function getNasIP()
{
$nasIp = get_interface_ip();
if (!$nasIp) {
$nasIp = "0.0.0.0";
}
return $nasIp;
}
function dyndnsCheckIP($int)
{
$ip_address = get_interface_ip($int);
if (is_private_ip($ip_address)) {
$hosttocheck = "checkip.dyndns.org";
$checkip = gethostbyname($hosttocheck);
$ip_ch = curl_init("http://{$checkip}");
curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address);
$ip_result_page = curl_exec($ip_ch);
curl_close($ip_ch);
$ip_result_decoded = urldecode($ip_result_page);
preg_match('=Current IP Address: (.*)</body>=siU', $ip_result_decoded, $matches);
$ip_address = trim($matches[1]);
}
return $ip_address;
}
/**
* delete virtual ip
*/
function deleteVIPEntry($id)
{
global $config;
$input_errors = array();
$a_vip =& $config['virtualip']['vip'];
/* make sure no inbound NAT mappings reference this entry */
if (isset($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if (!empty($rule['destination']['address'])) {
if ($rule['destination']['address'] == $a_vip[$id]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$id]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$id]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (isset($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$id]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
continue;
}
if (ip_in_subnet($gateway['gateway'], $subnet)) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway.");
break;
}
}
}
if ($a_vip[$id]['mode'] == "ipalias") {
$subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits'];
$found_if = false;
$found_carp = false;
$found_other_alias = false;
if ($subnet == $if_subnet) {
$found_if = true;
}
$vipiface = $a_vip[$id]['interface'];
foreach ($a_vip as $vip_id => $vip) {
if ($vip_id != $id) {
if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) {
if ($vip['mode'] == "carp") {
$found_carp = true;
} else {
if ($vip['mode'] == "ipalias") {
$found_other_alias = true;
}
}
}
}
}
if ($found_carp === true && $found_other_alias === false && $found_if === false) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}.";
}
}
if (count($input_errors) == 0) {
// Special case since every proxyarp vip is handled by the same daemon.
if ($a_vip[$id]['mode'] == "proxyarp") {
$viface = $a_vip[$id]['interface'];
unset($a_vip[$id]);
interface_proxyarp_configure($viface);
} else {
interface_vip_bring_down($a_vip[$id]);
unset($a_vip[$id]);
}
if (count($config['virtualip']['vip']) == 0) {
unset($config['virtualip']['vip']);
}
}
return $input_errors;
}
</header>
<div class="content-box-main col-xs-12">
<pre>
<?php
$useicmp = isset($_REQUEST['useicmp']) ? "-I" : "";
$n = isset($resolve) ? "" : "-n";
$command = "/usr/sbin/traceroute";
if ($ipproto == "ipv6") {
$command .= "6";
$ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ipv6($sourceip);
} else {
$ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ip($sourceip);
}
if ($ifaddr && (is_ipaddr($host) || is_hostname($host)))
$srcip = "-s " . escapeshellarg($ifaddr);
$cmd = "{$command} {$n} {$srcip} -w 2 {$useicmp} -m " . escapeshellarg($ttl) . " " . escapeshellarg($host);
//echo "Traceroute command: {$cmd}\n";
system($cmd);
?>
</pre>
</div>
</div>
</section>
}
if (empty($_POST['password'])) {
$input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members.");
}
if ($_POST['interface'] == 'lo0') {
$input_errors[] = gettext("For this type of vip localhost is not allowed.");
} else {
if (strpos($_POST['interface'], '_vip')) {
$input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs.");
}
}
break;
case 'ipalias':
if (strstr($_POST['interface'], "_vip")) {
if (is_ipaddrv4($_POST['subnet'])) {
$parent_ip = get_interface_ip($_POST['interface']);
$parent_sn = get_interface_subnet($_POST['interface']);
$subnet = gen_subnet($parent_ip, $parent_sn);
} else {
if (is_ipaddrv6($_POST['subnet'])) {
$parent_ip = get_interface_ipv6($_POST['interface']);
$parent_sn = get_interface_subnetv6($_POST['interface']);
$subnet = gen_subnetv6($parent_ip, $parent_sn);
}
}
if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) {
$cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits'];
$input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find);
}
