Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius: PPTP - RADIUS and client IP address

    Scheduled Pinned Locked Moved pfSense Packages
    68 Posts 14 Posters 65.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sbyoon
      last edited by

      I will send the files to your e-mail. And I'v made user based Simultaneous-Use fuction.

      radius2.jpg
      radius2.jpg_thumb
      radius1.jpg
      radius1.jpg_thumb
      radius2.jpg_thumb
      radius1.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • J
        jeroen234
        last edited by

        got them thanks

        [edit]

        this is what i have working now:
        Expiration , Session-Timeout , Onlinetime

        user file:
        john User-Password == "doe", Simultaneous-Use += 1, Expiration := "101020081010"

        Framed-IP-Address = 10.10.10.10,
                Login-Time := "Any0800-2000",

        jeroen234 User-Password == "jeroen234", Simultaneous-Use += 1, Expiration := "121220071010"

        joop User-Password == "joop", Simultaneous-Use += 1, Expiration := "201020081010"

        sint User-Password == "sint", Simultaneous-Use += 1

        Session-Timeout := 500,

        1 Reply Last reply Reply Quote 0
        • S
          sbyoon
          last edited by

          Dear Jeroen,

          It looks so good. Pfsense will have the strong radius server functions.

          Dear Hoba,

          As I mentioned before, we need some modifictions on pfsense's pptp so that it uses the reply from radius server for assigning the ip address from radius server to pptp users. The files involved in it are vpn.inc and vpn_pptp.php. I'm posting my new files here for your information.

          vpn.inc

          /*
          	vpn.inc
          	Copyright (C) 2004-2006 Scott Ullrich
          	All rights reserved.
          
          	originally part of m0n0wall (http://m0n0.ch/wall)
          	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
          	All rights reserved.
          
          	Redistribution and use in source and binary forms, with or without
          	modification, are permitted provided that the following conditions are met:
          
          	1\. Redistributions of source code must retain the above copyright notice,
          	   this list of conditions and the following disclaimer.
          
          	2\. Redistributions in binary form must reproduce the above copyright
          	   notice, this list of conditions and the following disclaimer in the
          	   documentation and/or other materials provided with the distribution.
          
          	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
          	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
          	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
          	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
          	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
          	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
          	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
          	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
          	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
          	POSSIBILITY OF SUCH DAMAGE.
          */
          
          /* include all configuration functions */
          require_once("functions.inc");
          
          /* master setup for vpn (mpd) */
          function vpn_setup() {
          	/* start pptpd */
          	vpn_pptpd_configure();
          
          	/* start pppoe server */
          	vpn_pppoe_configure();
          }
          
          function vpn_ipsec_failover_configure() {
          	global $config, $g;
          
          	$sasyncd_text = "";
          
          	if($config['installedpackages']['sasyncd']['config'] <> "")
          		foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
          			$enabled = isset($sasyncd['enable']);
          			if(!$enabled)
          				return;
          			if($sasyncd['peerip'] <> "")
          				$sasyncd_text .= "peer {$sasyncd['peerip']}\n";
          			if($sasyncd['interface'])
          				$sasyncd_text .= "carp interface {$sasyncd['interface']}\n";
          			if($sasyncd['sharedkey'] <> "")
          				$sasyncd_text .= "sharedkey {$sasyncd['sharedkey']}\n";
          			if($sasyncd['mode'] <> "")
          				$sasyncd_text .= "mode {$sasyncd['mode']}\n";
          			if($sasyncd['listenon'] <> "")
          				$sasyncd_text .= "listen on {$sasyncd['listenon']}\n";
          			if($sasyncd['flushmodesync'] <> "")
          				$sasyncd_text .= "flushmode sync {$sasyncd['flushmodesync']}\n";
          		}
          
          	$fd = fopen("{$g['varetc_path']}/sasyncd.conf", "w");
          	fwrite($fd, $sasyncd_text);
          	fclose($fd);
          	chmod("{$g['varetc_path']}/sasyncd.conf", 0600);
          
          	mwexec("killall sasyncd");
          
          	/* launch sasyncd, oh wise one */
          	/* mwexec_bg("/usr/local/sbin/sasyncd -d -v -v -v"); */
          }
          
          function find_last_gif_device() {
          	 	$regs = "";
                  $last_gif_found = -1;
                  if (!($fp = popen("/sbin/ifconfig -l", "r"))) return -1;
                  $ifconfig_data = fread($fp, 4096);
                  pclose($fp);
                  $ifconfig_array = split(" ", $ifconfig_data);
                  foreach ($ifconfig_array as $ifconfig) {
                          ereg("gif(.)", $ifconfig, $regs);
                          if($regs[0]) {
                                  if($regs[0] > $last_gif_found)
                                          $last_gif_found = $regs[1];
                          }
                  }
                  return $last_gif_found;
          }
          
          function vpn_ipsec_configure($ipchg = false) {
          	global $config, $g, $sa, $sn;
          
          	/* get the automatic /etc/ping_hosts.sh ready */
          	unlink_if_exists("/var/db/ipsecpinghosts");
          	touch("/var/db/ipsecpinghosts");
          
          	if($g['booting'] == true) {
          		/* determine if we should load the via padlock module */
          		$dmesg_boot = `cat /var/log/dmesg.boot | grep CPU`;
          		if(stristr($dmesg_boot, "ACE") == true) {
          			//echo "Enabling [VIA Padlock] ...";
          			//mwexec("/sbin/kldload padlock");
          			//mwexec("/sbin/sysctl net.inet.ipsec.crypto_support=1");
          			//mwexec("/sbin/setkey -F");
          			//mwexec("/sbin/setkey -FP");
          			//echo " done.\n";
          		}
          	}
          
          	if(isset($config['ipsec']['preferredoldsa'])) {
          		mwexec("/sbin/sysctl net.key.preferred_oldsa=0");
          	} else {
          		mwexec("/sbin/sysctl -w net.key.preferred_oldsa=-30");
          	}
          
          	$number_of_gifs = find_last_gif_device();
          	for($x=0; $x<$number_of_gifs; $x++) {
          		mwexec("/sbin/ifconfig gif" . $x . " delete");
          	}
          
