diff --git a/release/src-rt-6.x.4708/Makefile b/release/src-rt-6.x.4708/Makefile index af9f291b18..821258af42 100644 --- a/release/src-rt-6.x.4708/Makefile +++ b/release/src-rt-6.x.4708/Makefile @@ -697,14 +697,6 @@ define BusyboxOptions echo "CONFIG_E2LABEL=y" >>$(1); \ sed -i "/CONFIG_FEATURE_VOLUMEID_EXFAT/d" $(1); \ echo "CONFIG_FEATURE_VOLUMEID_EXFAT=y" >>$(1); \ - if [ "$(CONFIG_LINUX26)" = "y" ]; then \ - sed -i "/CONFIG_LSUSB/d" $(1); \ - echo "CONFIG_LSUSB=y" >>$(1); \ - sed -i "/CONFIG_FEATURE_WGET_STATUSBAR/d" $(1); \ - echo "CONFIG_FEATURE_WGET_STATUSBAR=y" >>$(1); \ - sed -i "/CONFIG_FEATURE_VERBOSE_USAGE/d" $(1); \ - echo "CONFIG_FEATURE_VERBOSE_USAGE=y" >>$(1); \ - fi; \ fi; \ else \ sed -i "/CONFIG_FEATURE_MOUNT_LOOP/d" $(1); \ diff --git a/release/src-rt-6.x.4708/router/Makefile b/release/src-rt-6.x.4708/router/Makefile index 9e20064852..1267436bc3 100644 --- a/release/src-rt-6.x.4708/router/Makefile +++ b/release/src-rt-6.x.4708/router/Makefile @@ -1033,7 +1033,11 @@ openssl-1.1.x-install: mssl: openssl +ifneq ($(TCONFIG_BBT)$(TCONFIG_NGINX),) +mdu: shared libcurl +else mdu: shared mssl +endif rc: nvram$(BCMEX) shared diff --git a/release/src-rt-6.x.4708/router/busybox/config_base b/release/src-rt-6.x.4708/router/busybox/config_base index e832149584..d87cd021d1 100644 --- a/release/src-rt-6.x.4708/router/busybox/config_base +++ b/release/src-rt-6.x.4708/router/busybox/config_base @@ -609,8 +609,8 @@ CONFIG_FEATURE_GPT_LABEL=y # CONFIG_IPCRM is not set # CONFIG_IPCS is not set # CONFIG_LOSETUP is not set -# CONFIG_LSPCI is not set -# CONFIG_LSUSB is not set +CONFIG_LSPCI=y +CONFIG_LSUSB=y # CONFIG_MDEV is not set # CONFIG_FEATURE_MDEV_CONF is not set # CONFIG_FEATURE_MDEV_RENAME is not set @@ -915,7 +915,7 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="" # CONFIG_UDPSVD is not set CONFIG_VCONFIG=y CONFIG_WGET=y -# CONFIG_FEATURE_WGET_STATUSBAR is not set +CONFIG_FEATURE_WGET_STATUSBAR=y CONFIG_FEATURE_WGET_AUTHENTICATION=y # CONFIG_FEATURE_WGET_LONG_OPTIONS is not set CONFIG_FEATURE_WGET_TIMEOUT=y diff --git a/release/src-rt-6.x.4708/router/httpd/pptpd.c b/release/src-rt-6.x.4708/router/httpd/pptpd.c index 3a51ac1ac9..98b3285a56 100644 --- a/release/src-rt-6.x.4708/router/httpd/pptpd.c +++ b/release/src-rt-6.x.4708/router/httpd/pptpd.c @@ -19,7 +19,7 @@ #include "tomato.h" #ifndef PPTP_CONNECTED -#define PPTP_CONNECTED "/tmp/pptp_connected" +#define PPTP_CONNECTED "/etc/vpn/pptpd_connected" #endif #ifndef IF_SIZE diff --git a/release/src-rt-6.x.4708/router/httpd/tomato.c b/release/src-rt-6.x.4708/router/httpd/tomato.c index 77de4a45df..7b316f8fea 100644 --- a/release/src-rt-6.x.4708/router/httpd/tomato.c +++ b/release/src-rt-6.x.4708/router/httpd/tomato.c @@ -1841,6 +1841,7 @@ wl_ap_ssid { "pptp_client_custom", V_NONE }, { "pptp_client_dfltroute", V_01 }, { "pptp_client_stateless", V_01 }, + { "pptpd_chap", V_RANGE(0,2) }, #endif { NULL } diff --git a/release/src-rt-6.x.4708/router/mdu/Makefile b/release/src-rt-6.x.4708/router/mdu/Makefile index 91dfb10674..d88f6b71f0 100644 --- a/release/src-rt-6.x.4708/router/mdu/Makefile +++ b/release/src-rt-6.x.4708/router/mdu/Makefile @@ -1,9 +1,9 @@ include ../common.mak CFLAGS = -Os -Wall $(EXTRACFLAGS) -CFLAGS += -I$(SRCBASE)/include -I$(TOP)/shared -I$(TOP)/mssl +CFLAGS += -I$(SRCBASE)/include -I$(TOP)/shared LDFLAGS = -LIBS = -L$(TOP)/nvram${BCMEX} -lnvram -L$(TOP)/shared -lshared -L$(TOP)/mssl -lmssl +LIBS = -L$(TOP)/nvram${BCMEX} -lnvram -L$(TOP)/shared -lshared #LIBS = -L$(TOP)/nvram -lnvram -L$(TOP)/shared -lshared $(TOP)/mssl/libmssl.a $(TOP)/matrixssl/src/libmatrixsslstatic.a ifeq ($(TCONFIG_BCMARM),y) @@ -14,6 +14,14 @@ ifeq ($(FULL_OPENSSL),y) LIBS += -L$(TOP)/openssl -lssl -lcrypto endif +ifneq ($(TCONFIG_BBT)$(TCONFIG_NGINX),) +CFLAGS += -DUSE_LIBCURL -I$(TOP)/libcurl/staged/usr/include +LIBS += -lpthread -L$(TOP)/libcurl/lib/.libs -lcurl +else +CFLAGS+= -I$(TOP)/mssl +LIBS += -L$(TOP)/mssl -lmssl +endif + OBJS = mdu.o all: mdu diff --git a/release/src-rt-6.x.4708/router/mdu/mdu.c b/release/src-rt-6.x.4708/router/mdu/mdu.c index 9fa9806908..f1557fef7b 100644 --- a/release/src-rt-6.x.4708/router/mdu/mdu.c +++ b/release/src-rt-6.x.4708/router/mdu/mdu.c @@ -29,8 +29,11 @@ #include #include +#ifdef USE_LIBCURL +#include +#else #include "mssl.h" - +#endif #ifdef DEBUG @@ -57,6 +60,12 @@ #define M_SAME_RECORD "Record already up-to-date." #define M_DOWN "Server temporarily down or under maintenance." +#ifdef USE_LIBCURL +int curl_sslerr = 1; +FILE *curl_dfile = NULL; +CURL *curl_handle = NULL; +#endif + char *blob = NULL; int error_exitcode = 1; @@ -218,6 +227,151 @@ static const char *get_dump_name(void) #endif } +#ifdef USE_LIBCURL +static int curl_dump(CURL *handle, curl_infotype type, char *data, size_t size, + void *userptr) +{ + const char *prefix; + FILE *f_out; + size_t i; + unsigned char c; + int is_info; + + is_info = 0; + switch (type) + { + case CURLINFO_HEADER_OUT: + prefix = ">H "; + break; + case CURLINFO_DATA_OUT: + prefix = ">D "; + break; + case CURLINFO_HEADER_IN: + prefix = "= 0x20 && c < 0x80) ? c : '.', f_out); + } + fputc('\n', f_out); + + return 0; +} + +static void curl_setup() +{ + CURLsslset result; + const char *dump; + + result = curl_global_sslset(CURLSSLBACKEND_OPENSSL, NULL, NULL); + if (result == CURLSSLSET_OK || result == CURLSSLSET_TOO_LATE) + curl_sslerr = 0; + if (curl_global_init(CURL_GLOBAL_ALL) || !(curl_handle = curl_easy_init())) + error("libcurl initialization failure."); + + curl_easy_setopt(curl_handle, CURLOPT_FOLLOWLOCATION, 1); + curl_easy_setopt(curl_handle, CURLOPT_MAXREDIRS, 20); + curl_easy_setopt(curl_handle, CURLOPT_CONNECTTIMEOUT, 10); + curl_easy_setopt(curl_handle, CURLOPT_TIMEOUT, 10); + + if ((dump = get_dump_name()) != NULL) + { + curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1L); + if ((curl_dfile = fopen(dump, "a")) != NULL) + { + curl_easy_setopt(curl_handle, CURLOPT_DEBUGFUNCTION, curl_dump); + curl_easy_setopt(curl_handle, CURLOPT_DEBUGDATA, (void *)curl_dfile); + } + } +} + +static void curl_cleanup() +{ + if (curl_dfile != NULL) + fclose(curl_dfile); + curl_easy_cleanup(curl_handle); + curl_global_cleanup(); +} + +static struct curl_slist *curl_headers(const char *header) +{ + char *sub; + struct curl_slist *headers = NULL; + struct curl_slist *tmp = NULL; + size_t n = strlen(header); + + if (!header) + return NULL; + + sub = strstr(header, "\r\n"); + while (sub || n > 0) + { + if (sub) + *sub = 0; + if (header) + { + tmp = curl_slist_append(headers, header); + if (tmp == NULL) + { + curl_slist_free_all(headers); + curl_cleanup(); + error("libcurl header failure."); + } + } + if (sub) + { + n -= sub + 2 - header; + headers = tmp; + header = sub + 2; + *sub = '\r'; + sub = strstr(header, "\r\n"); + } + else + { + n = 0; + headers = tmp; + } + } + + return headers; +} +#else static int _http_req(int ssl, const char *host, int port, const char *request, char *buffer, int bufsize, char **body) { struct hostent *he; @@ -339,9 +493,97 @@ static int _http_req(int ssl, const char *host, int port, const char *request, c return -1; } +#endif static int http_req(int ssl, int static_host, const char *host, const char *req, const char *query, const char *header, int auth, char *data, char **body) { +#ifdef USE_LIBCURL + struct curl_slist *headers = NULL; + char url[HALF_BLOB]; + FILE *curl_wbuf = NULL; + FILE *curl_rbuf = NULL; + CURLcode r; + int trys; + long code; + + if (!static_host) host = get_option_or("server", host); + if (ssl) + { + if (curl_sslerr) + { + curl_cleanup(); + error("SSL failure with libcurl."); + } + snprintf(url, HALF_BLOB, "https://%s%s", host, query); + } + else + snprintf(url, HALF_BLOB, "http://%s%s", host, query); + curl_easy_setopt(curl_handle, CURLOPT_URL, url); + if (header) + { + headers = curl_headers(header); + curl_easy_setopt(curl_handle, CURLOPT_HTTPHEADER, headers); + } + + if (auth) { + curl_easy_setopt(curl_handle, CURLOPT_USERNAME, get_option_required("user")); + curl_easy_setopt(curl_handle, CURLOPT_PASSWORD, get_option_required("pass")); + curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + } + else + curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_NONE); + + curl_wbuf = fmemopen(blob, HALF_BLOB, "w"); + setbuf(curl_wbuf, NULL); + curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)curl_wbuf); + if (data) + { + curl_rbuf = fmemopen(data, strlen(data), "r"); + curl_easy_setopt(curl_handle, CURLOPT_READDATA, (void *)curl_rbuf); + curl_easy_setopt(curl_handle, CURLOPT_INFILESIZE, strlen(data)); + curl_easy_setopt(curl_handle, CURLOPT_UPLOAD, 1L); + } + else + { + curl_easy_setopt(curl_handle, CURLOPT_READDATA, NULL); + curl_easy_setopt(curl_handle, CURLOPT_INFILESIZE, 0); + curl_easy_setopt(curl_handle, CURLOPT_UPLOAD, 0L); + } + + if (!strcmp(req, "POST")) + curl_easy_setopt(curl_handle, CURLOPT_POST, 1L); + else if (!strcmp(req, "GET")) + curl_easy_setopt(curl_handle, CURLOPT_HTTPGET, 1L); + + for (trys = 4; trys > 0; --trys) + { + r = curl_easy_perform(curl_handle); + if (r != CURLE_COULDNT_CONNECT) + break; +#ifdef DEBUG + perror("connect"); +#endif + sleep(2); + } + curl_slist_free_all(headers); + curl_easy_getinfo(curl_handle, CURLINFO_RESPONSE_CODE, &code); + fclose(curl_wbuf); + if (curl_rbuf) + fclose(curl_rbuf); + if (curl_dfile) + { + fputc('\n', curl_dfile); + fflush(curl_dfile); + } + if (r != CURLE_OK) + { + curl_cleanup(); + error("Unknown libcurl error %d with response code %ld.", r, code); + } + + *body = blob; + return code; +#else char *p; int port; char a[512]; @@ -369,7 +611,7 @@ static int http_req(int ssl, int static_host, const char *host, const char *req, req, query, httpv, host); if (auth) { sprintf(a, "%s:%s", get_option_required("user"), get_option_required("pass")); - n = base64_encode((unsigned char *) a, b, strlen(a)); + n = base64_encode((const char *) a, b, strlen(a)); b[n] = 0; sprintf(blob + strlen(blob), "Authorization: Basic %s\r\n", b); } @@ -400,6 +642,7 @@ static int http_req(int ssl, int static_host, const char *host, const char *req, _dprintf("%s: n=%d\n", __FUNCTION__, n); return n; +#endif } static int wget(int ssl, int