unset($parent_ip, $parent_sn, $subnet);
}
if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) {
$input_errors[] = gettext("Number of L2TP users must be between 1 and 255");
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']);
$subnet_start = ip2ulong($_POST['remoteip']);
$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1;
if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip("lan")) {
$input_errors[] = gettext("The specified server address is equal to the LAN interface address.");
}
}
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
$l2tpcfg['remoteip'] = $_POST['remoteip'];
$l2tpcfg['localip'] = $_POST['localip'];
$l2tpcfg['l2tp_subnet'] = $_POST['l2tp_subnet'];
$l2tpcfg['mode'] = $_POST['mode'];
$l2tpcfg['interface'] = $_POST['interface'];
<tr>
<td width="22%" valign="top"> </td>
<td width="78%">
<input name="Submit" type="submit" class="formbtn" value="<?php
echo gettext("Ping");
?>
">
</td>
</tr>
<tr>
<td valign="top" colspan="2">
<? if ($do_ping) {
echo "<font face='terminal' size='2'>";
echo "<strong>" . gettext("Ping output") . ":</strong><br>";
echo('<pre>');
$ifaddr = get_interface_ip($interface);
if ($ifaddr)
system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host));
else
system("/sbin/ping -c$count " . escapeshellarg($host));
$ifaddr = get_interface_ipv6($interface);
if ($ifaddr)
system("/sbin/ping6 -S$ifaddr -c$count " . escapeshellarg($host));
else
system("/sbin/ping6 -c$count " . escapeshellarg($host));
echo('</pre>');
}
?>
</td>
</tr>
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) {
$is_ipv6 = true;
$subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
} else {
$is_ipv6 = false;
$subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']);
$if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']);
$if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits);
}
$subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits'];
$if_subnet .= "/" . $if_subnet_bits;
if (is_array($config['gateways']['gateway_item'])) {
foreach ($config['gateways']['gateway_item'] as $gateway) {
if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) {
continue;
}
if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') {
continue;
}
if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') {
continue;
}
if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
$entered_remote = array();
$entered_remote['type'] = $pconfig['remoteid_type'];
if (isset($pconfig['remoteid_address'])) {
$entered_remote['address'] = $pconfig['remoteid_address'];
}
if (isset($pconfig['remoteid_netbits'])) {
$entered_remote['netbits'] = $pconfig['remoteid_netbits'];
}
$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']);
list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data);
if ($phase1['protocol'] == "inet6") {
$if = get_failover_interface($phase1['interface'], "inet6");
$interfaceip = get_interface_ipv6($if);
} else {
$if = get_failover_interface($phase1['interface']);
$interfaceip = get_interface_ip($if);
}
/* skip validation for hostnames, they're subject to change anyway */
if (is_ipaddr($phase1['remote-gateway'])) {
if ($pconfig['mode'] == "tunnel") {
if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
}
} else {
if ($pconfig['mode'] == "tunnel6") {
if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) {
$input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1.");
break;
}
}
$reqdfields = explode(" ", "name interface");
$reqdfieldsn = array(gettext("Name"), gettext("Interface"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if (!isset($pconfig['name'])) {
$input_errors[] = gettext("A valid gateway name must be specified.");
}
if (!is_validaliasname($pconfig['name'])) {
$input_errors[] = gettext("The gateway name must not contain invalid characters.");
}
/* skip system gateways which have been automatically added */
if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) && $pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic") {
$input_errors[] = gettext("A valid gateway IP address must be specified.");
}
if (!empty($pconfig['gateway']) && is_ipaddr($pconfig['gateway']) && !isset($_REQUEST['isAjax'])) {
if (is_ipaddrv4($pconfig['gateway'])) {