          	$curwanip = get_current_wan_address();
          	if($config['installedpackages']['sasyncd']['config'] <> "")
          		foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
          			if($sasyncd['ip'] <> "")
          				$curwanip = $sasyncd['ip'];
          		}
          
          	$syscfg = $config['system'];
          	$ipseccfg = $config['ipsec'];
          	$lancfg = $config['interfaces']['lan'];
          	$lanip = $lancfg['ipaddr'];
          	$lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
          	$lansn = $lancfg['subnet'];
          
          	if ($g['booting']) {
          		if (!isset($ipseccfg['enable']))
          			return 0;
          
          		echo "Configuring IPsec VPN... ";
          	} else {
          		/* kill racoon */
          		mwexec("/usr/bin/killall racoon");
          
          		/* wait for process to die */
          		sleep(2);
          
          		/* send a SIGKILL to be sure */
          		sigkillbypid("{$g['varrun_path']}/racoon.pid", "KILL");
          	}
          
          	/* flush SPD and SAD */
          	mwexec("/sbin/setkey -FP");
          	mwexec("/sbin/setkey -F");
          
          	if (isset($ipseccfg['enable'])) {
          
          		/* fastforwarding is not compatible with ipsec tunnels */
          		system("/sbin/sysctl net.inet.ip.fastforwarding=0 >/dev/null 2>&1");
          
          		if (!$curwanip) {
          			/* IP address not configured yet, exit */
          			if ($g['booting'])
          				echo "done\n";
          			return 0;
          		}
          
          		if ((is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) ||
          				isset($ipseccfg['mobileclients']['enable'])) {
          
          			if (is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel'])) {
          
          				/* generate spd.conf */
          				$fd = fopen("{$g['varetc_path']}/spd.conf", "w");
          				if (!$fd) {
          					printf("Error: cannot open spd.conf in vpn_ipsec_configure().\n");
          					return 1;
          				}
          
          				$spdconf = "";
          
          				$spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n";
          				$spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n";
          
          				foreach ($ipseccfg['tunnel'] as $tunnel) {
          
          					if (isset($tunnel['disabled']))
          						continue;
          
          					$ep = vpn_endpoint_determine($tunnel, $curwanip);
          					if (!$ep)
          						continue;
          
          					vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn);
          
          					if(is_domain($tunnel['remote-gateway'])) {
          						$tmp = gethostbyname($tunnel['remote-gateway']);
          						if($tmp)
          							$tunnel['remote-gateway'] = $tmp;
          					}
          
          					/* add entry to host pinger */
          					if($tunnel['pinghost']) {
          						$pfd = fopen("/var/db/ipsecpinghosts","a");
          						$srcip = find_interface_ip($config['interfaces']['lan']['if']);
          						$dstip = $tunnel['pinghost'];
          						fwrite($pfd, "$srcip|$dstip|3\n");
          						fclose($pfd);
          					}
          
          					if(isset($tunnel['creategif'])) {
          						$number_of_gifs = find_last_gif_device();
          						$number_of_gifs++;
          						$curwanip = get_current_wan_address();
          						if($config['installedpackages']['sasyncd']['config'] <> "")
          							foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
          								if($sasyncd['ip'] <> "")
          									$curwanip = $sasyncd['ip'];
          							}
          						mwexec("/sbin/ifconfig gif" . $number_of_gifs . " tunnel" . $curwanip . " " . $tunnel['remote-gateway']);
          						mwexec("/sbin/ifconfig gif" . $number_of_gifs . " {$lansa}/{$lansn} {$lanip}/32");
          					}
          
          					$spdconf .= "spdadd {$sa}/{$sn} " .
          						"{$tunnel['remote-subnet']} any -P out ipsec " .
          						"{$tunnel['p2']['protocol']}/tunnel/{$ep}-" .
          						"{$tunnel['remote-gateway']}/unique;\n";
          
          					$spdconf .= "spdadd {$tunnel['remote-subnet']} " .
          						"{$sa}/{$sn} any -P in ipsec " .
          						"{$tunnel['p2']['protocol']}/tunnel/{$tunnel['remote-gateway']}-" .
          						"{$ep}/unique;\n";
          				}
          
          				fwrite($fd, $spdconf);
          				fclose($fd);
          
          				/* load SPD */
          				mwexec("/sbin/setkey -c < {$g['varetc_path']}/spd.conf");
          			}
          
          			/* generate racoon.conf */
          			$fd = fopen("{$g['varetc_path']}/racoon.conf", "w");
          			if (!$fd) {
          				printf("Error: cannot open racoon.conf in vpn_ipsec_configure().\n");
          				return 1;
          			}
          
          			$racoonconf = "";
          
          	if($config['installedpackages']['sasyncd']['config'] <> "")
          		foreach($config['installedpackages']['sasyncd']['config'] as $sasyncd) {
          			if($sasyncd['ip'] <> "")
          				$curwanip = $sasyncd['ip'];
          				/* natt - turn on if <developer> exists */
          				if(isset($config['system']['developer']) <> "") {
          					$lanip = $config['interfaces']['lan']['ipaddr'];
          					if($lanip <> "")
          						$natt = "isakmp_natt {$lanip}[4500];\n";
          
          				}
          				$interface_ip = $sasyncd['ip'];
          				$racoonconf .= <<<eod<br>listen {
          	isakmp {$interface_ip} [500];
          	{$natt}
          }
          
          EOD;
          			}
          
          			$racoonconf .= "path pre_shared_key \"{$g['varetc_path']}/psk.txt\";\n\n";
          			$racoonconf .= "path certificate  \"{$g['varetc_path']}\";\n\n";
          
