/usr/local/www/vpn_pptp.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/vpn_pptp.php @ ac95b982

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2			<?php
3			/*
4			vpn_pptp.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	78cf56c6	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	78cf56c6	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	78cf56c6	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	78cf56c6	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	78cf56c6	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31
32			require("guiconfig.inc");
33
34			if (!is_array($config['pptpd']['radius'])) {
35			$config['pptpd']['radius'] = array();
36			}
37			$pptpcfg = &$config['pptpd'];
38
39			$pconfig['remoteip'] = $pptpcfg['remoteip'];
40			$pconfig['localip'] = $pptpcfg['localip'];
41			$pconfig['redir'] = $pptpcfg['redir'];
42			$pconfig['mode'] = $pptpcfg['mode'];
43			$pconfig['req128'] = isset($pptpcfg['req128']);
44			$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']);
45			$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']);
46			$pconfig['radiusserver'] = $pptpcfg['radius']['server'];
47			$pconfig['radiussecret'] = $pptpcfg['radius']['secret'];
48
49			if ($_POST) {
50
51			unset($input_errors);
52			$pconfig = $_POST;
53
54			/* input validation */
55			if ($_POST['mode'] == "server") {
56			$reqdfields = explode(" ", "localip remoteip");
57			$reqdfieldsn = explode(",", "Server address,Remote start address");
58	78cf56c6	Scott Ullrich
59	5b237745	Scott Ullrich	if ($_POST['radiusenable']) {
60			$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
61	78cf56c6	Scott Ullrich	$reqdfieldsn = array_merge($reqdfieldsn,
62	5b237745	Scott Ullrich	explode(",", "RADIUS server address,RADIUS shared secret"));
63			}
64	78cf56c6	Scott Ullrich
65	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
66	78cf56c6	Scott Ullrich
67	5b237745	Scott Ullrich	if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
68			$input_errors[] = "A valid server address must be specified.";
69			}
70			if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) {
71			$input_errors[] = "A valid remote start address must be specified.";
72			}
73			if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
74			$input_errors[] = "A valid RADIUS server address must be specified.";
75			}
76	78cf56c6	Scott Ullrich
77			if (!$input_errors) {
78	5b237745	Scott Ullrich	$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']);
79			$subnet_start = ip2long($_POST['remoteip']);
80			$subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1;
81	78cf56c6	Scott Ullrich
82			if ((ip2long($_POST['localip']) >= $subnet_start) &&
83	5b237745	Scott Ullrich	(ip2long($_POST['localip']) <= $subnet_end)) {
84	78cf56c6	Scott Ullrich	$input_errors[] = "The specified server address lies in the remote subnet.";
85	5b237745	Scott Ullrich	}
86			if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) {
87	78cf56c6	Scott Ullrich	$input_errors[] = "The specified server address is equal to the LAN interface address.";
88	5b237745	Scott Ullrich	}
89			}
90			} else if ($_POST['mode'] == "redir") {
91			$reqdfields = explode(" ", "redir");
92			$reqdfieldsn = explode(",", "PPTP redirection target address");
93	78cf56c6	Scott Ullrich
94	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
95	78cf56c6	Scott Ullrich
96	5b237745	Scott Ullrich	if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
97			$input_errors[] = "A valid target address must be specified.";
98			}
99			}
100
101			if (!$input_errors) {
102			$pptpcfg['remoteip'] = $_POST['remoteip'];
103			$pptpcfg['redir'] = $_POST['redir'];
104			$pptpcfg['localip'] = $_POST['localip'];
105			$pptpcfg['mode'] = $_POST['mode'];
106			$pptpcfg['req128'] = $_POST['req128'] ? true : false;
107			$pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false;
108			$pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false;
109			$pptpcfg['radius']['server'] = $_POST['radiusserver'];
110			$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
111	78cf56c6	Scott Ullrich
112			if (($pconfig['mode'] == "server")) {
113			/*
114			* traverse ruleset. if no PPTP rule is found
115			* install one.