$parent_ip = get_interface_ip($pconfig['interface']);
$parent_sn = get_interface_subnet($pconfig['interface']);
if (empty($parent_ip) || empty($parent_sn)) {
$input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface.");
} else {
$subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn);
$vips = link_interface_to_vips($_POST['interface']);
if (is_array($vips)) {
foreach ($vips as $vip) {
if (!is_ipaddrv4($vip['subnet'])) {
continue;
}
$subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits'];
}
}
$found = false;
$ifaddr = get_interface_ipv6($sourceip);
}
}
$nc_args .= " -6";
} else {
switch ($ipprotocol) {
case "ipv4":
$ifaddr = get_interface_ip($sourceip);
$nc_ipproto = " -4";
break;
case "ipv6":
$ifaddr = is_linklocal($sourceip) ? $sourceip : get_interface_ipv6($sourceip);
$nc_ipproto = " -6";
break;
case "any":
$ifaddr = get_interface_ip($sourceip);
$nc_ipproto = !empty($ifaddr) ? " -4" : "";
if (empty($ifaddr)) {
$ifaddr = is_linklocal($sourceip) ? $sourceip : get_interface_ipv6($sourceip);
$nc_ipproto = !empty($ifaddr) ? " -6" : "";
}
break;
}
/* Netcat doesn't like it if we try to connect using a certain type of IP without specifying the family. */
if (!empty($ifaddr)) {
$nc_args .= $nc_ipproto;
} elseif ($sourceip == "any") {
switch ($ipprotocol) {
case "ipv4":
$nc_ipproto = " -4";
break;
echo gettext("RADIUS options");
?>
</td>
</tr>
<tr>
<td class="vncell" valign="top"><?php
echo gettext("RADIUS NAS IP attribute");
?>
</td>
<td>
<select name="radiussrcip_attribute" id="radiussrcip_attribute">
<?php
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifdesc => $ifdescr) {
$ipaddr = get_interface_ip($ifdesc);
if (is_ipaddr($ipaddr)) {
$selected = "";
if ($ifdesc == $pconfig['radiussrcip_attribute']) {
$selected = "selected";
}
echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n";
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
function getCalledStationId()
{
return get_interface_ip() . ":" . getNasPort();
}
$resolvecounter = 0;
$fields_array = array();
$pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^");
$fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt);
$continents = array('pfB_Africa', 'pfB_Antartica', 'pfB_Asia', 'pfB_Europe', 'pfB_NAmerica', 'pfB_Oceania', 'pfB_SAmerica', 'pfB_Top');
$supp_ip_txt = "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24";
$supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon.";
$supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts";
// Array of all Local IPs for Alert Analysis
$pfb_local = array();
$pfb_localsub = array();
// Collect Gateway IP Addresses for Inbound/Outbound List matching
$int_gateway = get_interfaces_with_gateway();
if (is_array($int_gateway)) {
foreach ($int_gateway as $gateway) {
$convert = get_interface_ip($gateway);
$pfb_local[] = $convert;
}
}
// Collect Virtual IP Aliases for Inbound/Outbound List Matching
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $list) {
if ($list['subnet'] != "" && $list['subnet_bits'] != "") {
if ($list['subnet_bits'] >= 24) {
$pfb_local = array_merge(subnetv4_expand("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local);
} else {
$pfb_localsub[] = "{$list['subnet']}/{$list['subnet_bits']}";
}
}
}
}
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic">Stats example template</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Example</td>
<td class="vtable">
As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/>
<a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/>
<br/>
After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?php
echo get_interface_ip("lan");
?>
:444">https://pfSense-LAN-ip:444/</a>
</td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td>
</tr>
<tr>
<td colspan="2" valign="top" class="vncell">
These tables are used to store information for session persistence and can be used with ssl-session-id information, application-cookies, or other information that is used to persist a user to a server.
<table class="tabcont sortable" id="sortabletable" width="100%" cellspacing="0" cellpadding="6" border="0">
<head>
##|*IDENT=page-services-dhcprelay
##|*NAME=Services: DHCP Relay
##|*DESCR=Allow access to the 'Services: DHCP Relay' page.