          			/* generate CA certificates files */
          			$cacertnum = 0;
          			if (is_array($ipseccfg['cacert']) && count($ipseccfg['cacert']))
          				foreach ($ipseccfg['cacert'] as $cacert) {
          					++$cacertnum;
          					if (isset($cacert['cert'])) {
          						$cert = base64_decode($cacert['cert']);
          						$x509cert = openssl_x509_parse(openssl_x509_read($cert));
          						if(is_array($x509cert) && isset($x509cert['hash'])) {
          							$fd1 = fopen("{$g['varetc_path']}/{$x509cert['hash']}.0", "w");
          							if (!$fd1) {
          								printf("Error: cannot open {$x509cert['hash']}.0 in vpn.\n");
          								return 1;
          							}
          							chmod("{$g['varetc_path']}/{$x509cert['hash']}.0", 0600);
          							fwrite($fd1, $cert);
          							fclose($fd1);
          						}
          					}
          				}
          
          			$tunnelnumber = 0;
          			if (is_array($ipseccfg['tunnel']) && count($ipseccfg['tunnel']))
          				foreach ($ipseccfg['tunnel'] as $tunnel) {
          
          				++$tunnelnumber;
          
          				if (isset($tunnel['disabled']))
          					continue;
          
          				$ep = vpn_endpoint_determine($tunnel, $curwanip);
          				if (!$ep)
          					continue;
          
          				vpn_localnet_determine($tunnel['local-subnet'], $sa, $sn);
          
          				if (isset($tunnel['p1']['myident']['myaddress'])) {
          					$myidentt = "address";
          					$myident = $ep;
          				} else if (isset($tunnel['p1']['myident']['address'])) {
          					$myidentt = "address";
          					$myident = $tunnel['p1']['myident']['address'];
          				} else if (isset($tunnel['p1']['myident']['fqdn'])) {
          					$myidentt = "fqdn";
          					$myident = $tunnel['p1']['myident']['fqdn'];
          				} else if (isset($tunnel['p1']['myident']['ufqdn'])) {
          					$myidentt = "user_fqdn";
          					$myident = $tunnel['p1']['myident']['ufqdn'];
           				} else if (isset($tunnel['p1']['myident']['dyn_dns'])) {
          					$myidentt = "dyn_dns";
          					$myident = gethostbyname($tunnel['p1']['myident']['dyn_dns']);
           				}
          
          				if (isset($tunnel['p1']['authentication_method'])) {
          					$authmethod = $tunnel['p1']['authentication_method'];
          				} else {$authmethod = 'pre_shared_key';}
          
          				$certline = '';
          
          				if ($authmethod == 'rsasig') {
          					if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) {
          						$cert = base64_decode($tunnel['p1']['cert']);
          						$private_key = base64_decode($tunnel['p1']['private-key']);
          					} else {
          						/* null certificate/key */
          						$cert = '';
          						$private_key = '';
          					}
          
          					if ($tunnel['p1']['peercert'])
          						$peercert = base64_decode($tunnel['p1']['peercert']);
          					else
          						$peercert = '';
          
          					$fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", "w");
          					if (!$fd1) {
          						printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n");
          						return 1;
          					}
          					chmod("{$g['varetc_path']}/server{$tunnelnumber}-signed.pem", 0600);
          					fwrite($fd1, $cert);
          					fclose($fd1);
          
          					$fd1 = fopen("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", "w");
          					if (!$fd1) {
          						printf("Error: cannot open server{$tunnelnumber}-key.pem in vpn.\n");
          						return 1;
          					}
          					chmod("{$g['varetc_path']}/server{$tunnelnumber}-key.pem", 0600);
          					fwrite($fd1, $private_key);
          					fclose($fd1);
          
          					$certline = "certificate_type x509 \"server{$tunnelnumber}-signed.pem\" \"server{$tunnelnumber}-key.pem\";";
          
          					if ($peercert!=''){
          						$fd1 = fopen("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", "w");
          						if (!$fd1) {
          							printf("Error: cannot open server{$tunnelnumber}-signed.pem in vpn.\n");
          							return 1;
          						}
          						chmod("{$g['varetc_path']}/peer{$tunnelnumber}-signed.pem", 0600);
          						fwrite($fd1, $peercert);
          						fclose($fd1);
          						$certline .= << <eod<br>peers_certfile "peer{$tunnelnumber}-signed.pem";
          EOD;
          					}
          				}
          				$racoonconf .= <<<eod<br>remote {$tunnel['remote-gateway']} \{
          	exchange_mode {$tunnel['p1']['mode']};
          	my_identifier {$myidentt} "{$myident}";
          	{$certline}
          	peers_identifier address {$tunnel['remote-gateway']};
          	initial_contact on;
          	support_proxy on;
          	proposal_check obey;
          
          	proposal \{
          		encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
          		hash_algorithm {$tunnel['p1']['hash-algorithm']};
          		authentication_method {$authmethod};
          		dh_group {$tunnel['p1']['dhgroup']};
          
          EOD;
          				if ($tunnel['p1']['lifetime'])
          					$racoonconf .= "		lifetime time {$tunnel['p1']['lifetime']} secs;\n";
          
          				$racoonconf .= "	}\n";
          
          				if ($tunnel['p1']['lifetime'])
          					$racoonconf .= "	lifetime time {$tunnel['p1']['lifetime']} secs;\n";
          
          				$racoonconf .= "}\n\n";
          
          				$p2ealgos = join(",", $tunnel['p2']['encryption-algorithm-option']);
          				$p2halgos = join(",", $tunnel['p2']['hash-algorithm-option']);
          
          				$racoonconf .= <<<eod<br>sainfo address {$sa}/{$sn} any address {$tunnel['remote-subnet']} any \{
          	encryption_algorithm {$p2ealgos};
          	authentication_algorithm {$p2halgos};
          	compression_algorithm deflate;
          
          EOD;
          
          				if ($tunnel['p2']['pfsgroup'])
          					$racoonconf .= "	pfs_group {$tunnel['p2']['pfsgroup']};\n";
          
          				if ($tunnel['p2']['lifetime'])
          					$racoonconf .= "	lifetime time {$tunnel['p2']['lifetime']} secs;\n";
          
          				$racoonconf .= "}\n\n";
          			}
          
          			/* mobile clients? */
          			if (isset($ipseccfg['mobileclients']['enable'])) {
          
