/src/etc/inc/vpn.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/vpn.inc @ e85ae672

1	5b237745	Scott Ullrich	<?php
2			/*
3	ac24dc24	Renato Botelho	* vpn.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10	ac24dc24	Renato Botelho	* All rights reserved.
11			*
12			* originally part of m0n0wall (http://m0n0.ch/wall)
13	c5d81585	Renato Botelho	* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
14	ac24dc24	Renato Botelho	* All rights reserved.
15			*
16	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
17			* you may not use this file except in compliance with the License.
18			* You may obtain a copy of the License at
19	ac24dc24	Renato Botelho	*
20	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
21	ac24dc24	Renato Botelho	*
22	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
23			* distributed under the License is distributed on an "AS IS" BASIS,
24			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25			* See the License for the specific language governing permissions and
26			* limitations under the License.
27	ac24dc24	Renato Botelho	*/
28	8f67a8e1	Scott Ullrich
29	50813d24	jim-p	require_once("ipsec.inc");
30	0dea741f	Chris Buechler	require_once("filter.inc");
31	87a898b1	Chris Buechler	require_once("auth.inc");
32	cffcf9bf	jim-p	require_once("certs.inc");
33	50813d24	jim-p
34	67ee1ec5	Ermal Luçi	/* master setup for vpn (mpd) */
35			function vpn_setup() {
36			/* start pppoe server */
37	0e642c78	Ermal	vpn_pppoes_configure();
38	67ee1ec5	Ermal Luçi
39			/* setup l2tp */
40			vpn_l2tp_configure();
41			}
42
43	67b057a9	Ermal	function vpn_netgraph_support() {
44			$iflist = get_configured_interface_list();
45			foreach ($iflist as $iface) {
46			$realif = get_real_interface($iface);
47			/* Get support for netgraph(4) from the nic */
48	c513c309	Ermal	$ifinfo = pfSense_get_interface_addresses($realif);
49	79262830	Phil Davis	if (!empty($ifinfo) && in_array($ifinfo['iftype'], array("ether", "vlan", "bridge"))) {
50	09628a07	Renato Botelho	pfSense_ngctl_attach(".", $realif);
51	79262830	Phil Davis	}
52	67b057a9	Ermal	}
53			}
54
55	0e642c78	Ermal	function vpn_pppoes_configure() {
56			global $config;
57
58			if (is_array($config['pppoes']['pppoe'])) {
59	79262830	Phil Davis	foreach ($config['pppoes']['pppoe'] as $pppoe) {
60	0e642c78	Ermal	vpn_pppoe_configure($pppoe);
61	79262830	Phil Davis	}
62	0e642c78	Ermal	}
63			}
64
65			function vpn_pppoe_configure(&$pppoecfg) {
66	06e69b03	Scott Ullrich	global $config, $g;
67
68			$syscfg = $config['system'];
69
70	48918ed5	Scott Ullrich	/* create directory if it does not exist */
71	79262830	Phil Davis	if (!is_dir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn")) {
72	0e642c78	Ermal	mkdir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn");
73	79262830	Phil Davis	}
74	c52719a8	Scott Ullrich
75	285ef132	Ermal LUÇI	if (platform_booting()) {
76	79262830	Phil Davis	if (!$pppoecfg['mode'] \|\| ($pppoecfg['mode'] == "off")) {
77	06e69b03	Scott Ullrich	return 0;
78	79262830	Phil Davis	}
79	06e69b03	Scott Ullrich
