}
}
if ($config['l2tp']['mode'] == "server") {
if (have_ruleint_access("l2tp")) {
$iflist['l2tp'] = gettext("L2TP VPN");
}
}
if (is_array($config['pppoes']['pppoe'])) {
foreach ($config['pppoes']['pppoe'] as $pppoes) {
if ($pppoes['mode'] == 'server' && have_ruleint_access("pppoe")) {
$iflist['pppoe'] = gettext("PPPoE Server");
}
}
}
/* add ipsec interfaces */
if (ipsec_enabled() && have_ruleint_access("enc0")) {
$iflist["enc0"] = gettext("IPsec");
}
/* add openvpn/tun interfaces */
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$iflist["openvpn"] = gettext("OpenVPN");
}
if (!$if || !isset($iflist[$if])) {
if ("any" == $if) {
$if = "FloatingRules";
} else {
if ("FloatingRules" != $if) {
if (isset($iflist['wan'])) {
$if = "wan";
} else {
$if = "FloatingRules";
require_once "ipsec.inc";
require_once "functions.inc";
$first_time = false;
if (!is_array($config["widgets"]["trafficgraphs"])) {
$first_time = true;
$config["widgets"]["trafficgraphs"] = array();
}
$a_config =& $config["widgets"]["trafficgraphs"];
if (!is_array($a_config["shown"])) {
$a_config["shown"] = array();
}
if (!is_array($a_config["shown"]["item"])) {
$a_config["shown"]["item"] = array();
}
$ifdescrs = get_configured_interface_with_descr();
if (ipsec_enabled()) {
$ifdescrs['enc0'] = "IPsec";
}
if ($_POST) {
if (isset($_POST["refreshinterval"]) && is_numericint($_POST["refreshinterval"])) {
$a_config["refreshinterval"] = $_POST["refreshinterval"];
}
if (isset($_POST["scale_type"])) {
$a_config["scale_type"] = $_POST["scale_type"];
}
$a_config["shown"]["item"] = array();
foreach ($ifdescrs as $ifname => $ifdescr) {
if (in_array($ifname, $_POST["shown"])) {
$a_config["shown"]["item"][] = $ifname;
}
}
function build_if_list()
{
global $config;
$iflist = array();
// add group interfaces
if (is_array($config['ifgroups']['ifgroupentry'])) {
foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) {
if (have_ruleint_access($ifgen['ifname'])) {
$iflist[$ifgen['ifname']] = $ifgen['ifname'];
}
}
}
foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) {
if (have_ruleint_access($ifent)) {
$iflist[$ifent] = $ifdesc;
}
}
if ($config['l2tp']['mode'] == "server" && have_ruleint_access("l2tp")) {
$iflist['l2tp'] = gettext('L2TP VPN');
}
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
$iflist['pppoe'] = gettext("PPPoE Server");
}
// add ipsec interfaces
if (ipsec_enabled() && have_ruleint_access("enc0")) {
$iflist["enc0"] = gettext("IPsec");
}
// add openvpn/tun interfaces
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$iflist["openvpn"] = gettext("OpenVPN");
}
return $iflist;
}
function build_if_list()
{
global $ifdisp;
foreach ($ifdisp as $if => $ifdesc) {
if (have_ruleint_access($if)) {
$interfaces[$if] = $ifdesc;
}
}
if ($config['l2tp']['mode'] == "server") {
if (have_ruleint_access("l2tp")) {
$interfaces['l2tp'] = "L2TP VPN";
}
}
if ($config['pppoe']['mode'] == "server") {
if (have_ruleint_access("pppoe")) {
$interfaces['pppoe'] = "PPPoE Server";
}
}
/* add ipsec interfaces */
if (ipsec_enabled() && have_ruleint_access("enc0")) {
$interfaces["enc0"] = "IPsec";
}
/* add openvpn/tun interfaces */
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$interfaces["openvpn"] = "OpenVPN";
}
return $interfaces;
}
function build_if_list()
{
$iflist = get_configured_interface_with_descr(false, true);
//$iflist = get_interface_list();
// Allow extending of the firewall edit interfaces
pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
foreach ($iflist as $if => $ifdesc) {
$interfaces[$if] = $ifdesc;
}
if ($config['l2tp']['mode'] == "server") {
$interfaces['l2tp'] = "L2TP VPN";
}
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
$interfaces['pppoe'] = "PPPoE Server";
}
/* add ipsec interfaces */
if (ipsec_enabled()) {
$interfaces["enc0"] = "IPsec";
}
/* add openvpn/tun interfaces */