          				$tunnel = $ipseccfg['mobileclients'];
          
          				if (isset($tunnel['p1']['myident']['myaddress'])) {
          					$myidentt = "address";
          					$myident = $curwanip;
          				} else if (isset($tunnel['p1']['myident']['address'])) {
          					$myidentt = "address";
          					$myident = $tunnel['p1']['myident']['address'];
          				} else if (isset($tunnel['p1']['myident']['fqdn'])) {
          					$myidentt = "fqdn";
          					$myident = $tunnel['p1']['myident']['fqdn'];
          				} else if (isset($tunnel['p1']['myident']['ufqdn'])) {
          					$myidentt = "user_fqdn";
          					$myident = $tunnel['p1']['myident']['ufqdn'];
           				}
          
          				if (isset($tunnel['p1']['authentication_method'])) {
          					$authmethod = $tunnel['p1']['authentication_method'];
          				} else {$authmethod = 'pre_shared_key';}
          
          				$certline = '';
          				if ($authmethod == 'rsasig') {
          					if ($tunnel['p1']['cert'] && $tunnel['p1']['private-key']) {
          						$cert = base64_decode($tunnel['p1']['cert']);
          						$private_key = base64_decode($tunnel['p1']['private-key']);
          					} else {
          						/* null certificate/key */
          						$cert = '';
          						$private_key = '';
          					}
          
          					if ($tunnel['p1']['peercert'])
          						$peercert = base64_decode($tunnel['p1']['peercert']);
          					else
          						$peercert = '';
          
          					$fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", "w");
          					if (!$fd1) {
          						printf("Error: cannot open server-mobile{$tunnelnumber}-signed.pem in vpn.\n");
          						return 1;
          					}
          					chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-signed.pem", 0600);
          					fwrite($fd1, $cert);
          					fclose($fd1);
          
          					$fd1 = fopen("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", "w");
          					if (!$fd1) {
          						printf("Error: cannot open server-mobile{$tunnelnumber}-key.pem in vpn.\n");
          						return 1;
          					}
          					chmod("{$g['varetc_path']}/server-mobile{$tunnelnumber}-key.pem", 0600);
          					fwrite($fd1, $private_key);
          					fclose($fd1);
          
          					$certline = "certificate_type x509 \"server-mobile{$tunnelnumber}-signed.pem\" \"server-mobile{$tunnelnumber}-key.pem\";";
          				}
          				$racoonconf .= <<<eod<br>remote anonymous \{
          	exchange_mode {$tunnel['p1']['mode']};
          	my_identifier {$myidentt} "{$myident}";
          	{$certline}
          	initial_contact on;
          	passive on;
          	generate_policy on;
          	support_proxy on;
          	proposal_check obey;
          
          	proposal \{
          		encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
          		hash_algorithm {$tunnel['p1']['hash-algorithm']};
          		authentication_method {$authmethod};
          		dh_group {$tunnel['p1']['dhgroup']};
          
          EOD;
          				if ($tunnel['p1']['lifetime'])
          					$racoonconf .= "		lifetime time {$tunnel['p1']['lifetime']} secs;\n";
          
          				$racoonconf .= "	}\n";
          
          				if ($tunnel['p1']['lifetime'])
          					$racoonconf .= "	lifetime time {$tunnel['p1']['lifetime']} secs;\n";
          
          				$racoonconf .= "}\n\n";
          
          				$p2ealgos = join(",", $tunnel['p2']['encryption-algorithm-option']);
          				$p2halgos = join(",", $tunnel['p2']['hash-algorithm-option']);
          
          				$racoonconf .= <<<eod<br>sainfo anonymous \{
          	encryption_algorithm {$p2ealgos};
          	authentication_algorithm {$p2halgos};
          	compression_algorithm deflate;
          
          EOD;
          
          				if ($tunnel['p2']['pfsgroup'])
          					$racoonconf .= "	pfs_group {$tunnel['p2']['pfsgroup']};\n";
          
          				if ($tunnel['p2']['lifetime'])
          					$racoonconf .= "	lifetime time {$tunnel['p2']['lifetime']} secs;\n";
          
          				$racoonconf .= "}\n\n";
          			}
          
          			fwrite($fd, $racoonconf);
          			fclose($fd);
          
          			/* generate psk.txt */
          			$fd = fopen("{$g['varetc_path']}/psk.txt", "w");
          			if (!$fd) {
          				printf("Error: cannot open psk.txt in vpn_ipsec_configure().\n");
          				return 1;
          			}
          
          			$pskconf = "";
          
          			if (is_array($ipseccfg['tunnel'])) {
          				foreach ($ipseccfg['tunnel'] as $tunnel) {
          					if (isset($tunnel['disabled']))
          						continue;
          					$pskconf .= "{$tunnel['remote-gateway']}	 {$tunnel['p1']['pre-shared-key']}\n";
          				}
          			}
          
          			/* add PSKs for mobile clients */
          			if (is_array($ipseccfg['mobilekey'])) {
          				foreach ($ipseccfg['mobilekey'] as $key) {
          					$pskconf .= "{$key['ident']}	{$key['pre-shared-key']}\n";
          				}
          			}
          
          			fwrite($fd, $pskconf);
          			fclose($fd);
          			chmod("{$g['varetc_path']}/psk.txt", 0600);
          
          			/* start racoon */
          			mwexec("/usr/local/sbin/racoon -f {$g['varetc_path']}/racoon.conf");
          		}
          	}
          
          	vpn_ipsec_failover_configure();
          
          	if (!$g['booting']) {
          		/* reload the filter */
          		touch("{$g["tmp_path"]}/filter_dirty");
          	}
          
          	if ($g['booting'])
          		echo "done\n";
          
          	return 0;
          }
          
          function vpn_pptpd_configure() {
          	global $config, $g;
          
          	$syscfg = $config['system'];
          	$pptpdcfg = $config['pptpd'];
          
          	if ($g['booting']) {
          		if (!$pptpdcfg['mode'] || ($pptpdcfg['mode'] == "off"))
          			return 0;
          
          		echo "Configuring PPTP VPN service... ";
          	} else {
          		/* kill mpd */
          		killbypid("{$g['varrun_path']}/mpd-vpn.pid");
          