##|*MATCH=services_dhcp_relay.php*
##|-PRIV
require "guiconfig.inc";
require_once "filter.inc";
$pconfig['enable'] = isset($config['dhcrelay']['enable']);
if (empty($config['dhcrelay']['interface'])) {
$pconfig['interface'] = array();
} else {
$pconfig['interface'] = explode(",", $config['dhcrelay']['interface']);
}
$pconfig['agentoption'] = isset($config['dhcrelay']['agentoption']);
$iflist = array_intersect_key(get_configured_interface_with_descr(), array_flip(array_filter(array_keys(get_configured_interface_with_descr()), function ($if) {
return is_ipaddr(get_interface_ip($if));
})));
/* set the enabled flag which will tell us if DHCP server is enabled
* on any interface. We will use this to disable dhcp-relay since
* the two are not compatible with each other.
*/
$dhcpd_enabled = false;
if (is_array($config['dhcpd'])) {
foreach ($config['dhcpd'] as $dhcpif => $dhcp) {
if (isset($dhcp['enable']) && isset($config['interfaces'][$dhcpif]['enable'])) {
$dhcpd_enabled = true;
break;
}
}
}
if ($_POST) {
exit;
}
require "guiconfig.inc";
$if = $_GET['if'];
if ($_POST['if']) {
$if = $_POST['if'];
}
if (!$if) {
header("Location: services_dhcp.php");
exit;
}
if (!is_array($config['dhcpd'][$if]['staticmap'])) {
$config['dhcpd'][$if]['staticmap'] = array();
}
$a_maps =& $config['dhcpd'][$if]['staticmap'];
$ifcfgip = get_interface_ip($if);
$ifcfgsn = get_interface_subnet($if);
$ifcfgdescr = convert_friendly_interface_to_friendly_descr($if);
$id = $_GET['id'];
if (isset($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($id) && $a_maps[$id]) {
$pconfig['mac'] = $a_maps[$id]['mac'];
$pconfig['hostname'] = $a_maps[$id]['hostname'];
$pconfig['ipaddr'] = $a_maps[$id]['ipaddr'];
$pconfig['descr'] = base64_decode($a_maps[$id]['descr']);
} else {
$pconfig['mac'] = $_GET['mac'];
$pconfig['hostname'] = $_GET['hostname'];
$pconfig['descr'] = $_GET['descr'];
function build_radiusnas_list()
{
$list = array();
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifdesc => $ifdescr) {
$ipaddr = get_interface_ip($ifdesc);
if (is_ipaddr($ipaddr)) {
$list[$ifdescr] = $ifdescr . ' - ' . $ipaddr;
}
}
if (is_array($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $sn) {
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
$len = $end - $start;
for ($i = 0; $i <= $len; $i++) {
$snip = long2ip32($start + $i);
$list[$snip] = $sn['descr'] . ' - ' . $snip;
}
} else {
$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
}
}
}
return $list;
}
function build_interface_list()
{
global $pconfig;
$iflist = array('options' => array(), 'selected' => array());
$interfaces = get_configured_interface_with_descr();
$carplist = get_configured_carp_interface_list();
foreach ($carplist as $cif => $carpip) {
$interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) . ")";
}
$aliaslist = get_configured_ip_aliases_list();
foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasip] = $aliasip . " (" . get_vip_descr($aliasip) . ")";
}
$size = count($interfaces) < 10 ? count($interfaces) : 10;
foreach ($interfaces as $iface => $ifacename) {
if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) {
continue;
}
$iflist['options'][$iface] = $ifacename;
if (in_array($iface, $pconfig['interface'])) {
array_push($iflist['selected'], $iface);
}
}
return $iflist;
}
}
?>
onClick="enable_change(false)">
<strong><?php
printf(gettext("Enable DHCP relay on interface"));
?>
</strong>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Interface(s)</td>
<td width="78%" class="vtable">
<select id="interface" name="interface[]" multiple="true" class="formselect" size="3">
<?php
foreach ($iflist as $ifent => $ifdesc) {
if (!is_ipaddr(get_interface_ip($ifent))) {
continue;
}
echo "<option value='{$ifent}'";
if (in_array($ifent, $pconfig['interface'])) {
echo "selected";
}
echo ">{$ifdesc}</option>\n";
}
?>
</select>
<br />Interfaces without an IP address will not be shown.
