void start_pptpd(void)
{
int ret = 0, mss = 0, manual_dns = 0;
char *lpTemp;
FILE *fp;
int pid = getpid();
_dprintf("start_pptpd: getpid= %d\n", pid);
if(getpid() != 1) {
notify_rc("start_pptpd");
return;
}
if (!nvram_match("pptpd_enable", "1")) {
return;
}
// cprintf("stop vpn modules\n");
// stop_vpn_modules ();
// Create directory for use by pptpd daemon and its supporting files
mkdir("/tmp/pptpd", 0744);
cprintf("open options file\n");
// Create options file that will be unique to pptpd to avoid interference
// with pppoe and pptp
fp = fopen("/tmp/pptpd/options.pptpd", "w");
fprintf(fp, "logfile /var/log/pptpd-pppd.log\ndebug\n");
if (nvram_match("pptpd_radius", "1"))
fprintf(fp, "plugin radius.so\nplugin radattr.so\n"
"radius-config-file /tmp/pptpd/radius/radiusclient.conf\n");
cprintf("check if wan_wins = zero\n");
int nowins = 0;
if (nvram_match("wan_wins", "0.0.0.0")) {
nvram_set("wan_wins", "");
nowins = 1;
}
if (strlen(nvram_safe_get("wan_wins")) == 0)
nowins = 1;
cprintf("write config\n");
fprintf(fp, "lock\n"
"name *\n"
"proxyarp\n"
"ipcp-accept-local\n"
"ipcp-accept-remote\n"
"lcp-echo-failure 10\n"
"lcp-echo-interval 5\n"
"deflate 0\n" "auth\n" "-chap\n" "-mschap\n" "+mschap-v2\n");
fprintf(fp, "nomppe-stateful\n");
if (nvram_match("pptpd_forcemppe", "none")) {
fprintf(fp, "nomppe nomppc\n");
}
else if (nvram_match("pptpd_forcemppe", "auto")) {
fprintf(fp, "require-mppe-40\n"
"require-mppe-56\n"
"require-mppe-128\n");
}
else if (nvram_match("pptpd_forcemppe", "+mppe-40")) {
fprintf(fp, "require-mppe\n"
"require-mppe-40\n");
}
else if (nvram_match("pptpd_forcemppe", "+mppe-56")) {
fprintf(fp, "require-mppe\n"
"nomppe-40\n"
"require-mppe-56\n");
}
else if (nvram_match("pptpd_forcemppe", "+mppe-128")) {
fprintf(fp, "require-mppe\n"
"nomppe-40\n"
"nomppe-56\n"
"require-mppe-128\n");
}
fprintf(fp, "ms-ignore-domain\n"
"chap-secrets /tmp/pptpd/chap-secrets\n"
"ip-up-script /tmp/pptpd/ip-up\n"
"ip-down-script /tmp/pptpd/ip-down\n"
"mtu %s\n" "mru %s\n",
nvram_get("pptpd_mtu") ? nvram_get("pptpd_mtu") : "1450",
nvram_get("pptpd_mru") ? nvram_get("pptpd_mru") : "1450");
//WINS Server
if (!nowins) {
fprintf(fp, "ms-wins %s\n", nvram_safe_get("wan_wins"));
}
if (strlen(nvram_safe_get("pptpd_wins1"))) {
fprintf(fp, "ms-wins %s\n", nvram_safe_get("pptpd_wins1"));
}
if (strlen(nvram_safe_get("pptpd_wins2"))) {
fprintf(fp, "ms-wins %s\n", nvram_safe_get("pptpd_wins2"));
}
//DNS Server
if (strlen(nvram_safe_get("pptpd_dns1"))) {
fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns1"));
manual_dns=1;
}
if (strlen(nvram_safe_get("pptpd_dns2"))) {
fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns2"));
manual_dns=1;
}
if(!manual_dns && !nvram_match("lan_ipaddr", ""))
fprintf(fp, "ms-dns %s\n", nvram_safe_get("lan_ipaddr"));
// force ppp interface starting from 10
fprintf(fp, "minunit 10\n");
// Following is all crude and need to be revisited once testing confirms
// that it does work
// Should be enough for testing..