          		/* wait for process to die */
          		sleep(3);
          
          		if(is_process_running("mpd -b")) {
          			killbypid("{$g['varrun_path']}/mpd-vpn.pid");
          			log_error("Could not kill mpd within 3 seconds.   Trying again.");
          		}
          
          		/* remove mpd.conf, if it exists */
          		unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.conf");
          		unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.links");
          		unlink_if_exists("{$g['varetc_path']}/mpd-vpn/mpd.secret");
          	}
          
          	/* make sure mpd-vpn directory exists */
          	if (!file_exists("{$g['varetc_path']}/mpd-vpn"))
          		mkdir("{$g['varetc_path']}/mpd-vpn");
          
          	switch ($pptpdcfg['mode']) {
          
          		case 'server':
          
          			/* write mpd.conf */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "w");
          			if (!$fd) {
          				printf("Error: cannot open mpd.conf in vpn_pptpd_configure().\n");
          				return 1;
          			}
          
          			$mpdconf = <<<eod<br>pptpd:
          
          EOD;
          
          			for ($i = 0; $i < $g['n_pptp_units']; $i++) {
          				$mpdconf .= "	load pt{$i}\n";
          			}
          
          			for ($i = 0; $i < $g['n_pptp_units']; $i++) {
          
          				$clientip = long2ip(ip2long($pptpdcfg['remoteip']) + $i);
          				$ngif = "ng" . ($i+1);
          
          				if(isset($pptpdcfg['radius']['radiusissueips']) && isset($pptpdcfg['radius']['enable'])) {
          					$isssue_ip_type = "set ipcp ranges {$pptpdcfg['localip']}/32 0.0.0.0/0";
          					$isssue_ip_type .="\n\tset ipcp yes radius-ip";
          				} else {
          					$isssue_ip_type = "set ipcp ranges {$pptpdcfg['localip']}/32 {$clientip}/32";
          				}
          
          				$mpdconf .= << <eod<br>pt{$i}:
          	new -i {$ngif} pt{$i} pt{$i}
          	{$isssue_ip_type}
          	load pts
          
          EOD;
          			}
          
          			$mpdconf .= << <eod<br>pts:
          	set iface disable on-demand
          	set iface enable proxy-arp
          	set iface enable tcpmssfix
          	set iface idle 1800
          	set iface up-script /usr/local/sbin/vpn-linkup
          	set iface down-script /usr/local/sbin/vpn-linkdown
          	set bundle enable multilink
          	set bundle enable crypt-reqd
          	set link yes acfcomp protocomp
          	set link no pap chap
          	set link enable chap-msv2
          	set link mtu 1460
          	set link keep-alive 10 60
          	set ipcp yes vjcomp
          	set bundle enable compression
          	set ccp yes mppc
          	set ccp yes mpp-e128
          	set ccp yes mpp-stateless
          
          EOD;
          
          			if (!isset($pptpdcfg['req128'])) {
          				$mpdconf .= << <eod<br>set ccp yes mpp-e40
          	set ccp yes mpp-e56
          
          EOD;
          			}
          
          			if (is_array($pptpdcfg['dnsserver']) && ($pptpdcfg['dnsserver'][0])) {
          				$mpdconf .= "	set ipcp dns " . join(" ", $pptpdcfg['dnsserver']) . "\n";
          			} else if (isset($config['dnsmasq']['enable'])) {
          				$mpdconf .= "	set ipcp dns " . $config['interfaces']['lan']['ipaddr'];
          				if ($syscfg['dnsserver'][0])
          					$mpdconf .= " " . $syscfg['dnsserver'][0];
          				$mpdconf .= "\n";
          			} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
          				$mpdconf .= "	set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
          			}
          
          			if (isset($pptpdcfg['radius']['enable'])) {
          				$mpdconf .= << <eod<br>set radius server {$pptpdcfg['radius']['server']} "{$pptpdcfg['radius']['secret']}"
          	set radius retries 3
          	set radius timeout 10
          	set bundle enable radius-auth
          	set bundle disable radius-fallback
          
          EOD;
          
          				if (isset($pptpdcfg['radius']['accounting'])) {
          					$mpdconf .= << <eod<br>set bundle enable radius-acct
          
          EOD;
          				}
          			}
          
          			fwrite($fd, $mpdconf);
          			fclose($fd);
          
          			/* write mpd.links */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "w");
          			if (!$fd) {
          				printf("Error: cannot open mpd.links in vpn_pptpd_configure().\n");
          				return 1;
          			}
          
          			$mpdlinks = "";
          
          			for ($i = 0; $i < $g['n_pptp_units']; $i++) {
          				$mpdlinks .= << <eod<br>pt{$i}:
          	set link type pptp
          	set pptp enable incoming
          	set pptp disable originate
          	set pptp disable windowing
          	set pptp self 127.0.0.1
          
          EOD;
          			}
          
          			fwrite($fd, $mpdlinks);
          			fclose($fd);
          
          			/* write mpd.secret */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "w");
          			if (!$fd) {
          				printf("Error: cannot open mpd.secret in vpn_pptpd_configure().\n");
          				return 1;
          			}
          
          			$mpdsecret = "";
          
          			if (is_array($pptpdcfg['user'])) {
          				foreach ($pptpdcfg['user'] as $user)
          					$mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
          			}
          
          			fwrite($fd, $mpdsecret);
          			fclose($fd);
          			chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600);
          
