function getNasIP() { $nasIp = get_interface_ip(); if (!$nasIp) { $nasIp = "0.0.0.0"; } return $nasIp; }
function dyndnsCheckIP($int) { $ip_address = get_interface_ip($int); if (is_private_ip($ip_address)) { $hosttocheck = "checkip.dyndns.org"; $checkip = gethostbyname($hosttocheck); $ip_ch = curl_init("http://{$checkip}"); curl_setopt($ip_ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ip_ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ip_ch, CURLOPT_INTERFACE, $ip_address); $ip_result_page = curl_exec($ip_ch); curl_close($ip_ch); $ip_result_decoded = urldecode($ip_result_page); preg_match('=Current IP Address: (.*)</body>=siU', $ip_result_decoded, $matches); $ip_address = trim($matches[1]); } return $ip_address; }
/** * delete virtual ip */ function deleteVIPEntry($id) { global $config; $input_errors = array(); $a_vip =& $config['virtualip']['vip']; /* make sure no inbound NAT mappings reference this entry */ if (isset($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { if (!empty($rule['destination']['address'])) { if ($rule['destination']['address'] == $a_vip[$id]['subnet']) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping."); break; } } } } if (is_ipaddrv6($a_vip[$id]['subnet'])) { $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']); $if_subnet_bits = get_interface_subnetv6($a_vip[$id]['interface']); $if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$id]['interface']), $if_subnet_bits); } else { $is_ipv6 = false; $subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']); $if_subnet_bits = get_interface_subnet($a_vip[$id]['interface']); $if_subnet = gen_subnet(get_interface_ip($a_vip[$id]['interface']), $if_subnet_bits); } $subnet .= "/" . $a_vip[$id]['subnet_bits']; $if_subnet .= "/" . $if_subnet_bits; if (isset($config['gateways']['gateway_item'])) { foreach ($config['gateways']['gateway_item'] as $gateway) { if ($a_vip[$id]['interface'] != $gateway['interface']) { continue; } if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') { continue; } if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') { continue; } if (ip_in_subnet($gateway['gateway'], $if_subnet)) { continue; } if (ip_in_subnet($gateway['gateway'], $subnet)) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one Gateway."); break; } } } if ($a_vip[$id]['mode'] == "ipalias") { $subnet = gen_subnet($a_vip[$id]['subnet'], $a_vip[$id]['subnet_bits']) . "/" . $a_vip[$id]['subnet_bits']; $found_if = false; $found_carp = false; $found_other_alias = false; if ($subnet == $if_subnet) { $found_if = true; } $vipiface = $a_vip[$id]['interface']; foreach ($a_vip as $vip_id => $vip) { if ($vip_id != $id) { if ($vip['interface'] == $vipiface && ip_in_subnet($vip['subnet'], $subnet)) { if ($vip['mode'] == "carp") { $found_carp = true; } else { if ($vip['mode'] == "ipalias") { $found_other_alias = true; } } } } } if ($found_carp === true && $found_other_alias === false && $found_if === false) { $input_errors[] = gettext("This entry cannot be deleted because it is still referenced by a CARP IP with the description") . " {$vip['descr']}."; } } if (count($input_errors) == 0) { // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$id]['mode'] == "proxyarp") { $viface = $a_vip[$id]['interface']; unset($a_vip[$id]); interface_proxyarp_configure($viface); } else { interface_vip_bring_down($a_vip[$id]); unset($a_vip[$id]); } if (count($config['virtualip']['vip']) == 0) { unset($config['virtualip']['vip']); } } return $input_errors; }
</header> <div class="content-box-main col-xs-12"> <pre> <?php $useicmp = isset($_REQUEST['useicmp']) ? "-I" : ""; $n = isset($resolve) ? "" : "-n"; $command = "/usr/sbin/traceroute"; if ($ipproto == "ipv6") { $command .= "6"; $ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ipv6($sourceip); } else { $ifaddr = is_ipaddr($sourceip) ? $sourceip : get_interface_ip($sourceip); } if ($ifaddr && (is_ipaddr($host) || is_hostname($host))) $srcip = "-s " . escapeshellarg($ifaddr); $cmd = "{$command} {$n} {$srcip} -w 2 {$useicmp} -m " . escapeshellarg($ttl) . " " . escapeshellarg($host); //echo "Traceroute command: {$cmd}\n"; system($cmd); ?> </pre> </div> </div> </section>