if (nvram_match("pptpd_radius", "1")) {
if (nvram_get("pptpd_radserver") != NULL
&& nvram_get("pptpd_radpass") != NULL) {
fclose(fp);
mkdir("/tmp/pptpd/radius", 0744);
fp = fopen("/tmp/pptpd/radius/radiusclient.conf", "w");
fprintf(fp, "auth_order radius\n"
"login_tries 4\n"
"login_timeout 60\n"
"radius_timeout 10\n"
"nologin /etc/nologin\n"
"servers /tmp/pptpd/radius/servers\n"
"dictionary /etc/dictionary\n"
"seqfile /var/run/radius.seq\n"
"mapfile /etc/port-id-map\n"
"radius_retries 3\n"
"authserver %s:%s\n",
nvram_get("pptpd_radserver"),
nvram_get("pptpd_radport") ?
nvram_get("pptpd_radport") : "radius");
if (nvram_get("pptpd_radserver") != NULL
&& nvram_get("pptpd_acctport") != NULL)
fprintf(fp, "acctserver %s:%s\n",
nvram_get("pptpd_radserver"),
nvram_get("pptpd_acctport") ?
nvram_get("pptpd_acctport") :
"radacct");
fclose(fp);
fp = fopen("/tmp/pptpd/radius/servers", "w");
fprintf(fp, "%s\t%s\n", nvram_get("pptpd_radserver"),
nvram_get("pptpd_radpass"));
fclose(fp);
} else
fclose(fp);
} else
fclose(fp);
// Create pptpd.conf options file for pptpd daemon
fp = fopen("/tmp/pptpd/pptpd.conf", "w");
fprintf(fp, "bcrelay %s\n", nvram_safe_get("pptpd_broadcast"));
fprintf(fp, "localip %s\n"
"remoteip %s\n", nvram_safe_get("lan_ipaddr"),
nvram_safe_get("pptpd_clients"));
fclose(fp);
// Create ip-up and ip-down scripts that are unique to pptpd to avoid
// interference with pppoe and pptp
/*
* adjust for tunneling overhead (mtu - 40 byte IP - 108 byte tunnel
* overhead)
*/
if (nvram_match("mtu_enable", "1"))
mss = atoi(nvram_safe_get("wan_mtu")) - 40 - 108;
else
mss = 1500 - 40 - 108;
char bcast[32];
strcpy(bcast, nvram_safe_get("lan_ipaddr"));
get_broadcast(bcast, nvram_safe_get("lan_netmask"));
fp = fopen("/tmp/pptpd/ip-up", "w");
fprintf(fp, "#!/bin/sh\n" "startservice set_routes\n" // reinitialize
"echo $PPPD_PID $1 $5 $6 $PEERNAME >> /tmp/pptp_connected\n"
"iptables -I FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"
"iptables -I INPUT -i $1 -j ACCEPT\n" "iptables -I FORWARD -i $1 -j ACCEPT\n"
"iptables -t nat -I PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destinati on %s " // rule for wake on lan over pptp tunnel
"%s\n", bcast,
nvram_get("pptpd_ipup_script") ? nvram_get("pptpd_ipup_script") : "");
fclose(fp);
fp = fopen("/tmp/pptpd/ip-down", "w");
fprintf(fp, "#!/bin/sh\n" "grep -v $1 /tmp/pptp_connected > /tmp/pptp_connected.new\n"
"mv /tmp/pptp_connected.new /tmp/pptp_connected\n"
"iptables -D FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"
"iptables -D INPUT -i $1 -j ACCEPT\n"
"iptables -D FORWARD -i $1 -j ACCEPT\n"
"iptables -t nat -D PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s " // rule for wake on lan over pptp tunnel
"%s\n", bcast,
nvram_get("pptpd_ipdown_script") ? nvram_get("pptpd_ipdown_script") : "");
fclose(fp);
chmod("/tmp/pptpd/ip-up", 0744);
chmod("/tmp/pptpd/ip-down", 0744);
// Exctract chap-secrets from nvram
write_chap_secret("/tmp/pptpd/chap-secrets");
chmod("/tmp/pptpd/chap-secrets", 0600);
// Execute pptpd daemon
ret =
eval("pptpd", "-c", "/tmp/pptpd/pptpd.conf", "-o",
"/tmp/pptpd/options.pptpd");
_dprintf("start_pptpd: ret= %d\n", ret);
//dd_syslog(LOG_INFO, "pptpd : pptp daemon successfully started\n");