80	d3d23754	Chris Buechler	echo gettext("Configuring PPPoE Server service... ");
81	979cd6db	Scott Ullrich	} else {
82			/* kill mpd */
83	ad1a6de3	Viktor Gurov	if (isvalidpid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid")) {
84			killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
85			}
86	979cd6db	Scott Ullrich
87			/* wait for process to die */
88			sleep(2);
89
90	06e69b03	Scott Ullrich	}
91
92			switch ($pppoecfg['mode']) {
93
94	79262830	Phil Davis	case 'server':
95	06e69b03	Scott Ullrich
96	0e642c78	Ermal	$pppoe_interface = get_real_interface($pppoecfg['interface']);
97	0301deff	Scott Ullrich
98	79262830	Phil Davis	if ($pppoecfg['paporchap'] == "chap") {
99	979cd6db	Scott Ullrich	$paporchap = "set link enable chap";
100	79262830	Phil Davis	} else {
101	979cd6db	Scott Ullrich	$paporchap = "set link enable pap";
102	79262830	Phil Davis	}
103	979cd6db	Scott Ullrich
104	06e69b03	Scott Ullrich	/* write mpd.conf */
105	0e642c78	Ermal	$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
106	06e69b03	Scott Ullrich	if (!$fd) {
107	89ceb4ba	Renato Botelho	printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
108	06e69b03	Scott Ullrich	return 1;
109			}
110
111	2c0a3677	Renato Botelho	$issue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 ";
112			if (isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['server']['enable'])) {
113			$issue_ip_type .= "0.0.0.0/0";
114			} else {
115			$issue_ip_type .= "ippool p0";
116	06e69b03	Scott Ullrich	}
117
118	2c0a3677	Renato Botelho	$ippool_p0 = ip_after($pppoecfg['remoteip'], $pppoecfg['n_pppoe_units'] - 1);
119	06e69b03	Scott Ullrich
120	fa6e6196	jim-p	if (is_numeric($pppoecfg['n_pppoe_maxlogin']) && ($pppoecfg['n_pppoe_maxlogin'] > 0)) {
121			$pppoemaxlogins = $pppoecfg['n_pppoe_maxlogin'];
122			} else {
123	6801de75	jim-p	$pppoemaxlogins = 1;
124	fa6e6196	jim-p	}
125	06e69b03	Scott Ullrich
126	2c0a3677	Renato Botelho	$ipcp_dns = '';
127			if (!empty($pppoecfg['dns1'])) {
128			$ipcp_dns = "set ipcp dns " . $pppoecfg['dns1'];
129			if (!empty($pppoecfg['dns2'])) {
130			$ipcp_dns .= " " . $pppoecfg['dns2'];
131			}
132			} elseif (isset($config['dnsmasq']['enable']) \|\|
133			isset ($config['unbound']['enable'])) {
134			$ipcp_dns = "set ipcp dns " . get_interface_ip("lan");
135			if ($syscfg['dnsserver'][0]) {
136			$ipcp_dns .= " " . $syscfg['dnsserver'][0];
137			}
138			} elseif (is_array($syscfg['dnsserver']) &&
139			($syscfg['dnsserver'][0])) {
140			$ipcp_dns = "set ipcp dns " . join(" ", $syscfg['dnsserver']);
141			}
142
143			$mpdconf = <<<EOD
144			startup:
145	06e69b03	Scott Ullrich
146	2c0a3677	Renato Botelho	poes:
147			set ippool add p0 {$pppoecfg['remoteip']} {$ippool_p0}
148
149			create bundle template poes_b
150	979cd6db	Scott Ullrich	set bundle enable compression
151	2c0a3677	Renato Botelho
152			set ccp yes mppc
153			set mppc yes e40
154			set mppc yes e128
155			set mppc yes stateless
156
157	e4191be8	Renato Botelho	set iface group pppoe
158	902a31e3	jim-p	set iface up-script /usr/local/sbin/vpn-linkup-poes
159			set iface down-script /usr/local/sbin/vpn-linkdown-poes