} if (empty($_POST['password'])) { $input_errors[] = gettext("You must specify a CARP password that is shared between the two VHID members."); } if ($_POST['interface'] == 'lo0') { $input_errors[] = gettext("For this type of vip localhost is not allowed."); } else { if (strpos($_POST['interface'], '_vip')) { $input_errors[] = gettext("A CARP parent interface can only be used with IP Alias type Virtual IPs."); } } break; case 'ipalias': if (strstr($_POST['interface'], "_vip")) { if (is_ipaddrv4($_POST['subnet'])) { $parent_ip = get_interface_ip($_POST['interface']); $parent_sn = get_interface_subnet($_POST['interface']); $subnet = gen_subnet($parent_ip, $parent_sn); } else { if (is_ipaddrv6($_POST['subnet'])) { $parent_ip = get_interface_ipv6($_POST['interface']); $parent_sn = get_interface_subnetv6($_POST['interface']); $subnet = gen_subnetv6($parent_ip, $parent_sn); } } if (isset($parent_ip) && !ip_in_subnet($_POST['subnet'], "{$subnet}/{$parent_sn}") && !ip_in_interface_alias_subnet(link_carp_interface_to_parent($_POST['interface']), $_POST['subnet'])) { $cannot_find = $_POST['subnet'] . "/" . $_POST['subnet_bits']; $input_errors[] = sprintf(gettext("Sorry, we could not locate an interface with a matching subnet for %s. Please add an IP alias in this subnet on this interface."), $cannot_find); } unset($parent_ip, $parent_sn, $subnet); }
if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) { $input_errors[] = gettext("Number of L2TP users must be between 1 and 255"); } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } if (!$input_errors) { $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']); $subnet_start = ip2ulong($_POST['remoteip']); $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1; if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip("lan")) { $input_errors[] = gettext("The specified server address is equal to the LAN interface address."); } } } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } if (!$input_errors) { $l2tpcfg['remoteip'] = $_POST['remoteip']; $l2tpcfg['localip'] = $_POST['localip']; $l2tpcfg['l2tp_subnet'] = $_POST['l2tp_subnet']; $l2tpcfg['mode'] = $_POST['mode']; $l2tpcfg['interface'] = $_POST['interface'];
<tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?php echo gettext("Ping"); ?> "> </td> </tr> <tr> <td valign="top" colspan="2"> <? if ($do_ping) { echo "<font face='terminal' size='2'>"; echo "<strong>" . gettext("Ping output") . ":</strong><br>"; echo('<pre>'); $ifaddr = get_interface_ip($interface); if ($ifaddr) system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host)); else system("/sbin/ping -c$count " . escapeshellarg($host)); $ifaddr = get_interface_ipv6($interface); if ($ifaddr) system("/sbin/ping6 -S$ifaddr -c$count " . escapeshellarg($host)); else system("/sbin/ping6 -c$count " . escapeshellarg($host)); echo('</pre>'); } ?> </td> </tr>
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping."); break; } } } } if (is_ipaddrv6($a_vip[$_GET['id']]['subnet'])) { $is_ipv6 = true; $subnet = gen_subnetv6($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); $if_subnet_bits = get_interface_subnetv6($a_vip[$_GET['id']]['interface']); $if_subnet = gen_subnetv6(get_interface_ipv6($a_vip[$_GET['id']]['interface']), $if_subnet_bits); } else { $is_ipv6 = false; $subnet = gen_subnet($a_vip[$_GET['id']]['subnet'], $a_vip[$_GET['id']]['subnet_bits']); $if_subnet_bits = get_interface_subnet($a_vip[$_GET['id']]['interface']); $if_subnet = gen_subnet(get_interface_ip($a_vip[$_GET['id']]['interface']), $if_subnet_bits); } $subnet .= "/" . $a_vip[$_GET['id']]['subnet_bits']; $if_subnet .= "/" . $if_subnet_bits; if (is_array($config['gateways']['gateway_item'])) { foreach ($config['gateways']['gateway_item'] as $gateway) { if ($a_vip[$_GET['id']]['interface'] != $gateway['interface']) { continue; } if ($is_ipv6 && $gateway['ipprotocol'] == 'inet') { continue; } if (!$is_ipv6 && $gateway['ipprotocol'] == 'inet6') { continue; } if (ip_in_subnet($gateway['gateway'], $if_subnet)) {