return;
}
void start_pptpd(void)
{
int ret = 0, manual_dns = 0, pptpd_opt = 0;
FILE *fp;
char buf[MAXLEN_TCAPI_MSG];
char lan_ipaddr[16] = {0};
int pid = getpid();
_dprintf("start_pptpd: getpid= %d\n", pid);
//if(getpid() != 1) {
//notify_rc("start_pptpd");
//return;
//}
if (!tcapi_match(VPN_DATA, "pptpd_enable", "1")) {
return;
}
// cprintf("stop vpn modules\n");
// stop_vpn_modules ();
// Create directory for use by pptpd daemon and its supporting files
mkdir("/tmp/pptpd", 0744);
cprintf("open options file\n");
// Create options file that will be unique to pptpd to avoid interference
// with pppoe and pptp
fp = fopen("/tmp/pptpd/options.pptpd", "w");
fprintf(fp, "logfile /var/log/pptpd-pppd.log\n");
//fprintf(fp, "debug dump logfd 2 nodetach\n");
if (tcapi_match(VPN_DATA, "pptpd_radius", "1"))
fprintf(fp, "plugin radius.so\nplugin radattr.so\n"
"radius-config-file /tmp/pptpd/radius/radiusclient.conf\n");
//cprintf("check if wan_wins = zero\n");
//int nowins = 0;
//if (nvram_match("wan_wins", "0.0.0.0")) {
//nvram_set("wan_wins", "");
//nowins = 1;
//}
//if (strlen(nvram_safe_get("wan_wins")) == 0)
//nowins = 1;
cprintf("write config\n");
fprintf(fp, "lock\n"
"name *\n"
"proxyarp\n"
// "ipcp-accept-local\n"
// "ipcp-accept-remote\n"
"lcp-echo-failure 10\n"
"lcp-echo-interval 6\n"
"deflate 0\n" "auth\n" "-chap\n"
"nomppe-stateful\n");
pptpd_opt = tcapi_get_int(VPN_DATA, "pptpd_chap");
fprintf(fp, "%smschap\n", (pptpd_opt == 0 || pptpd_opt & 1) ? "+" : "-");
fprintf(fp, "%smschap-v2\n", (pptpd_opt == 0 || pptpd_opt & 2) ? "+" : "-");
pptpd_opt = tcapi_get_int(VPN_DATA, "pptpd_mppe");
if (pptpd_opt == 0)
pptpd_opt = 1 | 4 | 8;
if (pptpd_opt & (1 | 2 | 4)) {
fprintf(fp, "%s", (pptpd_opt & 8) ? "" : "require-mppe\n");
fprintf(fp, "%smppe-128\n", (pptpd_opt & 1) ? "require-" : "no");
//fprintf(fp, "%smppe-56\n", (pptpd_opt & 2) ? "require-" : "no");
fprintf(fp, "%smppe-40\n", (pptpd_opt & 4) ? "require-" : "no");
} else
fprintf(fp, "nomppe nomppc\n");
fprintf(fp, "ms-ignore-domain\n"
"chap-secrets /tmp/pptpd/chap-secrets\n"
"ip-up-script /tmp/pptpd/ip-up\n"
"ip-down-script /tmp/pptpd/ip-down\n"
"mtu %d\n" "mru %d\n",
tcapi_get_int(VPN_DATA, "pptpd_mtu"),
tcapi_get_int(VPN_DATA, "pptpd_mru"));
//WINS Server
//if (!nowins) {
//fprintf(fp, "ms-wins %s\n", nvram_safe_get("wan_wins"));
//}
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_wins1", buf);
if(strlen(buf)) {
fprintf(fp, "ms-wins %s\n", buf);
}
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_wins2", buf);
if(strlen(buf)) {
fprintf(fp, "ms-wins %s\n", buf);
}
//DNS Server
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_dns1", buf);
if(strlen(buf)) {
fprintf(fp, "ms-dns %s\n", buf);
manual_dns=1;
}
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_dns2", buf);
if(strlen(buf)) {
fprintf(fp, "ms-dns %s\n", buf);
manual_dns=1;
}
tcapi_get("Lan_Entry0", "IP", lan_ipaddr);
if(!manual_dns && strcmp(lan_ipaddr, ""))
fprintf(fp, "ms-dns %s\n", lan_ipaddr);
// force ppp interface starting from 20
fprintf(fp, "minunit 20\n");
// Following is all crude and need to be revisited once testing confirms
// that it does work
// Should be enough for testing..