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vtable"> </td>
function fixup_string($string)
{
global $config;
// fixup #1: $myurl -> http[s]://ip_address:port/
$https = "";
$port = $config['system']['webguiport'];
if ($port != "443" and $port != "80") {
$urlport = ":" . $port;
} else {
$urlport = "";
}
if ($config['system']['webgui']['protocol'] == "https") {
$https = "s";
}
$myurl = "http" . $https . "://" . getenv("HTTP_HOST") . $urlport;
$newstring = str_replace("\$myurl", $myurl, $string);
$string = $newstring;
// fixup #2: $wanip
$curwanip = get_interface_ip();
$newstring = str_replace("\$wanip", $curwanip, $string);
$string = $newstring;
// fixup #3: $lanip
$lancfg = $config['interfaces']['lan'];
$lanip = $lancfg['ipaddr'];
$newstring = str_replace("\$lanip", $lanip, $string);
$string = $newstring;
// fixup #4: fix'r'up here.
return $newstring;
}
?>
</td>
<td>
<?php
echo htmlspecialchars($rfc2136['host']);
?>
</td>
<td>
<?php
$filename = "{$g['conf_path']}/dyndns_{$rfc2136['interface']}_rfc2136_" . escapeshellarg($rfc2136['host']) . "_{$rfc2136['server']}.cache";
if (file_exists($filename)) {
print 'IPv4: ';
if (isset($rfc2136['usepublicip'])) {
$ipaddr = dyndnsCheckIP($rfc2136['interface']);
} else {
$ipaddr = get_interface_ip($rfc2136['interface']);
}
$cached_ip_s = explode("|", file_get_contents($filename));
$cached_ip = $cached_ip_s[0];
if ($ipaddr != $cached_ip) {
print '<span class="text-danger">';
} else {
print '<span class="text-success">';
}
print htmlspecialchars($cached_ip);
print '</span>';
} else {
print 'IPv4: N/A';
}
print '<br />';
if (file_exists("{$filename}.ipv6")) {
function fixup_string($string)
{
global $config, $g, $myurl, $title;
$newstring = $string;
// fixup #1: $myurl -> http[s]://ip_address:port/
switch ($config['system']['webgui']['protocol']) {
case "http":
$proto = "http";
break;
case "https":
$proto = "https";
break;
default:
$proto = "http";
break;
}
$port = $config['system']['webgui']['port'];
if ($port != "") {
if ($port == "443" and $proto != "https" or $port == "80" and $proto != "http") {
$urlport = ":" . $port;
} elseif ($port != "80" and $port != "443") {
$urlport = ":" . $port;
} else {
$urlport = "";
}
}
$http_host = explode(":", $_SERVER['HTTP_HOST']);
$http_host = $http_host[0];
$urlhost = $http_host;
// If finishing the setup wizard, check if accessing on a LAN or WAN address that changed
if ($title == "Reload in progress") {
if (is_ipaddr($urlhost)) {
$host_if = find_ip_interface($urlhost);
if ($host_if) {
$host_if = convert_real_interface_to_friendly_interface_name($host_if);
if ($host_if && is_ipaddr($config['interfaces'][$host_if]['ipaddr'])) {
$urlhost = $config['interfaces'][$host_if]['ipaddr'];
}
}
} else {
if ($urlhost == $config['system']['hostname']) {
$urlhost = $config['wizardtemp']['system']['hostname'];
} else {
if ($urlhost == $config['system']['hostname'] . '.' . $config['system']['domain']) {
$urlhost = $config['wizardtemp']['system']['hostname'] . '.' . $config['wizardtemp']['system']['domain'];
}
}
}
}
if ($urlhost != $http_host) {
file_put_contents("{$g['tmp_path']}/setupwizard_lastreferrer", $proto . "://" . $http_host . $urlport . $_SERVER['REQUEST_URI']);
}
$myurl = $proto . "://" . $urlhost . $urlport . "/";
if (strstr($newstring, "\$myurl")) {
$newstring = str_replace("\$myurl", $myurl, $newstring);
}
// fixup #2: $wanip
if (strstr($newstring, "\$wanip")) {
$curwanip = get_interface_ip();
$newstring = str_replace("\$wanip", $curwanip, $newstring);
}
// fixup #3: $lanip
if (strstr($newstring, "\$lanip")) {
$lanip = get_interface_ip("lan");
$newstring = str_replace("\$lanip", $lanip, $newstring);
}
// fixup #4: fix'r'up here.