          			/* fire up mpd */
          			mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pptpd");
          
          			break;
          
          		case 'redir':
          			break;
          	}
          
          	if (!$g['booting']) {
          		/* reload the filter */
          		filter_configure();
          	}
          
          	if ($g['booting'])
          		echo "done\n";
          
          	return 0;
          }
          
          function vpn_localnet_determine($adr, &$sa, &$sn) {
          	global $config, $g;
          
          	if (isset($adr)) {
          		if ($adr['network']) {
          			switch ($adr['network']) {
          				case 'lan':
          					$sn = $config['interfaces']['lan']['subnet'];
          					$sa = gen_subnet($config['interfaces']['lan']['ipaddr'], $sn);
          					break;
          			}
          		} else if ($adr['address']) {
          			list($sa,$sn) = explode("/", $adr['address']);
          			if (is_null($sn))
          				$sn = 32;
          		}
          	} else {
          		$sn = $config['interfaces']['lan']['subnet'];
          		$sa = gen_subnet($config['interfaces']['lan']['ipaddr'], $sn);
          	}
          }
          
          function vpn_endpoint_determine($tunnel, $curwanip) {
          
          	global $g, $config;
          
          	if ((!$tunnel['interface']) || ($tunnel['interface'] == "wan")) {
          		if ($curwanip)
          			return $curwanip;
          		else
          			return null;
          	} else if ($tunnel['interface'] == "lan") {
          		return $config['interfaces']['lan']['ipaddr'];
          	} else {
          		$oc = $config['interfaces'][$tunnel['interface']];
          
          		if (isset($oc['enable']) && $oc['if']) {
          			return $oc['ipaddr'];
          		}
          	}
          
          	return null;
          }
          
          function vpn_pppoe_configure() {
          	global $config, $g;
          
          	$syscfg = $config['system'];
          	$pppoecfg = $config['pppoe'];
          
          	/* create directory if it does not exist */
          	if(!is_dir("{$g['varetc_path']}/mpd-vpn"))
          		mkdir("{$g['varetc_path']}/mpd-vpn");
          
          	if ($g['booting']) {
          		if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off"))
          			return 0;
          
          		echo "Configuring PPPoE VPN service... ";
          	}
          
          	/* make sure mpd-vpn directory exists */
          	if (!file_exists("{$g['varetc_path']}/mpd-vpn"))
          		mkdir("{$g['varetc_path']}/mpd-vpn");
          
          	switch ($pppoecfg['mode']) {
          
          		case 'server':
          
          			$pppoe_interface = filter_translate_type_to_real_interface($pppoecfg['interface']);
          
          			/* write mpd.conf */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.conf", "a");
          			if (!$fd) {
          				printf("Error: cannot open mpd.conf in vpn_pppoe_configure().\n");
          				return 1;
          			}
          			$mpdconf = "\n\n";
          			$mpdconf .= <<<eod<br>pppoe:
          
          EOD;
          
          			for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
          				$mpdconf .= "	load pppoe{$i}\n";
          			}
          
          			for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
          
          				$clientip = long2ip(ip2long($pppoecfg['remoteip']) + $i);
          				$ngif = "ng" . ($i+1);
          
          				if(isset($pppoecfg['radius']['radiusissueips']) && isset($pppoecfg['radius']['enable'])) {
          					$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 0.0.0.0/0";
          					$isssue_ip_type .="\n\tset ipcp yes radius-ip";
          				} else {
          					$isssue_ip_type = "set ipcp ranges {$pppoecfg['localip']}/32 {$clientip}/32";
          				}
          
          				$mpdconf .= << <eod<br>pppoe{$i}:
          	new -i {$ngif} pppoe{$i} pppoe{$i}
          	{$isssue_ip_type}
          	load pppoe_standart
          
          EOD;
          			}
          
          			$mpdconf .= << <eod<br>pppoe_standart:
          	set link type pppoe
          	set pppoe iface {$pppoe_interface}
          	set pppoe service "*"
          	set pppoe disable originate
          	set pppoe enable incoming
          	set bundle no multilink
          	set bundle enable compression
          	set bundle max-logins 1
          	set iface idle 0
          	set iface disable on-demand
          	set iface disable proxy-arp
          	set iface enable tcpmssfix
          	set iface mtu 1500
          	set link no pap chap
          	set link enable chap
          	set link keep-alive 60 180
          	set ipcp yes vjcomp
          	set ipcp no vjcomp
          	set link max-redial -1
          	set link mtu 1492
          	set link mru 1492
          	set ccp yes mpp-e40
          	set ccp yes mpp-e128
          	set ccp yes mpp-stateless
          	set link latency 1
          	#set ipcp dns 10.10.1.3
          	#set bundle accept encryption
          
          EOD;
          
          			if (isset($config['dnsmasq']['enable'])) {
          				$mpdconf .= "	set ipcp dns " . $config['interfaces']['lan']['ipaddr'];
          				if ($syscfg['dnsserver'][0])
          					$mpdconf .= " " . $syscfg['dnsserver'][0];
          				$mpdconf .= "\n";
          			} else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
          				$mpdconf .= "	set ipcp dns " . join(" ", $syscfg['dnsserver']) . "\n";
          			}
          
          			if (isset($pppoecfg['radius']['enable'])) {
          				$mpdconf .= << <eod<br>set radius server {$pppoecfg['radius']['server']} "{$pppoecfg['radius']['secret']}"
          	set radius retries 3
          	set radius timeout 10
          	set bundle enable radius-auth
          	set bundle disable radius-fallback
          
          EOD;
          
          				if (isset($pppoecfg['radius']['accounting'])) {
          					$mpdconf .= << <eod<br>set bundle enable radius-acct
          
          EOD;
          				}
          			}
          
          			fwrite($fd, $mpdconf);
          			fclose($fd);
          
          			/* write mpd.links */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.links", "a");
          			if (!$fd) {
          				printf("Error: cannot open mpd.links in vpn_pppoe_configure().\n");
          				return 1;
          			}
          
          			$mpdlinks = "";
          
          			for ($i = 0; $i < $pppoecfg['n_pppoe_units']; $i++) {
          				$mpdlinks .= << <eod<br>pppoe:
          	set link type pppoe
          	set pppoe iface {$pppoe_interface}
          
          EOD;
          			}
          
          			fwrite($fd, $mpdlinks);
          			fclose($fd);
          
          			/* write mpd.secret */
          			$fd = fopen("{$g['varetc_path']}/mpd-vpn/mpd.secret", "a");
          			if (!$fd) {
          				printf("Error: cannot open mpd.secret in vpn_pppoe_configure().\n");
          				return 1;
          			}
          
          			$mpdsecret = "\n\n";
          
          			if (is_array($pppoecfg['user'])) {
          				foreach ($pppoecfg['user'] as $user)
          					$mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
          			}
          
          			fwrite($fd, $mpdsecret);
          			fclose($fd);
          			chmod("{$g['varetc_path']}/mpd-vpn/mpd.secret", 0600);
          
          			/* fire up mpd */
          			mwexec("/usr/local/sbin/mpd -b -d {$g['varetc_path']}/mpd-vpn -p {$g['varrun_path']}/mpd-vpn.pid pppoe");
          
          			break;
          
          		case 'redir':
          			break;
          	}
          
          	touch("{$g["tmp_path"]}/filter_dirty");
          
          	if ($g['booting'])
          		echo "done\n";
          
          	return 0;
          }
          
          ?></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></eod<br></developer></mk@neon1.net>
          

          It would be better that this modification be reflected on embedded version as well. The embedded user can use this fuction with other radius server even if they cannot use pfsense's freeradius package.