$entered_remote = array(); $entered_remote['type'] = $pconfig['remoteid_type']; if (isset($pconfig['remoteid_address'])) { $entered_remote['address'] = $pconfig['remoteid_address']; } if (isset($pconfig['remoteid_netbits'])) { $entered_remote['netbits'] = $pconfig['remoteid_netbits']; } $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote, false, $pconfig['mode']); list($entered_remote_network, $entered_remote_mask) = explode('/', $entered_remoteid_data); if ($phase1['protocol'] == "inet6") { $if = get_failover_interface($phase1['interface'], "inet6"); $interfaceip = get_interface_ipv6($if); } else { $if = get_failover_interface($phase1['interface']); $interfaceip = get_interface_ip($if); } /* skip validation for hostnames, they're subject to change anyway */ if (is_ipaddr($phase1['remote-gateway'])) { if ($pconfig['mode'] == "tunnel") { if (check_subnets_overlap($interfaceip, 32, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 32, $entered_remote_network, $entered_remote_mask)) { $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1."); break; } } else { if ($pconfig['mode'] == "tunnel6") { if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) { $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1."); break; } }
$reqdfields = explode(" ", "name interface"); $reqdfieldsn = array(gettext("Name"), gettext("Interface")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (!isset($pconfig['name'])) { $input_errors[] = gettext("A valid gateway name must be specified."); } if (!is_validaliasname($pconfig['name'])) { $input_errors[] = gettext("The gateway name must not contain invalid characters."); } /* skip system gateways which have been automatically added */ if (!empty($pconfig['gateway']) && !is_ipaddr($pconfig['gateway']) && $pconfig['attribute'] !== "system" && $pconfig['gateway'] != "dynamic") { $input_errors[] = gettext("A valid gateway IP address must be specified."); } if (!empty($pconfig['gateway']) && is_ipaddr($pconfig['gateway']) && !isset($_REQUEST['isAjax'])) { if (is_ipaddrv4($pconfig['gateway'])) { $parent_ip = get_interface_ip($pconfig['interface']); $parent_sn = get_interface_subnet($pconfig['interface']); if (empty($parent_ip) || empty($parent_sn)) { $input_errors[] = gettext("Cannot add IPv4 Gateway Address because no IPv4 address could be found on the interface."); } else { $subnets = array(gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn); $vips = link_interface_to_vips($_POST['interface']); if (is_array($vips)) { foreach ($vips as $vip) { if (!is_ipaddrv4($vip['subnet'])) { continue; } $subnets[] = gen_subnet($vip['subnet'], $vip['subnet_bits']) . "/" . $vip['subnet_bits']; } } $found = false;
$ifaddr = get_interface_ipv6($sourceip); } } $nc_args .= " -6"; } else { switch ($ipprotocol) { case "ipv4": $ifaddr = get_interface_ip($sourceip); $nc_ipproto = " -4"; break; case "ipv6": $ifaddr = is_linklocal($sourceip) ? $sourceip : get_interface_ipv6($sourceip); $nc_ipproto = " -6"; break; case "any": $ifaddr = get_interface_ip($sourceip); $nc_ipproto = !empty($ifaddr) ? " -4" : ""; if (empty($ifaddr)) { $ifaddr = is_linklocal($sourceip) ? $sourceip : get_interface_ipv6($sourceip); $nc_ipproto = !empty($ifaddr) ? " -6" : ""; } break; } /* Netcat doesn't like it if we try to connect using a certain type of IP without specifying the family. */ if (!empty($ifaddr)) { $nc_args .= $nc_ipproto; } elseif ($sourceip == "any") { switch ($ipprotocol) { case "ipv4": $nc_ipproto = " -4"; break;