return $newstring;
}
$source = get_interface_ip('lan');
} else {
if ($ph2ent['localid']['type'] == 'network') {
$ip_interface = find_ip_interface($ph2ent['localid']['address'], $ph2ent['localid']['netbits']);
if (!$ip_interface) {
$ip_alias = find_virtual_ip_alias($ph2ent['localid']['address'], $ph2ent['localid']['netbits']);
}
} else {
$ip_interface = find_ip_interface($ph2ent['localid']['address']);
if (!$ip_interface) {
$ip_alias = find_virtual_ip_alias($ph2ent['localid']['address']);
}
}
}
if ($ip_interface) {
$source = get_interface_ip($ip_interface);
} else {
if ($ip_alias) {
$source = $ip_alias['subnet'];
}
}
?>
<?php
if ($ph2ent['remoteid']['type'] != "mobile" && $icon != "pass" && $source != "") {
?>
<center>
<a href="diag_ipsec.php?act=connect&remoteid=<?php
echo $ph2ent['remoteid']['address'];
?>
&source=<?php
echo $source;
}
if (!empty($pconfig['autokey_enable'])) {
$pconfig['shared_key'] = openvpn_create_key();
}
// all input validators
if (strpos($pconfig['interface'], '|') !== false) {
list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']);
} else {
$iv_iface = $pconfig['interface'];
$iv_ip = null;
}
if (is_ipaddrv4($iv_ip) && stristr($pconfig['protocol'], "6") !== false) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address.");
} elseif (is_ipaddrv6($iv_ip) && stristr($pconfig['protocol'], "6") === false) {
$input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address.");
} elseif (stristr($pconfig['protocol'], "6") === false && !get_interface_ip($iv_iface) && $pconfig['interface'] != "any") {
$input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address.");
} elseif (stristr($pconfig['protocol'], "6") !== false && !get_interface_ipv6($iv_iface) && $pconfig['interface'] != "any") {
$input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address.");
}
if (empty($pconfig['authmode']) && ($pconfig['mode'] == "server_user" || $pconfig['mode'] == "server_tls_user")) {
$input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth.");
}
if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) {
$input_errors[] = $result;
}
if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) {
$input_errors[] = $result;
foreach ($carplist as $cif => $carpip) {
$interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) . ")";
}
$aliaslist = get_configured_ip_aliases_list();
foreach ($aliaslist as $aliasip => $aliasif) {
$interfaces[$aliasip] = $aliasip . " (" . get_vip_descr($aliasip) . ")";
}
$size = count($interfaces) < 10 ? count($interfaces) : 10;
?>
<select id="interface" name="interface[]" multiple="multiple" class="formselect" size="<?php
echo $size;
?>
">
<?php
foreach ($interfaces as $iface => $ifacename) {
if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) {
continue;
}
echo "<option value='{$iface}'";
if (is_array($pconfig['interface'])) {
if (in_array($iface, $pconfig['interface'])) {
echo " selected=\"selected\"";
}
}
echo ">" . htmlspecialchars($ifacename) . "</option>\n";
}
?>
</select>
<br />
<br /><?php
echo gettext("Interfaces without an IP address will not be shown.");
if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) {
$input_errors[] = gettext("A valid server address must be specified.");
}
if ($_POST['pppoe_subnet'] && !is_ipaddr($_POST['remoteip'])) {
$input_errors[] = gettext("A valid remote start address must be specified.");
}
if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) {
$input_errors[] = gettext("A valid RADIUS server address must be specified.");
}
$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']);
$subnet_start = ip2ulong($_POST['remoteip']);
$subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1;
if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) {
$input_errors[] = gettext("The specified server address lies in the remote subnet.");
}
if ($_POST['localip'] == get_interface_ip($_POST['interface'])) {
$input_errors[] = gettext("The specified server address is equal to an interface ip address.");
}
for ($x = 0; $x < 4999; $x++) {
if ($_POST["username{$x}"]) {
if (empty($_POST["password{$x}"])) {
$input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]);
}
if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) {
$input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $_POST["username{$x}"]);
}
}
}
}
if ($_POST['pppoeid'] && !is_numeric($_POST['pppoeid'])) {
$input_errors[] = gettext("Wrong data submitted");
$input_errors[] = gettext("A valid local network bit count must be specified.");
}
case "address":
if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) {
$input_errors[] = gettext("A valid local network IP address must be specified.");
} elseif (is_ipaddrv4($pconfig['localid_address']) && $pconfig['mode'] != "tunnel") {
$input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6");
} elseif (is_ipaddrv6($pconfig['localid_address']) && $pconfig['mode'] != "tunnel6") {
$input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4");
}
break;
}
/* Check if the localid_type is an interface, to confirm if it has a valid subnet. */
if (isset($config['interfaces'][$pconfig['localid_type']])) {
// Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201.