          1 Reply Last reply Reply Quote 0
          • S
            sbyoon
            last edited by

            Here is vpn_pptp.php

            /*
            	vpn_pptp.php
            	part of m0n0wall (http://m0n0.ch/wall)
            
            	Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>.
            	All rights reserved.
            
            	Redistribution and use in source and binary forms, with or without
            	modification, are permitted provided that the following conditions are met:
            
            	1\. Redistributions of source code must retain the above copyright notice,
            	   this list of conditions and the following disclaimer.
            
            	2\. Redistributions in binary form must reproduce the above copyright
            	   notice, this list of conditions and the following disclaimer in the
            	   documentation and/or other materials provided with the distribution.
            
            	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
            	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
            	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
            	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
            	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
            	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
            	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
            	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
            	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
            	POSSIBILITY OF SUCH DAMAGE.
            */
            
            require("guiconfig.inc");
            
            if (!is_array($config['pptpd']['radius'])) {
            	$config['pptpd']['radius'] = array();
            }
            $pptpcfg = &$config['pptpd'];
            
            $pconfig['remoteip'] = $pptpcfg['remoteip'];
            $pconfig['localip'] = $pptpcfg['localip'];
            $pconfig['redir'] = $pptpcfg['redir'];
            $pconfig['mode'] = $pptpcfg['mode'];
            $pconfig['wins'] = $pptpcfg['wins'];
            $pconfig['req128'] = isset($pptpcfg['req128']);
            $pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']);
            $pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']);
            $pconfig['radiusserver'] = $pptpcfg['radius']['server'];
            $pconfig['radiussecret'] = $pptpcfg['radius']['secret'];
            $pconfig['radiusissueips'] = isset($pptpcfg['radius']['radiusissueips']);
            
            if ($_POST) {
            
            	unset($input_errors);
            	$pconfig = $_POST;
            
            	/* input validation */
            	if ($_POST['mode'] == "server") {
            		$reqdfields = explode(" ", "localip remoteip");
            		$reqdfieldsn = explode(",", "Server address,Remote start address");
            
            		if ($_POST['radiusenable']) {
            			$reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret"));
            			$reqdfieldsn = array_merge($reqdfieldsn, 
            				explode(",", "RADIUS server address,RADIUS shared secret"));
            		}
            
            		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
            
            		if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) {
            			$input_errors[] = "A valid server address must be specified.";
            		}
            		if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) {
            			$input_errors[] = "A valid remote start address must be specified.";
            		}
            		if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) {
            			$input_errors[] = "A valid RADIUS server address must be specified.";
            		}
            
            		if (!$input_errors) {	
            			$_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']);
            			$subnet_start = ip2long($_POST['remoteip']);
            			$subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1;
            
            			if ((ip2long($_POST['localip']) >= $subnet_start) && 
            			    (ip2long($_POST['localip']) <= $subnet_end)) {
            				$input_errors[] = "The specified server address lies in the remote subnet.";	
            			}
            			if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) {
            				$input_errors[] = "The specified server address is equal to the LAN interface address.";	
            			}
            		}
            	} else if ($_POST['mode'] == "redir") {
            		$reqdfields = explode(" ", "redir");
            		$reqdfieldsn = explode(",", "PPTP redirection target address");
            
            		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
            
            		if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) {
            			$input_errors[] = "A valid target address must be specified.";
            		}
            	} else {
            		/* turning pptp off, lets dump any custom rules */
            		$rules = &$config['filter']['rule'];
            		for($x=0; $x <count($rules); $x++)="" {<br="">if($rules[$x]['interface'] == "pptp") { 
            				unset($rules[$x]);
            			}
            		}
            		unset($config['pptpd']['mode']);
            		write_config();
            	}
            
            	if (!$input_errors) {
            		$pptpcfg['remoteip'] = $_POST['remoteip'];
            		$pptpcfg['redir'] = $_POST['redir'];
            		$pptpcfg['localip'] = $_POST['localip'];
            		$pptpcfg['mode'] = $_POST['mode'];
            		$pptpcfg['wins'] = $_POST['wins'];
            		$pptpcfg['radius']['server'] = $_POST['radiusserver'];
            		$pptpcfg['radius']['secret'] = $_POST['radiussecret'];
            
            		if($_POST['req128'] == "yes") 
            			$pptpcfg['req128'] = true;
            		else
            			unset($pptpcfg['req128']);
            
            		if($_POST['radiusenable'] == "yes") 
            			$pptpcfg['radius']['enable'] = true;
            		else 
            			unset($pptpcfg['radius']['enable']);
            
            		if($_POST['radacct_enable'] == "yes") 
            			$pptpcfg['radius']['accounting'] = true;
            		else 
            			unset($pptpcfg['radius']['accounting']);
            
                    if($_POST['radiusissueips'] == "yes") {
            			$pptpcfg['radius']['radiusissueips'] = true;
            		} else
            			unset($pptpcfg['radius']['radiusissueips']);
            
            		write_config();
            
            		$retval = 0;
            
            		config_lock();
            		$retval = vpn_setup();
            		config_unlock();
            
            		$savemsg = get_std_save_message($retval);
            
            		filter_configure();
            	}
            }
            
            $pgtitle = "VPN PPTP";
            include("head.inc");
            
            ?>
            
            <form action="vpn_pptp.php" method="post" name="iform" id="iform">
            
            | 
            	$tab_array = array();
            	$tab_array[0] = array("Configuration", true, "vpn_pptp.php");
            	$tab_array[1] = array("Users", false, "vpn_pptp_users.php");
            	display_top_tabs($tab_array);
            ?>  
               |
            
                |  
                                				  	>
                                Off |
                | 
            >
                                Redirect incoming PPTP connections to: |
              PPTP redirection |  
            
                                Enter the IP address of a host which will accept incoming 
                                PPTP connections. |
                | 
            >
                                Enable PPTP server |
              Max. concurrent 
                                connections |  
            
                               |
              Server address |  
            
                                Enter the IP address the PPTP server should use on its side 
                                for all clients. |
              Remote address 
                                range |  
            
                                / 
            
                                Specify the starting address for the client IP address subnet.
            