echo gettext("RADIUS options"); ?> </td> </tr> <tr> <td class="vncell" valign="top"><?php echo gettext("RADIUS NAS IP attribute"); ?> </td> <td> <select name="radiussrcip_attribute" id="radiussrcip_attribute"> <?php $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifdesc => $ifdescr) { $ipaddr = get_interface_ip($ifdesc); if (is_ipaddr($ipaddr)) { $selected = ""; if ($ifdesc == $pconfig['radiussrcip_attribute']) { $selected = "selected"; } echo "<option value='{$ifdesc}' {$selected}>{$ifdescr} - {$ipaddr}</option>\n"; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) {
function getCalledStationId() { return get_interface_ip() . ":" . getNasPort(); }
$resolvecounter = 0; $fields_array = array(); $pfblines = exec("/usr/local/sbin/clog {$filter_logfile} | /usr/bin/grep -c ^"); $fields_array = conv_log_filter_lite($filter_logfile, $pfblines, $pfblines, $pfbdenycnt, $pfbpermitcnt, $pfbmatchcnt); $continents = array('pfB_Africa', 'pfB_Antartica', 'pfB_Asia', 'pfB_Europe', 'pfB_NAmerica', 'pfB_Oceania', 'pfB_SAmerica', 'pfB_Top'); $supp_ip_txt = "Clicking this Suppression Icon, will immediately remove the Block.\n\nSuppressing a /32 CIDR is better than Suppressing the full /24"; $supp_ip_txt .= " CIDR.\nThe Host will be added to the pfBlockerNG Suppress Alias Table.\n\nOnly 32 or 24 CIDR IPs can be Suppressed with the '+' Icon."; $supp_ip_txt .= "\nTo manually add Host(s), edit the 'pfBlockerNGSuppress' Alias in the Alias Tab.\nManual entries will not remove existing Blocked Hosts"; // Array of all Local IPs for Alert Analysis $pfb_local = array(); $pfb_localsub = array(); // Collect Gateway IP Addresses for Inbound/Outbound List matching $int_gateway = get_interfaces_with_gateway(); if (is_array($int_gateway)) { foreach ($int_gateway as $gateway) { $convert = get_interface_ip($gateway); $pfb_local[] = $convert; } } // Collect Virtual IP Aliases for Inbound/Outbound List Matching if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $list) { if ($list['subnet'] != "" && $list['subnet_bits'] != "") { if ($list['subnet_bits'] >= 24) { $pfb_local = array_merge(subnetv4_expand("{$list['subnet']}/{$list['subnet_bits']}"), $pfb_local); } else { $pfb_localsub[] = "{$list['subnet']}/{$list['subnet_bits']}"; } } } }
</td> </tr> <tr> <td> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic">Stats example template</td> </tr> <tr> <td width="22%" valign="top" class="vncell">Example</td> <td class="vtable"> As an basic example you can use the link below to create a 'stats' frontend/backend page which offers with more options like setting user/password and 'admin mode' when you go to the backend settings.<br/> <a href="haproxy_stats.php?add_stats_example=1">TEMPLATE: Create stats example configuration using a frontend/backend combination with ssl</a><br/> <br/> After applying the changes made by the template use this link to visit the stats page: <a target="_blank" href="https://<?php echo get_interface_ip("lan"); ?> :444">https://pfSense-LAN-ip:444/</a> </td> </tr> <tr> <td> </td> </tr> <tr> <td colspan="2" valign="top" class="listtopic">HAProxy stick-tables</td> </tr> <tr> <td colspan="2" valign="top" class="vncell"> These tables are used to store information for session persistence and can be used with ssl-session-id information, application-cookies, or other information that is used to persist a user to a server. <table class="tabcont sortable" id="sortabletable" width="100%" cellspacing="0" cellpadding="6" border="0"> <head>
##|*IDENT=page-services-dhcprelay ##|*NAME=Services: DHCP Relay ##|*DESCR=Allow access to the 'Services: DHCP Relay' page. ##|*MATCH=services_dhcp_relay.php* ##|-PRIV require "guiconfig.inc"; require_once "filter.inc"; $pconfig['enable'] = isset($config['dhcrelay']['enable']); if (empty($config['dhcrelay']['interface'])) { $pconfig['interface'] = array(); } else { $pconfig['interface'] = explode(",", $config['dhcrelay']['interface']); } $pconfig['agentoption'] = isset($config['dhcrelay']['agentoption']); $iflist = array_intersect_key(get_configured_interface_with_descr(), array_flip(array_filter(array_keys(get_configured_interface_with_descr()), function ($if) { return is_ipaddr(get_interface_ip($if)); }))); /* set the enabled flag which will tell us if DHCP server is enabled * on any interface. We will use this to disable dhcp-relay since * the two are not compatible with each other. */ $dhcpd_enabled = false; if (is_array($config['dhcpd'])) { foreach ($config['dhcpd'] as $dhcpif => $dhcp) { if (isset($dhcp['enable']) && isset($config['interfaces'][$dhcpif]['enable'])) { $dhcpd_enabled = true; break; } } } if ($_POST) {
