	78cf56c6	Scott Ullrich	if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section.";
139	5b237745	Scott Ullrich	}
140			}
141			?>
142			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
143			<html><head>
144			<title><?=gentitle("VPN: PPTP");?></title>
145			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
146			<link href="gui.css" rel="stylesheet" type="text/css">
147			<script language="JavaScript">
148			<!--
149			function get_radio_value(obj)
150			{
151			for (i = 0; i < obj.length; i++) {
152			if (obj[i].checked)
153			return obj[i].value;
154			}
155			return null;
156			}
157
158			function enable_change(enable_over) {
159			if ((get_radio_value(document.iform.mode) == "server") \|\| enable_over) {
160			document.iform.remoteip.disabled = 0;
161			document.iform.localip.disabled = 0;
162			document.iform.req128.disabled = 0;
163			document.iform.radiusenable.disabled = 0;
164	78cf56c6	Scott Ullrich
165	5b237745	Scott Ullrich	if (document.iform.radiusenable.checked \|\| enable_over) {
166			document.iform.radacct_enable.disabled = 0;
167			document.iform.radiusserver.disabled = 0;
168			document.iform.radiussecret.disabled = 0;
169			} else {
170			document.iform.radacct_enable.disabled = 1;
171			document.iform.radiusserver.disabled = 1;
172			document.iform.radiussecret.disabled = 1;
173			}
174			} else {
175			document.iform.remoteip.disabled = 1;
176			document.iform.localip.disabled = 1;
177			document.iform.req128.disabled = 1;
178			document.iform.radiusenable.disabled = 1;
179			document.iform.radacct_enable.disabled = 1;
180			document.iform.radiusserver.disabled = 1;
181			document.iform.radiussecret.disabled = 1;
182			}
183			if ((get_radio_value(document.iform.mode) == "redir") \|\| enable_over) {
184			document.iform.redir.disabled = 0;
185			} else {
186			document.iform.redir.disabled = 1;
187			}
188			}
189			//-->
190			</script>
191			</head>
192
193			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
194			<?php include("fbegin.inc"); ?>
195			<p class="pgtitle">VPN: PPTP</p>
196			<form action="vpn_pptp.php" method="post" name="iform" id="iform">
197			<?php if ($input_errors) print_input_errors($input_errors); ?>
198			<?php if ($savemsg) print_info_box($savemsg); ?>
199			<table width="100%" border="0" cellpadding="0" cellspacing="0">
200			<tr><td>
201			<ul id="tabnav">
202			<li class="tabact">Configuration</li>
203			<li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li>
204			</ul>
205			</td></tr>
206	78cf56c6	Scott Ullrich	<tr>
207	5b237745	Scott Ullrich	<td class="tabcont">
208			<table width="100%" border="0" cellpadding="6" cellspacing="0">
209	78cf56c6	Scott Ullrich	<tr>
210	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
211	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
212	5b237745	Scott Ullrich	<input name="mode" type="radio" onclick="enable_change(false)" value="off"
213			<?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>>
214			Off</td>
215	78cf56c6	Scott Ullrich	<tr>
216	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
217			<td width="78%" class="vtable">
218			<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>>
219			Redirect incoming PPTP connections to:</td>
220	78cf56c6	Scott Ullrich	<tr>
221	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PPTP redirection</td>
222	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
223			<input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
224	5b237745	Scott Ullrich	<br>
225	78cf56c6	Scott Ullrich	Enter the IP address of a host which will accept incoming
226	5b237745	Scott Ullrich	PPTP connections.</td>
227	78cf56c6	Scott Ullrich	<tr>
228	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
229			<td width="78%" class="vtable">
230			<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>>
231			Enable PPTP server</td>
232	78cf56c6	Scott Ullrich	<tr>
233			<td width="22%" valign="top" class="vncellreq">Max. concurrent
234	5b237745	Scott Ullrich	connections</td>
235	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
236	5b237745	Scott Ullrich	<?=$g['n_pptp_units'];?>
237			</td>
238	78cf56c6	Scott Ullrich	<tr>
239	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Server address</td>
240	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
241			<input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
242	5b237745	Scott Ullrich	<br>
243	78cf56c6	Scott Ullrich	Enter the IP address the PPTP server should use on its side
244	5b237745	Scott Ullrich	for all clients.</td>
245			</tr>
246	78cf56c6	Scott Ullrich	<tr>
247			<td width="22%" valign="top" class="vncellreq">Remote address
248	5b237745	Scott Ullrich	range</td>
249	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
250	5b237745	Scott Ullrich	<input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
251	78cf56c6	Scott Ullrich	/
252	5b237745	Scott Ullrich	<?=$g['pptp_subnet'];?>
253			<br>
254			Specify the starting address for the client IP address subnet.<br>