160	979cd6db	Scott Ullrich	set iface idle 0
161	06e69b03	Scott Ullrich	set iface disable on-demand
162			set iface disable proxy-arp
163			set iface enable tcpmssfix
164	979cd6db	Scott Ullrich	set iface mtu 1500
165	2c0a3677	Renato Botelho
166			set ipcp no vjcomp
167			{$issue_ip_type}
168			{$ipcp_dns}
169
170			create link template poes_l pppoe
171			set link action bundle poes_b
172
173			set auth max-logins {$pppoemaxlogins}
174
175			set pppoe iface {$pppoe_interface}
176
177			set link no multilink
178	06e69b03	Scott Ullrich	set link no pap chap
179	979cd6db	Scott Ullrich	{$paporchap}
180			set link keep-alive 60 180
181			set link max-redial -1
182			set link mru 1492
183			set link latency 1
184	2c0a3677	Renato Botelho	set link enable incoming
185	06e69b03	Scott Ullrich
186	c8c416db	Scott Ullrich	EOD;
187
188	37d7de2d	jim-p	if (isset ($pppoecfg['radius']['server']['enable'])) {
189	c3583058	Ermal	$radiusport = "";
190			$radiusacctport = "";
191	79262830	Phil Davis	if (isset($pppoecfg['radius']['server']['port'])) {
192	c3583058	Ermal	$radiusport = $pppoecfg['radius']['server']['port'];
193	79262830	Phil Davis	}
194			if (isset($pppoecfg['radius']['server']['acctport'])) {
195	c3583058	Ermal	$radiusacctport = $pppoecfg['radius']['server']['acctport'];
196	79262830	Phil Davis	}
197	80fcbd31	Viktor G	$mpdconf .= "\tset radius server {$pppoecfg['radius']['server']['ip']} \"{$pppoecfg['radius']['server']['secret']}\" {$radiusport} {$radiusacctport}\n";
198			if (isset($pppoecfg['radius']['server2']['enable'])) {
199			$radiusport = "";
200			$radiusacctport = "";
201			if (isset($pppoecfg['radius']['server2']['port'])) {
202			$radiusport = $pppoecfg['radius']['server2']['port'];
203			}
204			if (isset($pppoecfg['radius']['server2']['acctport'])) {
205			$radiusacctport = $pppoecfg['radius']['server2']['acctport'];
206			}
207			$mpdconf .= "\tset radius server {$pppoecfg['radius']['server2']['ip']} \"{$pppoecfg['radius']['server2']['secret2']}\" {$radiusport} {$radiusacctport}\n";
208			}
209
210	979cd6db	Scott Ullrich	$mpdconf .=<<<EOD
211	06e69b03	Scott Ullrich	set radius retries 3
212	979cd6db	Scott Ullrich	set radius timeout 10
213	0af9dba4	Ermal Lu?i	set auth enable radius-auth
214	06e69b03	Scott Ullrich
215			EOD;
216
217	979cd6db	Scott Ullrich	if (isset ($pppoecfg['radius']['accounting'])) {
218			$mpdconf .=<<<EOD
219	0af9dba4	Ermal Lu?i	set auth enable radius-acct
220	07cae4b2	Scott Ullrich
221	06e69b03	Scott Ullrich	EOD;
222			}
223	e181a70f	Viktor G	if (!empty($pppoecfg['radius']['acct_update'])) {
224			$mpdconf .= "\tset auth acct-update {$pppoecfg['radius']['acct_update']}\n";
225			}
226	2c0a3677	Renato Botelho	if (!empty($pppoecfg['radius']['nasip'])) {
227	f362c73b	Chris Buechler	$mpdconf .= "\tset radius me {$pppoecfg['radius']['nasip']}\n";
228			}
229	06e69b03	Scott Ullrich	}
230
231			fwrite($fd, $mpdconf);
232			fclose($fd);
233	a49784a2	Ermal	unset($mpdconf);
234	06e69b03	Scott Ullrich
235	f5d5a463	Viktor G	vpn_pppoe_updatesecret($pppoecfg);
236	979cd6db	Scott Ullrich