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$interfaces["openvpn"] = "OpenVPN";
}
return $interfaces;
}
function restore_config_section_xmlrpc($raw_params)
{
global $config, $xmlrpc_g;
$old_config = $config;
$old_ipsec_enabled = ipsec_enabled();
if (xmlrpc_loop_detect()) {
log_error("Disallowing CARP sync loop");
return;
}
$params = xmlrpc_params_to_php($raw_params);
if (!xmlrpc_auth($params)) {
xmlrpc_authfail();
return $xmlrpc_g['return']['authfail'];
}
/*
* Make sure it doesn't end up with both dnsmasq and unbound enabled
* simultaneously in secondary
* */
if (isset($params[0]['unbound']['enable']) && isset($config['dnsmasq']['enable'])) {
unset($config['dnsmasq']['enable']);
services_dnsmasq_configure();
} else {
if (isset($params[0]['dnsmasq']['enable']) && isset($config['unbound']['enable'])) {
unset($config['unbound']['enable']);
services_unbound_configure();
}
}
// Some sections should just be copied and not merged or we end
// up unable to sync the deletion of the last item in a section
$sync_full = array('dnsmasq', 'unbound', 'ipsec', 'aliases', 'wol', 'load_balancer', 'openvpn', 'cert', 'ca', 'crl', 'schedules', 'filter', 'nat', 'dhcpd', 'dhcpv6');
$sync_full_done = array();
foreach ($sync_full as $syncfull) {
if (isset($params[0][$syncfull])) {
$config[$syncfull] = $params[0][$syncfull];
unset($params[0][$syncfull]);
$sync_full_done[] = $syncfull;
}
}
$vipbackup = array();
$oldvips = array();
if (isset($params[0]['virtualip'])) {
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vipindex => $vip) {
if ($vip['mode'] == "carp") {
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] = "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}";
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['interface'] = $vip['interface'];
$oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['subnet'] = $vip['subnet'];
} else {
if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strpos($vip['interface'], "lo0"))) {
$oldvips[$vip['subnet']]['content'] = "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}";
$oldvips[$vip['subnet']]['interface'] = $vip['interface'];
$oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
} else {
if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strpos($vip['interface'], "lo0")) {
$vipbackup[] = $vip;
}
}
}
}
}
}
// For vip section, first keep items sent from the master
$config = array_merge_recursive_unique($config, $params[0]);
/* Then add ipalias and proxyarp types already defined on the backup */
if (is_array($vipbackup) && !empty($vipbackup)) {
if (!is_array($config['virtualip'])) {
$config['virtualip'] = array();
}
if (!is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
foreach ($vipbackup as $vip) {
array_unshift($config['virtualip']['vip'], $vip);
}
}
/* Log what happened */
$mergedkeys = implode(",", array_merge(array_keys($params[0]), $sync_full_done));
write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
/*
* The real work on handling the vips specially
* This is a copy of intefaces_vips_configure with addition of not reloading existing/not changed carps
*/
if (isset($params[0]['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp" && isset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"])) {
if ($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]['content'] == "{$vip['password']}{$vip['advskew']}{$vip['subnet']}{$vip['subnet_bits']}{$vip['advbase']}") {
if (does_vip_exist($vip)) {
unset($oldvips["{$vip['interface']}_vip{$vip['vhid']}"]);
continue;
// Skip reconfiguring this vips since nothing has changed.
}
}
} else {
if ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
if ($oldvips[$vip['subnet']]['content'] == "{$vip['interface']}{$vip['subnet']}{$vip['subnet_bits']}") {
if (does_vip_exist($vip)) {
unset($oldvips[$vip['subnet']]);
continue;
// Skip reconfiguring this vips since nothing has changed.