$address = get_interface_ip($pconfig['localid_type']);
$netbits = get_interface_subnet($pconfig['localid_type']);
if (empty($address) || empty($netbits)) {
$input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet.");
}
}
if (!empty($pconfig['natlocalid_address'])) {
switch ($pconfig['natlocalid_type']) {
case "network":
if ($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits'] || !is_numeric($pconfig['natlocalid_netbits'])) {
$input_errors[] = gettext("A valid NAT local network bit count must be specified.");
}
if ($pconfig['localid_type'] == "address") {
$input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source.");
}
// address rules also apply to network type (hence, no break)
$input_errors[] = sprintf(gettext("The IP address must lie in the %s subnet."), $ifcfgdescr);
}
if ($ipaddr_int == $lansubnet_start) {
$input_errors[] = sprintf(gettext("The IP address cannot be the %s network address."), $ifcfgdescr);
}
if ($ipaddr_int == $lansubnet_end) {
$input_errors[] = sprintf(gettext("The IP address cannot be the %s broadcast address."), $ifcfgdescr);
}
}
if ($_POST['gateway'] && !is_ipaddrv4($_POST['gateway'])) {
$input_errors[] = gettext("A valid IP address must be specified for the gateway.");
}
if ($_POST['wins1'] && !is_ipaddrv4($_POST['wins1']) || $_POST['wins2'] && !is_ipaddrv4($_POST['wins2'])) {
$input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers.");
}
$parent_ip = get_interface_ip($POST['if']);
if (is_ipaddrv4($parent_ip) && $_POST['gateway']) {
$parent_sn = get_interface_subnet($_POST['if']);
if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) {
$input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']);
}
}
if ($_POST['dns1'] && !is_ipaddrv4($_POST['dns1']) || $_POST['dns2'] && !is_ipaddrv4($_POST['dns2']) || $_POST['dns3'] && !is_ipaddrv4($_POST['dns3']) || $_POST['dns4'] && !is_ipaddrv4($_POST['dns4'])) {
$input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers.");
}
if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) {
$input_errors[] = gettext("The default lease time must be at least 60 seconds.");
}
if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || $_POST['maxtime'] < 60 || $_POST['maxtime'] <= $_POST['deftime'])) {
$input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time.");
}
} else {
/* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */
$_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac']));
$mac = $_POST['mac'];
$if = $_POST['interface'];
}
/* input validation */
if (!$mac || !is_macaddr($mac)) {
$input_errors[] = gettext("A valid MAC address must be specified.");
}
if (!$if) {
$input_errors[] = gettext("A valid interface must be specified.");
}
if (!$input_errors) {
/* determine broadcast address */
$ipaddr = get_interface_ip($if);
if (!is_ipaddr($ipaddr)) {
$input_errors[] = gettext("A valid ip could not be found!");
} else {
$bcip = gen_subnet_max($ipaddr, get_interface_subnet($if));
/* Execute wol command and check return code. */
if (!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) {
$savemsg .= sprintf(gettext("Sent magic packet to %s."), $mac);
} else {
$savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'), '<a href="/diag_logs.php">', '</a>', $mac, ".<br />");
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_wol[$_GET['id']]) {