116			*/
117			$found_pptp_rule = 0;
118			foreach($config['filter']['rule'] as $rule) {
119			$pos = strpos($rule['descr'], "PPTP");
120			if ( $pos <> false ) $found_pptp_rule = 1;
121			}
122			if($found_pptp_rule == 0) {
123			/* no PPTP rule found. craete one. */
124			add_default_pptp_rule();
125			}
126			}
127
128	5b237745	Scott Ullrich	write_config();
129	78cf56c6	Scott Ullrich
130	5b237745	Scott Ullrich	$retval = 0;
131			if (!file_exists($d_sysrebootreqd_path)) {
132			config_lock();
133			$retval = vpn_pptpd_configure();
134			config_unlock();
135			}
136			$savemsg = get_std_save_message($retval);
137	78cf56c6	Scott Ullrich	if($found_pptp_rule ==0) $savemsg .= "<br>A default PPTP rule has been added to the firewall rules section.";
138	5b237745	Scott Ullrich	}
139			}
140			?>
141			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
142			<html><head>
143			<title><?=gentitle("VPN: PPTP");?></title>
144			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
145			<link href="gui.css" rel="stylesheet" type="text/css">
146			<script language="JavaScript">
147			<!--
148			function get_radio_value(obj)
149			{
150			for (i = 0; i < obj.length; i++) {
151			if (obj[i].checked)
152			return obj[i].value;
153			}
154			return null;
155			}
156
157			function enable_change(enable_over) {
158			if ((get_radio_value(document.iform.mode) == "server") \|\| enable_over) {
159			document.iform.remoteip.disabled = 0;
160			document.iform.localip.disabled = 0;
161			document.iform.req128.disabled = 0;
162			document.iform.radiusenable.disabled = 0;
163	78cf56c6	Scott Ullrich
164	5b237745	Scott Ullrich	if (document.iform.radiusenable.checked \|\| enable_over) {
165			document.iform.radacct_enable.disabled = 0;
166			document.iform.radiusserver.disabled = 0;
167			document.iform.radiussecret.disabled = 0;
168			} else {
169			document.iform.radacct_enable.disabled = 1;
170			document.iform.radiusserver.disabled = 1;
171			document.iform.radiussecret.disabled = 1;
172			}
173			} else {
174			document.iform.remoteip.disabled = 1;
175			document.iform.localip.disabled = 1;
176			document.iform.req128.disabled = 1;
177			document.iform.radiusenable.disabled = 1;
178			document.iform.radacct_enable.disabled = 1;
179			document.iform.radiusserver.disabled = 1;
180			document.iform.radiussecret.disabled = 1;
181			}
182			if ((get_radio_value(document.iform.mode) == "redir") \|\| enable_over) {
183			document.iform.redir.disabled = 0;
184			} else {
185			document.iform.redir.disabled = 1;
186			}
187			}
188			//-->
189			</script>
190			</head>
191
192			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
193			<?php include("fbegin.inc"); ?>
194			<p class="pgtitle">VPN: PPTP</p>
195			<form action="vpn_pptp.php" method="post" name="iform" id="iform">
196			<?php if ($input_errors) print_input_errors($input_errors); ?>
197			<?php if ($savemsg) print_info_box($savemsg); ?>
198			<table width="100%" border="0" cellpadding="0" cellspacing="0">
199			<tr><td>
200			<ul id="tabnav">
201			<li class="tabact">Configuration</li>
202			<li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li>
203			</ul>
204			</td></tr>
205	78cf56c6	Scott Ullrich	<tr>
206	5b237745	Scott Ullrich	<td class="tabcont">
207			<table width="100%" border="0" cellpadding="6" cellspacing="0">
208	78cf56c6	Scott Ullrich	<tr>
209	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
210	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
211	5b237745	Scott Ullrich	<input name="mode" type="radio" onclick="enable_change(false)" value="off"
212			<?php if (($pconfig['mode'] != "server") && ($pconfig['mode'] != "redir")) echo "checked";?>>
213			Off</td>
214	78cf56c6	Scott Ullrich	<tr>
215	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
216			<td width="78%" class="vtable">
217			<input type="radio" name="mode" value="redir" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "redir") echo "checked"; ?>>
218			Redirect incoming PPTP connections to:</td>
219	78cf56c6	Scott Ullrich	<tr>
220	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">PPTP redirection</td>
221	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
222			<input name="redir" type="text" class="formfld" id="redir" size="20" value="<?=htmlspecialchars($pconfig['redir']);?>">
223	5b237745	Scott Ullrich	<br>
224	78cf56c6	Scott Ullrich	Enter the IP address of a host which will accept incoming