}
}
unset($oldvips[$vip['subnet']]);
}
}
switch ($vip['mode']) {
case "proxyarp":
$anyproxyarp = true;
break;
case "ipalias":
interface_ipalias_configure($vip);
break;
case "carp":
if ($carp_setuped == false) {
$carp_setuped = true;
}
interface_carp_configure($vip);
break;
}
}
/* Cleanup remaining old carps */
foreach ($oldvips as $oldvipar) {
$oldvipif = get_real_interface($oldvipar['interface']);
if (!empty($oldvipif)) {
if (is_ipaddrv6($oldvipar['subnet'])) {
mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
} else {
pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
}
}
}
if ($carp_setuped == true) {
interfaces_sync_setup();
}
if ($anyproxyarp == true) {
interface_proxyarp_configure();
}
}
if ($old_ipsec_enabled !== ipsec_enabled()) {
vpn_ipsec_configure();
}
unset($old_config);
return $xmlrpc_g['return']['true'];
}
/**
* Restore defined config section into local config
*
* @param string $username
* @param string $password
* @param array $sections
*
* @return bool
*/
public function restore_config_section($username, $password, $sections)
{
$this->auth($username, $password);
global $config;
$old_config = $config;
$old_ipsec_enabled = ipsec_enabled();
if ($this->loop_detected) {
log_error("Disallowing CARP sync loop");
return true;
}
/*
* Some sections should just be copied and not merged or we end
* up unable to sync the deletion of the last item in a section
*/
$sync_full_sections = array('aliases', 'ca', 'cert', 'crl', 'dhcpd', 'dhcpv6', 'dnsmasq', 'filter', 'ipsec', 'load_balancer', 'nat', 'openvpn', 'schedules', 'unbound', 'wol');
$syncd_full_sections = array();
foreach ($sync_full_sections as $section) {
if (!isset($sections[$section])) {
continue;
}
$config[$section] = $sections[$section];
unset($sections[$section]);
$syncd_full_sections[] = $section;
}
$vipbackup = array();
$oldvips = array();
if (isset($sections['virtualip']) && is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['mode'] == "carp") {
$key = $vip['interface'] . "_vip" . $vip['vhid'];
$oldvips[$key]['content'] = $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'];
$oldvips[$key]['interface'] = $vip['interface'];
$oldvips[$key]['subnet'] = $vip['subnet'];
} else {
if ($vip['mode'] == "ipalias" && (substr($vip['interface'], 0, 4) == '_vip' || strstr($vip['interface'], "lo0"))) {
$oldvips[$vip['subnet']]['content'] = $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'];
$oldvips[$vip['subnet']]['interface'] = $vip['interface'];
$oldvips[$vip['subnet']]['subnet'] = $vip['subnet'];
} else {
if (($vip['mode'] == "ipalias" || $vip['mode'] == 'proxyarp') && !(substr($vip['interface'], 0, 4) == '_vip') || strstr($vip['interface'], "lo0")) {
$vipbackup[] = $vip;
}
}
}
}
}
/* For vip section, first keep items sent from the master */
$config = array_merge_recursive_unique($config, $sections);
/*
* Then add ipalias and proxyarp types already defined
* on the backup
*/
if (is_array($vipbackup) && !empty($vipbackup)) {
if (!is_array($config['virtualip'])) {
$config['virtualip'] = array();
}
if (!is_array($config['virtualip']['vip'])) {
$config['virtualip']['vip'] = array();
}
foreach ($vipbackup as $vip) {
array_unshift($config['virtualip']['vip'], $vip);
}
}
/* Log what happened */
$mergedkeys = implode(",", array_merge(array_keys($sections), $syncd_full_sections));
write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."), $mergedkeys));
/*
* The real work on handling the vips specially
* This is a copy of intefaces_vips_configure with addition of
* not reloading existing/not changed carps
*/
if (isset($sections['virtualip']) && is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) {
$carp_setuped = false;
$anyproxyarp = false;
foreach ($config['virtualip']['vip'] as $vip) {
$key = "{$vip['interface']}_vip{$vip['vhid']}";
if ($vip['mode'] == "carp" && isset($oldvips[$key])) {
if ($oldvips[$key]['content'] == $vip['password'] . $vip['advskew'] . $vip['subnet'] . $vip['subnet_bits'] . $vip['advbase'] && does_vip_exist($vip)) {
unset($oldvips[$key]);
/*
* Skip reconfiguring this vips
* since nothing has changed.
*/
continue;
}
} elseif ($vip['mode'] == "ipalias" && strstr($vip['interface'], "_vip") && isset($oldvips[$vip['subnet']])) {
$key = $vip['subnet'];
if ($oldvips[$key]['content'] == $vip['interface'] . $vip['subnet'] . $vip['subnet_bits'] && does_vip_exist($vip)) {
unset($oldvips[$key]);
/*
* Skip reconfiguring this vips
* since nothing has changed.
*/
continue;
}
unset($oldvips[$key]);
}
switch ($vip['mode']) {
case "proxyarp":
$anyproxyarp = true;
break;
case "ipalias":
interface_ipalias_configure($vip);
break;
case "carp":
$carp_setuped = true;
interface_carp_configure($vip);
break;
}
}
/* Cleanup remaining old carps */
foreach ($oldvips as $oldvipar) {
$oldvipif = get_real_interface($oldvipar['interface']);
if (empty($oldvipif)) {
continue;
}
if (is_ipaddrv6($oldvipar['subnet'])) {
mwexec("/sbin/ifconfig " . escapeshellarg($oldvipif) . " inet6 " . escapeshellarg($oldvipar['subnet']) . " delete");
} else {
pfSense_interface_deladdress($oldvipif, $oldvipar['subnet']);
}
}
if ($carp_setuped == true) {
interfaces_sync_setup();
}
if ($anyproxyarp == true) {
interface_proxyarp_configure();
}
}
if ($old_ipsec_enabled !== ipsec_enabled()) {
vpn_ipsec_configure();
}
unset($old_config);
return true;
}