exit; } require "guiconfig.inc"; $if = $_GET['if']; if ($_POST['if']) { $if = $_POST['if']; } if (!$if) { header("Location: services_dhcp.php"); exit; } if (!is_array($config['dhcpd'][$if]['staticmap'])) { $config['dhcpd'][$if]['staticmap'] = array(); } $a_maps =& $config['dhcpd'][$if]['staticmap']; $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); $id = $_GET['id']; if (isset($_POST['id'])) { $id = $_POST['id']; } if (isset($id) && $a_maps[$id]) { $pconfig['mac'] = $a_maps[$id]['mac']; $pconfig['hostname'] = $a_maps[$id]['hostname']; $pconfig['ipaddr'] = $a_maps[$id]['ipaddr']; $pconfig['descr'] = base64_decode($a_maps[$id]['descr']); } else { $pconfig['mac'] = $_GET['mac']; $pconfig['hostname'] = $_GET['hostname']; $pconfig['descr'] = $_GET['descr'];
function build_radiusnas_list() { $list = array(); $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifdesc => $ifdescr) { $ipaddr = get_interface_ip($ifdesc); if (is_ipaddr($ipaddr)) { $list[$ifdescr] = $ifdescr . ' - ' . $ipaddr; } } if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $sn) { if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++) { $snip = long2ip32($start + $i); $list[$snip] = $sn['descr'] . ' - ' . $snip; } } else { $list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet']; } } } return $list; }
function build_interface_list() { global $pconfig; $iflist = array('options' => array(), 'selected' => array()); $interfaces = get_configured_interface_with_descr(); $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) { $interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) . ")"; } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasip] = $aliasip . " (" . get_vip_descr($aliasip) . ")"; } $size = count($interfaces) < 10 ? count($interfaces) : 10; foreach ($interfaces as $iface => $ifacename) { if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) { continue; } $iflist['options'][$iface] = $ifacename; if (in_array($iface, $pconfig['interface'])) { array_push($iflist['selected'], $iface); } } return $iflist; }
} ?> onClick="enable_change(false)"> <strong><?php printf(gettext("Enable DHCP relay on interface")); ?> </strong> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq">Interface(s)</td> <td width="78%" class="vtable"> <select id="interface" name="interface[]" multiple="true" class="formselect" size="3"> <?php foreach ($iflist as $ifent => $ifdesc) { if (!is_ipaddr(get_interface_ip($ifent))) { continue; } echo "<option value='{$ifent}'"; if (in_array($ifent, $pconfig['interface'])) { echo "selected"; } echo ">{$ifdesc}</option>\n"; } ?> </select> <br />Interfaces without an IP address will not be shown. </td> </tr> <tr> <td width="22%" valign="top" class="vtable"> </td>
function fixup_string($string) { global $config; // fixup #1: $myurl -> http[s]://ip_address:port/ $https = ""; $port = $config['system']['webguiport']; if ($port != "443" and $port != "80") { $urlport = ":" . $port; } else { $urlport = ""; } if ($config['system']['webgui']['protocol'] == "https") { $https = "s"; } $myurl = "http" . $https . "://" . getenv("HTTP_HOST") . $urlport; $newstring = str_replace("\$myurl", $myurl, $string); $string = $newstring; // fixup #2: $wanip $curwanip = get_interface_ip(); $newstring = str_replace("\$wanip", $curwanip, $string); $string = $newstring; // fixup #3: $lanip $lancfg = $config['interfaces']['lan']; $lanip = $lancfg['ipaddr']; $newstring = str_replace("\$lanip", $lanip, $string); $string = $newstring; // fixup #4: fix'r'up here. return $newstring; }