225	5b237745	Scott Ullrich	PPTP connections.</td>
226	78cf56c6	Scott Ullrich	<tr>
227	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vtable"> </td>
228			<td width="78%" class="vtable">
229			<input type="radio" name="mode" value="server" onclick="enable_change(false)" <?php if ($pconfig['mode'] == "server") echo "checked"; ?>>
230			Enable PPTP server</td>
231	78cf56c6	Scott Ullrich	<tr>
232			<td width="22%" valign="top" class="vncellreq">Max. concurrent
233	5b237745	Scott Ullrich	connections</td>
234	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
235	5b237745	Scott Ullrich	<?=$g['n_pptp_units'];?>
236			</td>
237	78cf56c6	Scott Ullrich	<tr>
238	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Server address</td>
239	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
240			<input name="localip" type="text" class="formfld" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
241	5b237745	Scott Ullrich	<br>
242	78cf56c6	Scott Ullrich	Enter the IP address the PPTP server should use on its side
243	5b237745	Scott Ullrich	for all clients.</td>
244			</tr>
245	78cf56c6	Scott Ullrich	<tr>
246			<td width="22%" valign="top" class="vncellreq">Remote address
247	5b237745	Scott Ullrich	range</td>
248	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
249	5b237745	Scott Ullrich	<input name="remoteip" type="text" class="formfld" id="remoteip" size="20" value="<?=htmlspecialchars($pconfig['remoteip']);?>">
250	78cf56c6	Scott Ullrich	/
251	5b237745	Scott Ullrich	<?=$g['pptp_subnet'];?>
252			<br>
253			Specify the starting address for the client IP address subnet.<br>
254	78cf56c6	Scott Ullrich	The PPTP server will assign
255	5b237745	Scott Ullrich	<?=$g['n_pptp_units'];?>
256			addresses, starting at the address entered above, to clients.</td>
257			</tr>
258	78cf56c6	Scott Ullrich	<tr>
259	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS</td>
260	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
261			<p>
262	5b237745	Scott Ullrich	<input name="radiusenable" type="checkbox" id="radiusenable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radiusenable'] == "yes") echo "checked"; ?>>
263			<strong>Use a RADIUS server for authentication<br>
264	78cf56c6	Scott Ullrich	</strong>When set, all users will be authenticated using
265			the RADIUS server specified below. The local user database
266	5b237745	Scott Ullrich	will not be used.<br>
267			<br>
268			<input name="radacct_enable" type="checkbox" id="radacct_enable" onclick="enable_change(false)" value="yes" <?php if ($pconfig['radacct_enable'] == "yes") echo "checked"; ?>>
269			<strong>Enable RADIUS accounting <br>
270			</strong>Sends accounting packets to the RADIUS server. </p></td>
271			</tr>
272	78cf56c6	Scott Ullrich	<tr>
273	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS server </td>
274	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
275			<p>
276	5b237745	Scott Ullrich	<input name="radiusserver" type="text" class="formfld" id="radiusserver" size="20" value="<?=htmlspecialchars($pconfig['radiusserver']);?>">
277			<br>
278			Enter the IP address of the RADIUS server.</p></td>
279			</tr>
280	78cf56c6	Scott Ullrich	<tr>
281	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">RADIUS shared secret</td>
282	78cf56c6	Scott Ullrich	<td width="78%" valign="top" class="vtable">
283			<p>
284	5b237745	Scott Ullrich	<input name="radiussecret" type="password" class="formfld" id="radiussecret" size="20" value="<?=htmlspecialchars($pconfig['radiussecret']);?>">
285			<br>
286	78cf56c6	Scott Ullrich	Enter the shared secret that will be used to authenticate
287	5b237745	Scott Ullrich	to the RADIUS server.</p></td>
288			</tr>
289	78cf56c6	Scott Ullrich	<tr>
290	5b237745	Scott Ullrich	<td height="16" colspan="2" valign="top"></td>
291			</tr>
292	78cf56c6	Scott Ullrich	<tr>
293	5b237745	Scott Ullrich	<td width="22%" valign="middle"> </td>
294	78cf56c6	Scott Ullrich	<td width="78%" class="vtable">
295			<input name="req128" type="checkbox" id="req128" value="yes" <?php if ($pconfig['req128'] == "yes") echo "checked"; ?>>
296	5b237745	Scott Ullrich	<strong>Require 128-bit encryption</strong><br>
297	78cf56c6	Scott Ullrich	When set, 128-bit encryption will be accepted. Otherwise,
298			40-bit and 56-bit encryption will be accepted, too. Note that
299			encryption will always be forced on PPTP connections (i.e.