237	062676f8	Ermal	/* Check if previous instance is still up */
238	79262830	Phil Davis	while (file_exists("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid") && isvalidpid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid")) {
239	062676f8	Ermal	killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
240	79262830	Phil Davis	}
241	062676f8	Ermal
242	67b057a9	Ermal	/* Get support for netgraph(4) from the nic */
243			pfSense_ngctl_attach(".", $pppoe_interface);
244	979cd6db	Scott Ullrich	/* fire up mpd */
245	2c0a3677	Renato Botelho	mwexec("/usr/local/sbin/mpd5 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
246	979cd6db	Scott Ullrich
247			break;
248			}
249
250	79262830	Phil Davis	if (platform_booting()) {
251	561130e4	Carlos Eduardo Ramos	echo gettext("done") . "\n";
252	79262830	Phil Davis	}
253	979cd6db	Scott Ullrich
254			return 0;
255			}
256
257	f5d5a463	Viktor G	function vpn_pppoe_updatesecret(&$pppoecfg) {
258			global $config, $g;
259
260			if ($pppoecfg['username']) {
261			/* write mpd.secret */
262			$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
263			if (!$fd) {
264			printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
265			return 1;
266			}
267
268			$mpdsecret = "\n\n";
269
270			if (!empty($pppoecfg['username'])) {
271			$item = explode(" ", $pppoecfg['username']);
272			foreach ($item as $userdata) {
273			$data = explode(":", $userdata);
274			/* Escape double quotes, do not allow password to start with '!'
275			* https://redmine.pfsense.org/issues/10275 */
276			$pass = str_replace('"', '\"', ltrim(base64_decode($data[1]), '!'));
277			$mpdsecret .= "{$data[0]} \"{$pass}\" {$data[2]}\n";
278			}
279			}
280
281			fwrite($fd, $mpdsecret);
282			fclose($fd);
283			unset($mpdsecret);
284			chmod("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
285			return 0;
286			}
287			}
288
289	979cd6db	Scott Ullrich	function vpn_l2tp_configure() {
290			global $config, $g;
291
292			$syscfg = $config['system'];
293			$l2tpcfg = $config['l2tp'];
294
295			/* create directory if it does not exist */
296	79262830	Phil Davis	if (!is_dir("{$g['varetc_path']}/l2tp-vpn")) {
297	67ee1ec5	Ermal Luçi	mkdir("{$g['varetc_path']}/l2tp-vpn");
298	79262830	Phil Davis	}
299	979cd6db	Scott Ullrich
300	285ef132	Ermal LUÇI	if (platform_booting()) {
301	79262830	Phil Davis	if (!$l2tpcfg['mode'] \|\| ($l2tpcfg['mode'] == "off")) {
302	979cd6db	Scott Ullrich	return 0;
303	79262830	Phil Davis	}
304	979cd6db	Scott Ullrich
305	89ceb4ba	Renato Botelho	echo gettext("Configuring l2tp VPN service... ");
306	979cd6db	Scott Ullrich	} else {
307			/* kill mpd */
308	ad1a6de3	Viktor Gurov	if (isvalidpid("{$g['varrun_path']}/l2tp-vpn.pid")) {
309			killbypid("{$g['varrun_path']}/l2tp-vpn.pid");
310			}
311	979cd6db	Scott Ullrich
312			/* wait for process to die */
313	01c41d40	Ermal Lu?i	sleep(8);
314	979cd6db	Scott Ullrich
315			}
316
317	67ee1ec5	Ermal Luçi	/* make sure l2tp-vpn directory exists */
318	79262830	Phil Davis	if (!file_exists("{$g['varetc_path']}/l2tp-vpn")) {
319	67ee1ec5	Ermal Luçi	mkdir("{$g['varetc_path']}/l2tp-vpn");