if (tcapi_match(VPN_DATA, "pptpd_radius", "1")) {
char pptpd_radserver[128] = {0};
char pptpd_radpass[128] = {0};
char pptpd_radport[128] = {0};
char pptpd_acctport[128] = {0};
if (tcapi_get(VPN_DATA, "pptpd_radserver", pptpd_radserver) == TCAPI_PROCESS_OK
&& tcapi_get(VPN_DATA, "pptpd_radpass", pptpd_radpass) == TCAPI_PROCESS_OK) {
fclose(fp);
mkdir("/tmp/pptpd/radius", 0744);
if (tcapi_get(VPN_DATA, "pptpd_radport", pptpd_radport) != TCAPI_PROCESS_OK)
strcpy(pptpd_radport, "radius");
fp = fopen("/tmp/pptpd/radius/radiusclient.conf", "w");
fprintf(fp, "auth_order radius\n"
"login_tries 4\n"
"login_timeout 60\n"
"radius_timeout 10\n"
"nologin /etc/nologin\n"
"servers /tmp/pptpd/radius/servers\n"
"dictionary /etc/dictionary\n"
"seqfile /var/run/radius.seq\n"
"mapfile /etc/port-id-map\n"
"radius_retries 3\n"
"authserver %s:%s\n",
pptpd_radserver, pptpd_radport);
if (tcapi_get(VPN_DATA, "pptpd_acctport", pptpd_acctport) != TCAPI_PROCESS_OK)
strcpy(pptpd_acctport, "radacct");
fprintf(fp, "acctserver %s:%s\n", pptpd_radserver, pptpd_acctport);
fclose(fp);
fp = fopen("/tmp/pptpd/radius/servers", "w");
fprintf(fp, "%s\t%s\n", pptpd_radserver, pptpd_radpass);
fclose(fp);
} else
fclose(fp);
} else
fclose(fp);
// Create pptpd.conf options file for pptpd daemon
fp = fopen("/tmp/pptpd/pptpd.conf", "w");
memset(buf, 0, sizeof(buf));
fprintf(fp, "bcrelay %s\n", tcapi_get_string(VPN_DATA, "pptpd_broadcast", buf));
memset(buf, 0, sizeof(buf));
fprintf(fp, "localip %s\n"
"remoteip %s\n", lan_ipaddr,
tcapi_get_string(VPN_DATA, "pptpd_clients", buf));
fclose(fp);
// Create ip-up and ip-down scripts that are unique to pptpd to avoid
// interference with pppoe and pptp
/*
* adjust for tunneling overhead (mtu - 40 byte IP - 108 byte tunnel
* overhead)
*/
//if (nvram_match("mtu_enable", "1"))
//mss = atoi(nvram_safe_get("wan_mtu")) - 40 - 108;
//else
//mss = 1500 - 40 - 108;
char bcast[32];
strcpy(bcast, lan_ipaddr);
memset(buf, 0, sizeof(buf));
get_broadcast(bcast, tcapi_get_string("Lan_Entry0", "netmask", buf));
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_ipup_script", buf);
fp = fopen("/tmp/pptpd/ip-up", "w");
fprintf(fp, "#!/bin/sh\n" "startservice set_routes\n" // reinitialize
"echo $PPPD_PID $1 $5 $6 $PEERNAME >> /tmp/pptp_connected\n"
"iptables -I FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"
"iptables -I INPUT -i $1 -j ACCEPT\n" "iptables -I FORWARD -i $1 -j ACCEPT\n"
"iptables -t nat -I PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s " // rule for wake on lan over pptp tunnel
"%s\n", bcast, buf);
fclose(fp);
memset(buf, 0, sizeof(buf));
tcapi_get(VPN_DATA, "pptpd_ipdown_script", buf);
fp = fopen("/tmp/pptpd/ip-down", "w");
fprintf(fp, "#!/bin/sh\n" "grep -v $1 /tmp/pptp_connected > /tmp/pptp_connected.new\n"
"mv /tmp/pptp_connected.new /tmp/pptp_connected\n"
"iptables -D FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n"
"iptables -D INPUT -i $1 -j ACCEPT\n"
"iptables -D FORWARD -i $1 -j ACCEPT\n"
"iptables -t nat -D PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s " // rule for wake on lan over pptp tunnel
"%s\n", bcast, buf);
fclose(fp);
chmod("/tmp/pptpd/ip-up", 0744);
chmod("/tmp/pptpd/ip-down", 0744);
// Exctract chap-secrets from nvram
write_chap_secret("/tmp/pptpd/chap-secrets");
chmod("/tmp/pptpd/chap-secrets", 0600);
// Execute pptpd daemon
ret =
eval("pptpd", "-c", "/tmp/pptpd/pptpd.conf", "-o",
"/tmp/pptpd/options.pptpd");
_dprintf("start_pptpd: ret= %d\n", ret);
//dd_syslog(LOG_INFO, "pptpd : pptp daemon successfully started\n");
return;
}