?> </td> <td> <?php echo htmlspecialchars($rfc2136['host']); ?> </td> <td> <?php $filename = "{$g['conf_path']}/dyndns_{$rfc2136['interface']}_rfc2136_" . escapeshellarg($rfc2136['host']) . "_{$rfc2136['server']}.cache"; if (file_exists($filename)) { print 'IPv4: '; if (isset($rfc2136['usepublicip'])) { $ipaddr = dyndnsCheckIP($rfc2136['interface']); } else { $ipaddr = get_interface_ip($rfc2136['interface']); } $cached_ip_s = explode("|", file_get_contents($filename)); $cached_ip = $cached_ip_s[0]; if ($ipaddr != $cached_ip) { print '<span class="text-danger">'; } else { print '<span class="text-success">'; } print htmlspecialchars($cached_ip); print '</span>'; } else { print 'IPv4: N/A'; } print '<br />'; if (file_exists("{$filename}.ipv6")) {
function fixup_string($string) { global $config, $g, $myurl, $title; $newstring = $string; // fixup #1: $myurl -> http[s]://ip_address:port/ switch ($config['system']['webgui']['protocol']) { case "http": $proto = "http"; break; case "https": $proto = "https"; break; default: $proto = "http"; break; } $port = $config['system']['webgui']['port']; if ($port != "") { if ($port == "443" and $proto != "https" or $port == "80" and $proto != "http") { $urlport = ":" . $port; } elseif ($port != "80" and $port != "443") { $urlport = ":" . $port; } else { $urlport = ""; } } $http_host = explode(":", $_SERVER['HTTP_HOST']); $http_host = $http_host[0]; $urlhost = $http_host; // If finishing the setup wizard, check if accessing on a LAN or WAN address that changed if ($title == "Reload in progress") { if (is_ipaddr($urlhost)) { $host_if = find_ip_interface($urlhost); if ($host_if) { $host_if = convert_real_interface_to_friendly_interface_name($host_if); if ($host_if && is_ipaddr($config['interfaces'][$host_if]['ipaddr'])) { $urlhost = $config['interfaces'][$host_if]['ipaddr']; } } } else { if ($urlhost == $config['system']['hostname']) { $urlhost = $config['wizardtemp']['system']['hostname']; } else { if ($urlhost == $config['system']['hostname'] . '.' . $config['system']['domain']) { $urlhost = $config['wizardtemp']['system']['hostname'] . '.' . $config['wizardtemp']['system']['domain']; } } } } if ($urlhost != $http_host) { file_put_contents("{$g['tmp_path']}/setupwizard_lastreferrer", $proto . "://" . $http_host . $urlport . $_SERVER['REQUEST_URI']); } $myurl = $proto . "://" . $urlhost . $urlport . "/"; if (strstr($newstring, "\$myurl")) { $newstring = str_replace("\$myurl", $myurl, $newstring); } // fixup #2: $wanip if (strstr($newstring, "\$wanip")) { $curwanip = get_interface_ip(); $newstring = str_replace("\$wanip", $curwanip, $newstring); } // fixup #3: $lanip if (strstr($newstring, "\$lanip")) { $lanip = get_interface_ip("lan"); $newstring = str_replace("\$lanip", $lanip, $newstring); } // fixup #4: fix'r'up here. return $newstring; }
$source = get_interface_ip('lan'); } else { if ($ph2ent['localid']['type'] == 'network') { $ip_interface = find_ip_interface($ph2ent['localid']['address'], $ph2ent['localid']['netbits']); if (!$ip_interface) { $ip_alias = find_virtual_ip_alias($ph2ent['localid']['address'], $ph2ent['localid']['netbits']); } } else { $ip_interface = find_ip_interface($ph2ent['localid']['address']); if (!$ip_interface) { $ip_alias = find_virtual_ip_alias($ph2ent['localid']['address']); } } } if ($ip_interface) { $source = get_interface_ip($ip_interface); } else { if ($ip_alias) { $source = $ip_alias['subnet']; } } ?> <?php if ($ph2ent['remoteid']['type'] != "mobile" && $icon != "pass" && $source != "") { ?> <center> <a href="diag_ipsec.php?act=connect&remoteid=<?php echo $ph2ent['remoteid']['address']; ?> &source=<?php echo $source;