320	79262830	Phil Davis	}
321	979cd6db	Scott Ullrich
322			switch ($l2tpcfg['mode']) {
323
324	79262830	Phil Davis	case 'server':
325	adc70099	Renato Botelho	$l2tp_listen="";
326			$ipaddr = get_interface_ip(get_failover_interface($l2tpcfg['interface']));
327			if (is_ipaddrv4($ipaddr)) {
328			$l2tp_listen="set l2tp self $ipaddr";
329			}
330	c4f22962	TarasSavchuk
331	3fac0afc	Jose Luis Duran	switch ($l2tpcfg['paporchap']) {
332			case 'chap':
333			$paporchap = "set link enable chap";
334			break;
335			case 'chap-msv2':
336			$paporchap = "set link enable chap-msv2";
337			break;
338			default:
339			$paporchap = "set link enable pap";
340			break;
341	79262830	Phil Davis	}
342	979cd6db	Scott Ullrich
343			/* write mpd.conf */
344	67ee1ec5	Ermal Luçi	$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.conf", "w");
345	979cd6db	Scott Ullrich	if (!$fd) {
346	89ceb4ba	Renato Botelho	printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
347	979cd6db	Scott Ullrich	return 1;
348			}
349
350	8d50c07c	Renato Botelho	$ippool_p0 = ip_after($l2tpcfg['remoteip'], $l2tpcfg['n_l2tp_units'] - 1);
351	979cd6db	Scott Ullrich
352	8d50c07c	Renato Botelho	$issue_ip_type = "set ipcp ranges {$l2tpcfg['localip']}/32 ";
353	ad1a6de3	Viktor Gurov	if (isset($l2tpcfg['radius']['radiusissueips']) && isset($l2tpcfg['radius']['enable'])) {
354	8d50c07c	Renato Botelho	$issue_ip_type .= "0.0.0.0/0";
355	ad1a6de3	Viktor Gurov	$ippool = "";
356	8d50c07c	Renato Botelho	} else {
357			$issue_ip_type .= "ippool p0";
358	ad1a6de3	Viktor Gurov	$ippool = "set ippool add p0 {$l2tpcfg['remoteip']} {$ippool_p0}";
359	979cd6db	Scott Ullrich	}
360
361	8d50c07c	Renato Botelho	$ipcp_dns = '';
362			if (is_ipaddr($l2tpcfg['dns1'])) {
363			$ipcp_dns = "set ipcp dns " . $l2tpcfg['dns1'];
364			if (is_ipaddr($l2tpcfg['dns2'])) {
365			$ipcp_dns .= " " . $l2tpcfg['dns2'];
366	979cd6db	Scott Ullrich	}
367	8d50c07c	Renato Botelho	} elseif (isset ($config['dnsmasq']['enable']) \|\|
368			isset ($config['unbound']['enable'])) {
369			$ipcp_dns = "set ipcp dns " . get_interface_ip("lan");
370			if ($syscfg['dnsserver'][0]) {
371			$ipcp_dns .= " " . $syscfg['dnsserver'][0];
372			}
373			} elseif (is_array($syscfg['dnsserver']) &&
374			($syscfg['dnsserver'][0])) {
375			$ipcp_dns = "set ipcp dns " . join(" ", $syscfg['dnsserver']);
376			}
377	979cd6db	Scott Ullrich
378	8d50c07c	Renato Botelho	$mpdconf =<<<EOD
379	979cd6db	Scott Ullrich
380	8d50c07c	Renato Botelho	startup:
381	979cd6db	Scott Ullrich
382	8d50c07c	Renato Botelho	l2tps:
383	ad1a6de3	Viktor Gurov	{$ippool}
384	979cd6db	Scott Ullrich
385	8d50c07c	Renato Botelho	create bundle template l2tp_b
386	09628a07	Renato Botelho	set bundle enable compression
387			set bundle yes crypt-reqd
388	8d50c07c	Renato Botelho
389	09628a07	Renato Botelho	set ccp yes mppc
390	8d50c07c	Renato Botelho
391	c150479c	Viktor G	set iface name l2tps
392	8d50c07c	Renato Botelho	set iface group l2tp
393	902a31e3	jim-p	set iface up-script /usr/local/sbin/vpn-linkup-l2tp
394			set iface down-script /usr/local/sbin/vpn-linkdown-l2tp