                                The PPTP server will assign 
            
                                addresses, starting at the address entered above, to clients. |
              RADIUS |  
                                  >
                                  **Use a RADIUS server for authentication** When set, all users will be authenticated using 
                                  the RADIUS server specified below. The local user database 
                                  will not be used.
            
                                  >
                                  **Enable RADIUS accounting** Sends accounting packets to the RADIUS server. |
              RADIUS server  | 
            
                                  Enter the IP address of the RADIUS server. |
              RADIUS shared secret | 
            
                                  Enter the shared secret that will be used to authenticate 
                                  to the RADIUS server. |
              RADIUS issued IP's | 
                                  >
            
            Issue IP Addresses via RADIUS server.
            
                               |		
              WINS Server | 
            
                               |
               |
                |  
                                > 
                                **Require 128-bit encryption**
            
                                When set, 128-bit encryption will be accepted. Otherwise, 
                                40-bit and 56-bit encryption will be accepted, too. Note that 
                                encryption will always be forced on PPTP connections (i.e. 
                                unencrypted connections will not be accepted). |
                |  
            
                               |
                | **Note:** don't forget to [add a firewall rule](firewall_rules.php?if=pptp) to permit 
                                traffic from PPTP clients! |
            
            			 |	
            
            </form>
            
            ![pptp.jpg_thumb](/public/_imported_attachments_/1/pptp.jpg_thumb)
            ![pptp.jpg](/public/_imported_attachments_/1/pptp.jpg)
            ![pptp.jpg_thumb](/public/_imported_attachments_/1/pptp.jpg_thumb)[/i][/i]</count($rules);></mk@neon1.net>
            
            1 Reply Last reply Reply Quote 0
            • P
              psychosematic
              last edited by

              :D WOW its looking good guys! ;)

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Nice, but we need the files as diffs against the latest revisions of the files you changed to merge them into the pfSense code. Can you attach diffs?

                1 Reply Last reply Reply Quote 0
                • J
                  jeroen234
                  last edited by

                  here are my diff's for freeradius.xml and freeradius.inc

                  on the weekend i will add counter atrr. to freeradius.xml and freeradius.inc
                  the counters are already eneabled in radiusd.conf

                  freeradius.inc.diff.txt
                  freeradius.xml.dif.txt

                  1 Reply Last reply Reply Quote 0
                  • S
                    sbyoon
                    last edited by

                    I have a problem. I don't know how to make the diffs file.

                    Pls adv me how to make the diffs file so that I can make diffs for vpn_pptp.php and vpn.inc.

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba
                      last edited by

                      http://forum.pfsense.org/index.php/topic,2972.0.html

                      1 Reply Last reply Reply Quote 0
                      • S
                        sbyoon
                        last edited by

                        Here are the diffs for vpn.inc and vpn_pptp.php.
                        I used vpn.inc version 1.12 and vpn_pptp.php version 1.38.

                        vpn.inc.diff.txt
                        vpn_pptp.php.diff.txt

                        1 Reply Last reply Reply Quote 0
                        • S
                          sbyoon
                          last edited by

                          Dear Jeroen,

                          Could you add the description column for freeradius users? I think it is needed for users contact number, email address or his real name.

                          Thank you.

                          1 Reply Last reply Reply Quote 0
                          • J
                            jeroen234
                            last edited by

                            oke than i will add it in frond of the username
                            there are comming 4 more colom's in the weekend
                            and suport for 3 more in the future ( upload en download speed settings and wisp redirect url)

                            1 Reply Last reply Reply Quote 0
                            • M
                              monideth
                              last edited by

                              Hi All,

                              I haven;t checked the forums for a while since I posted this initial thread.

                              However, I am pleasantly surpised that some work has been done on the freeradius package  :)

                              Just wanted to ask whether the new freeradius package is now available. I checked the package version and the latest one was 1.1.2 - so I installed this. However, I did not get any changes to the interface to allow config of the IP address in the account configuration.

                              Is the 1.1.2 version meant to include this feature - or is this feature still needs to be patched in and released?

                              Thanks for all your hard work.

                              Regards,

                              Mon

                              1 Reply Last reply Reply Quote 0
                              • D
                                databeestje
                                last edited by

                                Have the radius extensions made it into CVS yet?

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jeroen234
                                  last edited by

                                  the last time i looked they were not yett in

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    monideth
                                    last edited by

                                    Any updates on when these new features will be available?

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      sbyoon
                                      last edited by

                                      Now I'm using it and it works great. PPTP users are now given the ip address from freeradius.

                                      I tried 1.0.1-SNAPSHOT-01-13-2007 today but I found that this feature does not added on this snapshot.

                                      Is there some problem to add this function into future pfsense version???

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        sullrich
                                        last edited by

                                        Not sure what you mean?  Can you send a patch?

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          sbyoon
                                          last edited by

                                          Jeroen and I already attached the diffs files for this functions on this thread. Pls read previous posts.@sbyoon:

                                          Here are the diffs for vpn.inc and vpn_pptp.php.
                                          I used vpn.inc version 1.12 and vpn_pptp.php version 1.38.

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            sullrich
                                            last edited by

                                            That is not the proper sequence for sending patches.  Please read:

                                            http://wiki.pfsense.com/wikka.php?wakka=SubmittingPatches

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.