} if (!empty($pconfig['autokey_enable'])) { $pconfig['shared_key'] = openvpn_create_key(); } // all input validators if (strpos($pconfig['interface'], '|') !== false) { list($iv_iface, $iv_ip) = explode("|", $pconfig['interface']); } else { $iv_iface = $pconfig['interface']; $iv_ip = null; } if (is_ipaddrv4($iv_ip) && stristr($pconfig['protocol'], "6") !== false) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv6 protocol and an IPv4 IP address."); } elseif (is_ipaddrv6($iv_ip) && stristr($pconfig['protocol'], "6") === false) { $input_errors[] = gettext("Protocol and IP address families do not match. You cannot select an IPv4 protocol and an IPv6 IP address."); } elseif (stristr($pconfig['protocol'], "6") === false && !get_interface_ip($iv_iface) && $pconfig['interface'] != "any") { $input_errors[] = gettext("An IPv4 protocol was selected, but the selected interface has no IPv4 address."); } elseif (stristr($pconfig['protocol'], "6") !== false && !get_interface_ipv6($iv_iface) && $pconfig['interface'] != "any") { $input_errors[] = gettext("An IPv6 protocol was selected, but the selected interface has no IPv6 address."); } if (empty($pconfig['authmode']) && ($pconfig['mode'] == "server_user" || $pconfig['mode'] == "server_tls_user")) { $input_errors[] = gettext("You must select a Backend for Authentication if the server mode requires User Auth."); } if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port')) { $input_errors[] = $result; } if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, "ipv4")) { $input_errors[] = $result; } if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { $input_errors[] = $result;
foreach ($carplist as $cif => $carpip) { $interfaces[$cif] = $carpip . " (" . get_vip_descr($carpip) . ")"; } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { $interfaces[$aliasip] = $aliasip . " (" . get_vip_descr($aliasip) . ")"; } $size = count($interfaces) < 10 ? count($interfaces) : 10; ?> <select id="interface" name="interface[]" multiple="multiple" class="formselect" size="<?php echo $size; ?> "> <?php foreach ($interfaces as $iface => $ifacename) { if (!is_ipaddr(get_interface_ip($iface)) && !is_ipaddr($iface)) { continue; } echo "<option value='{$iface}'"; if (is_array($pconfig['interface'])) { if (in_array($iface, $pconfig['interface'])) { echo " selected=\"selected\""; } } echo ">" . htmlspecialchars($ifacename) . "</option>\n"; } ?> </select> <br /> <br /><?php echo gettext("Interfaces without an IP address will not be shown.");
if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { $input_errors[] = gettext("A valid server address must be specified."); } if ($_POST['pppoe_subnet'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']); $subnet_start = ip2ulong($_POST['remoteip']); $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1; if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip($_POST['interface'])) { $input_errors[] = gettext("The specified server address is equal to an interface ip address."); } for ($x = 0; $x < 4999; $x++) { if ($_POST["username{$x}"]) { if (empty($_POST["password{$x}"])) { $input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]); } if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) { $input_errors[] = sprintf(gettext("Incorrect ip address specified for username %s"), $_POST["username{$x}"]); } } } } if ($_POST['pppoeid'] && !is_numeric($_POST['pppoeid'])) { $input_errors[] = gettext("Wrong data submitted");
$input_errors[] = gettext("A valid local network bit count must be specified."); } case "address": if (!$pconfig['localid_address'] || !is_ipaddr($pconfig['localid_address'])) { $input_errors[] = gettext("A valid local network IP address must be specified."); } elseif (is_ipaddrv4($pconfig['localid_address']) && $pconfig['mode'] != "tunnel") { $input_errors[] = gettext("A valid local network IPv4 address must be specified or you need to change Mode to IPv6"); } elseif (is_ipaddrv6($pconfig['localid_address']) && $pconfig['mode'] != "tunnel6") { $input_errors[] = gettext("A valid local network IPv6 address must be specified or you need to change Mode to IPv4"); } break; } /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ if (isset($config['interfaces'][$pconfig['localid_type']])) { // Don't let an empty subnet into racoon.conf, it can cause parse errors. Ticket #2201. $address = get_interface_ip($pconfig['localid_type']); $netbits = get_interface_subnet($pconfig['localid_type']); if (empty($address) || empty($netbits)) { $input_errors[] = gettext("Invalid Local Network.") . " " . convert_friendly_interface_to_friendly_descr($pconfig['localid_type']) . " " . gettext("has no subnet."); } } if (!empty($pconfig['natlocalid_address'])) { switch ($pconfig['natlocalid_type']) { case "network": if ($pconfig['natlocalid_netbits'] != 0 && !$pconfig['natlocalid_netbits'] || !is_numeric($pconfig['natlocalid_netbits'])) { $input_errors[] = gettext("A valid NAT local network bit count must be specified."); } if ($pconfig['localid_type'] == "address") { $input_errors[] = gettext("You cannot configure a network type address for NAT while only an address type is selected for local source."); } // address rules also apply to network type (hence, no break)
$input_errors[] = sprintf(gettext("The IP address must lie in the %s subnet."), $ifcfgdescr); } if ($ipaddr_int == $lansubnet_start) { $input_errors[] = sprintf(gettext("The IP address cannot be the %s network address."), $ifcfgdescr); } if ($ipaddr_int == $lansubnet_end) { $input_errors[] = sprintf(gettext("The IP address cannot be the %s broadcast address."), $ifcfgdescr); } } if ($_POST['gateway'] && !is_ipaddrv4($_POST['gateway'])) { $input_errors[] = gettext("A valid IP address must be specified for the gateway."); } if ($_POST['wins1'] && !is_ipaddrv4($_POST['wins1']) || $_POST['wins2'] && !is_ipaddrv4($_POST['wins2'])) { $input_errors[] = gettext("A valid IP address must be specified for the primary/secondary WINS servers."); } $parent_ip = get_interface_ip($POST['if']); if (is_ipaddrv4($parent_ip) && $_POST['gateway']) { $parent_sn = get_interface_subnet($_POST['if']); if (!ip_in_subnet($_POST['gateway'], gen_subnet($parent_ip, $parent_sn) . "/" . $parent_sn) && !ip_in_interface_alias_subnet($_POST['if'], $_POST['gateway'])) { $input_errors[] = sprintf(gettext("The gateway address %s does not lie within the chosen interface's subnet."), $_POST['gateway']); } } if ($_POST['dns1'] && !is_ipaddrv4($_POST['dns1']) || $_POST['dns2'] && !is_ipaddrv4($_POST['dns2']) || $_POST['dns3'] && !is_ipaddrv4($_POST['dns3']) || $_POST['dns4'] && !is_ipaddrv4($_POST['dns4'])) { $input_errors[] = gettext("A valid IP address must be specified for each of the DNS servers."); } if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || $_POST['deftime'] < 60)) { $input_errors[] = gettext("The default lease time must be at least 60 seconds."); } if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || $_POST['maxtime'] < 60 || $_POST['maxtime'] <= $_POST['deftime'])) { $input_errors[] = gettext("The maximum lease time must be at least 60 seconds and higher than the default lease time."); }
} else { /* normalize MAC addresses - lowercase and convert Windows-ized hyphenated MACs to colon delimited */ $_POST['mac'] = strtolower(str_replace("-", ":", $_POST['mac'])); $mac = $_POST['mac']; $if = $_POST['interface']; } /* input validation */ if (!$mac || !is_macaddr($mac)) { $input_errors[] = gettext("A valid MAC address must be specified."); } if (!$if) { $input_errors[] = gettext("A valid interface must be specified."); } if (!$input_errors) { /* determine broadcast address */ $ipaddr = get_interface_ip($if); if (!is_ipaddr($ipaddr)) { $input_errors[] = gettext("A valid ip could not be found!"); } else { $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ if (!mwexec("/usr/local/bin/wol -i {$bcip} " . escapeshellarg($mac))) { $savemsg .= sprintf(gettext("Sent magic packet to %s."), $mac); } else { $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'), '<a href="/diag_logs.php">', '</a>', $mac, ".<br />"); } } } } if ($_GET['act'] == "del") { if ($a_wol[$_GET['id']]) {