395	8d50c07c	Renato Botelho	set iface disable on-demand
396			set iface enable proxy-arp
397
398			set ipcp yes vjcomp
399			{$issue_ip_type}
400			{$ipcp_dns}
401
402			create link template l2tp_l l2tp
403			set link action bundle l2tp_b
404
405	09628a07	Renato Botelho	set link yes acfcomp protocomp
406	8d50c07c	Renato Botelho	set link enable multilink
407			set link no pap chap chap-msv2
408	d06f9ebe	Sebastian Öhman	{$paporchap}
409	adc70099	Renato Botelho	{$l2tp_listen}
410	09628a07	Renato Botelho	set link keep-alive 10 180
411	8d50c07c	Renato Botelho	set link enable incoming
412	979cd6db	Scott Ullrich
413			EOD;
414	58b9baee	Viktor G	if (!empty($l2tpcfg['secret'])) {
415	b3a226f0	jim-p	$secret = str_replace('"', '\"', $l2tpcfg['secret']);
416	8651a4a4	Viktor G	$mpdconf .=<<<EOD
417			set l2tp secret "{$secret}"
418
419			EOD;
420			}
421	979cd6db	Scott Ullrich
422
423			if (isset ($l2tpcfg['radius']['enable'])) {
424			$mpdconf .=<<<EOD
425			set radius server {$l2tpcfg['radius']['server']} "{$l2tpcfg['radius']['secret']}"
426			set radius retries 3
427			set radius timeout 10
428	5de4b046	jim-p	set auth disable internal
429	0af9dba4	Ermal Lu?i	set auth enable radius-auth
430	979cd6db	Scott Ullrich
431			EOD;
432
433			if (isset ($l2tpcfg['radius']['accounting'])) {
434			$mpdconf .=<<<EOD
435	0af9dba4	Ermal Lu?i	set auth enable radius-acct
436	979cd6db	Scott Ullrich
437			EOD;
438			}
439			}
440
441			fwrite($fd, $mpdconf);
442			fclose($fd);
443	a49784a2	Ermal	unset($mpdconf);
444	979cd6db	Scott Ullrich
445	81092348	Viktor G	vpn_l2tp_updatesecret();
446	67b057a9	Ermal	vpn_netgraph_support();
447
448	06e69b03	Scott Ullrich	/* fire up mpd */
449	8d50c07c	Renato Botelho	mwexec("/usr/local/sbin/mpd5 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps");
450	06e69b03	Scott Ullrich
451			break;
452
453	79262830	Phil Davis	case 'redir':
454	06e69b03	Scott Ullrich	break;
455			}
456
457	79262830	Phil Davis	if (platform_booting()) {
458	06e69b03	Scott Ullrich	echo "done\n";
459	79262830	Phil Davis	}
460	06e69b03	Scott Ullrich
461			return 0;
462			}
463	630cfa6c	Scott Ullrich
464	81092348	Viktor G	function vpn_l2tp_updatesecret() {
465			global $config, $g;
466			$l2tpcfg = $config['l2tp'];
467
468			$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.secret", "w");
469			if (!$fd) {
470			printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_updatesecret().") . "\n");
471			return 1;
472			}
473
474			$mpdsecret = "\n\n";
475
476			if (is_array($l2tpcfg['user'])) {
477			foreach ($l2tpcfg['user'] as $user) {
478			/* Escape double quotes, do not allow password to start with '!'
479			* https://redmine.pfsense.org/issues/10275 */
480			$pass = str_replace('"', '\"', ltrim($user['password'], '!'));
481			$mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n";
482			}
483			}
484
485			fwrite($fd, $mpdsecret);
486			fclose($fd);
487			unset($mpdsecret);
488			chmod("{$g['varetc_path']}/l2tp-vpn/mpd.secret", 0600);
489
490			return 0;
491			}
492
493	79262830	Phil Davis	?>

Project

General

Profile

pfSense