300	5b237745	Scott Ullrich	unencrypted connections will not be accepted).</td>
301			</tr>
302	78cf56c6	Scott Ullrich	<tr>
303	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
304	78cf56c6	Scott Ullrich	<td width="78%">
305			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)">
306	5b237745	Scott Ullrich	</td>
307			</tr>
308	78cf56c6	Scott Ullrich	<tr>
309	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
310			<td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
311	78cf56c6	Scott Ullrich	</strong></span>don't forget to add a firewall rule to permit
312	5b237745	Scott Ullrich	traffic from PPTP clients!</span></td>
313			</tr>
314			</table>
315			</td>
316			</tr>
317			</table>
318			</form>
319			<script language="JavaScript">
320			<!--
321			enable_change(false);
322			//-->
323			</script>
324			<?php include("fend.inc"); ?>
325			</body>
326			</html>
327	78cf56c6	Scott Ullrich
328			<?php
329
330			function add_default_pptp_rule() {
331			global $config;
332
333			$specialsrcdst = explode(" ", "any lan pptp");
334			if (!is_array($config['filter']['rule'])) $config['filter']['rule'] = array();
335			filter_rules_sort();
336			$a_filter = &$config['filter']['rule'];
337			$filterent = array();
338			$filterent['type'] = "pass";
339			$filterent['interface'] = "pptp";
340
341			unset($filterent['max-src-nodes']);
342			unset($filterent['max-src-states']);
343			unset($filterent['protocol']);
344			unset($filterent['icmptype']);
345
346			pconfig_to_address($filterent['source'], "any",
347			$_POST['srcmask'], $_POST['srcnot'],
348			$_POST['srcbeginport'], $_POST['srcendport']);
349
350			pconfig_to_address($filterent['destination'], "any",
351			$_POST['dstmask'], $_POST['dstnot'],
352			$_POST['dstbeginport'], $_POST['dstendport']);
353
354			$filterent['disabled'] = false;
355			$filterent['log'] = false;
356			$filterent['frags'] = false;
357	890b0516	Scott Ullrich	$filterent['descr'] = "Default PPTP -> any";
358	78cf56c6	Scott Ullrich	$a_filter[] = $filterent;
359			write_config();
360
361			}
362
363			function pconfig_to_address(&$adr, $padr, $pmask, $pnot, $pbeginport, $pendport) {
364
365			$adr = array();
366
367			if ($padr == "any")
368			$adr['any'] = true;
369			else if (is_specialnet($padr))
370			$adr['network'] = $padr;
371			else {
372			$adr['address'] = $padr;
373			if ($pmask != 32)
374			$adr['address'] .= "/" . $pmask;
375			}
376
377			$adr['not'] = $pnot ? true : false;
378
379			if (($pbeginport != 0) && ($pbeginport != "any")) {
380			if ($pbeginport != $pendport)
381			$adr['port'] = $pbeginport . "-" . $pendport;
382			else
383			$adr['port'] = $pbeginport;
384			}
385			}
386
387			?>

Project

General

Profile

pfSense