255	78cf56c6	Scott Ullrich	The PPTP server will assign
256	5b237745	Scott Ullrich	<?=$g['n_pptp_units'];?>
257			addresses, starting at the address entered above, to clients.</td>
258			</tr>
259	78cf56c6	Scott Ullrich	<tr>
260	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS</td>
261	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
262			<p>
263	5b237745	Scott Ullrich	<input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>>
264			<strong>Use a RADIUS server for authentication<br>
265	78cf56c6	Scott Ullrich	</strong>When set, all users will be authenticated using
266			the RADIUS server specified below. The local user database
267	5b237745	Scott Ullrich	will not be used.<br>
268			<br>
269			<input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>>
270			<strong>Enable RADIUS accounting <br>
271	a21ff5bd	Colin Smith	</strong>Send accounting packets to the RADIUS server. </p></td>
272	5b237745	Scott Ullrich	</tr>
273	78cf56c6	Scott Ullrich	<tr>
274	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS server </td>
275	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
276			<p>
277	5b237745	Scott Ullrich	<input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>">
278			<br>
279			Enter the IP address of the RADIUS server.</p></td>
280			</tr>
281	78cf56c6	Scott Ullrich	<tr>
282	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS shared secret</td>
283	78cf56c6	Scott Ullrich	<td width="78%" valign="top" class="vtable">
284			<p>
285	5b237745	Scott Ullrich	<input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>">
286			<br>
287	78cf56c6	Scott Ullrich	Enter the shared secret that will be used to authenticate
288	5b237745	Scott Ullrich	to the RADIUS server.</p></td>
289			</tr>
290	78cf56c6	Scott Ullrich	<tr>
291	5b237745	Scott Ullrich	<td height="16" colspan="2" valign="top"></td>
292			</tr>
293	78cf56c6	Scott Ullrich	<tr>
294	5b237745	Scott Ullrich	<td width="22%" valign="middle"> </td>
295	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
296			<input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>>
297	5b237745	Scott Ullrich	<strong>Require 128-bit encryption</strong><br>
298	a21ff5bd	Colin Smith	When set, 128-bit encryption will be required. Otherwise
299			40-bit and 56-bit encryption will also be accepted. Note that
300			encryption will always be forced on PPTP connections (
301	5b237745	Scott Ullrich	unencrypted connections will not be accepted).</td>
302			</tr>
303	78cf56c6	Scott Ullrich	<tr>
304	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
305	78cf56c6	Scott Ullrich	<td width="78%">
306			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
307	5b237745	Scott Ullrich	</td>
308			</tr>
309	78cf56c6	Scott Ullrich	<tr>
310	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
311	5d75c0e0	Scott Ullrich	<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br></td>
312	5b237745	Scott Ullrich	</tr>
313			</table>
314			</td>
315			</tr>
316			</table>
317			</form>
318			<script language="JavaScript">
319			<!--
320			enable_change(false);
321			//-->
322			</script>
323			<?php include("fend.inc"); ?>
324			</body>
325			</html>
326	78cf56c6	Scott Ullrich
327			<?php
328
329			function add_default_pptp_rule() {
330			global $config;
331
332			$specialsrcdst = explode(" ", "any lan pptp");
333			if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array();
334			filter_rules_sort();
335			$a_filter = &$config['filter']['rule'];
336			$filterent = array();
337			$filterent['type'] = "pass";
338			$filterent['interface'] = "pptp";
339
340			unset($filterent['max-src-nodes']);
341			unset($filterent['max-src-states']);
342			unset($filterent['protocol']);
343			unset($filterent['icmptype']);
344
345			pconfig_to_address($filterent['source'], "any",
346			$_POST['srcmask'], $_POST['srcnot'],
347			$_POST['srcbeginport'], $_POST['srcendport']);
348
349			pconfig_to_address($filterent['destination'], "any",
350			$_POST['dstmask'], $_POST['dstnot'],
351			$_POST['dstbeginport'], $_POST['dstendport']);
352
353			$filterent['disabled'] = false;
354			$filterent['log'] = false;
355			$filterent['frags'] = false;
356	890b0516	Scott Ullrich	$filterent['descr'] = "Default PPTP -> any";
357	78cf56c6	Scott Ullrich	$a_filter[] = $filterent;
358			write_config();
359
360			}
361
362			function pconfig_to_address(&$adr, $padr, $pmask, $pnot, $pbeginport, $pendport) {
363
364			$adr = array();
365
366			if ($padr == "any")
367			$adr['any'] = true;
368			else if (is_specialnet($padr))
369			$adr['network'] = $padr;
370			else {
371			$adr['address'] = $padr;
372			if ($pmask != 32)
373			$adr['address'] .= "/" . $pmask;
374			}
375
376			$adr['not'] = $pnot ? true : false;
377
378			if (($pbeginport != 0) && ($pbeginport != "any")) {
379			if ($pbeginport != $pendport)
380			$adr['port'] = $pbeginport . "-" . $pendport;
381			else
382			$adr['port'] = $pbeginport;
383			}
384			}
385
386			?>

Project

General

Profile

pfSense