static_host, const char *host, const char *get, const char *header, int auth, char **body) @@ -1434,7 +1677,7 @@ static int cloudflare_errorcheck(int code, const char *req, char *body) else if (code == 403 && strstr(body, "\"code\":9103") != NULL) error(M_INVALID_AUTH); - error("%s returned HTTP code %d.", req, code); + error("%s returned HTTP error code %d.", req, code); return -1; // silence compiler warning } @@ -1575,7 +1818,7 @@ static void update_wget(void) if ((c = strrchr(host, '@')) != NULL) { *c = 0; - s[base64_encode((unsigned char *) host, s, c - host)] = 0; + s[base64_encode((const char *) host, s, c - host)] = 0; sprintf(he, "Authorization: Basic %s\r\n", s); header = he; host = c + 1; @@ -1717,6 +1960,10 @@ int main(int argc, char *argv[]) */ check_cookie(); +#ifdef USE_LIBCURL + curl_setup(); +#endif + p = get_option_required("service"); if (strcmp(p, "dua") == 0) { update_dua("dyndns", 0, NULL, NULL, 1); @@ -1830,6 +2077,14 @@ int main(int argc, char *argv[]) // Tunnel Broker uses the same API as DynDNS update_dua("heipv6tb", 1, "ipv4.tunnelbroker.net", "/nic/update", 1); } + else if (strcmp(p, "dnshenet") == 0) { + // dns.he.net uses the same API as DynDNS + update_dua(NULL, 0, "dyn.dns.he.net", "/nic/update", 0); + } + else if (strcmp(p, "sdnshenet") == 0) { + // dns.he.net uses the same API as DynDNS + update_dua(NULL, 1, "dyn.dns.he.net", "/nic/update", 0); + } else if (strcmp(p, "cloudflare") == 0) { update_cloudflare(); } @@ -1840,5 +2095,9 @@ int main(int argc, char *argv[]) error("Unknown service"); } +#ifdef USE_LIBCURL + curl_cleanup(); +#endif + return 1; } diff --git a/release/src-rt-6.x.4708/router/rc/pptp_client.c b/release/src-rt-6.x.4708/router/rc/pptp_client.c index df8b08e29e..9dfa1220d2 100644 --- a/release/src-rt-6.x.4708/router/rc/pptp_client.c +++ b/release/src-rt-6.x.4708/router/rc/pptp_client.c @@ -8,7 +8,7 @@ #include #include -//#define PPPD_DEBUG +//#define PPTPC_DEBUG #define BUF_SIZE 128 /* Line number as text string */ @@ -85,26 +85,33 @@ void start_pptp_client(void) "maxfail 0\n" "persist\n" "plugin pptp.so\n" - "pptp_server %s\n" + "pptp_server '%s'\n" "idle 0\n" - "ipparam kelokepptpd\n", + "ipparam kelokepptpd\n" + "ktune\n" + "default-asyncmap nopcomp noaccomp\n" + "novj nobsdcomp nodeflate\n" + "holdoff 10\n" + "lcp-echo-adaptive\n" + "ipcp-accept-remote ipcp-accept-local noipdefault\n", srv_addr); if (nvram_get_int("pptp_client_peerdns")) /* 0: disable, 1 enable */ fprintf(fd, "usepeerdns\n"); /* MTU */ + /* see KB Q189595 -- historyless & mtu */ if ((p = nvram_get("pptp_client_mtu")) == NULL) - p = "1450"; + p = "1400"; if (!nvram_get_int("pptp_client_mtuenable")) - p = "1450"; + p = "1400"; fprintf(fd, "mtu %s\n", p); /* MRU */ if ((p = nvram_get("pptp_client_mru")) == NULL) - p = "1450"; + p = "1400"; if (!nvram_get_int("pptp_client_mruenable")) - p = "1450"; + p = "1400"; fprintf(fd, "mru %s\n", p); /* Login */ @@ -124,15 +131,20 @@ void start_pptp_client(void) switch (nvram_get_int("pptp_client_crypt")) { case 1: - fprintf(fd, "nomppe\n"); + fprintf(fd, "nomppe nomppc\n"); break; case 2: - fprintf(fd, "nomppe-40\n"); - fprintf(fd, "require-mppe-128\n"); + fprintf(fd, + "nomppe-40\n" + "require-mppe\n" + "require-mppe-128\n"); break; case 3: - fprintf(fd, "require-mppe-40\n"); - fprintf(fd, "require-mppe-128\n"); + fprintf(fd, + "require-mppe\n" + "require-mppe-40\n" + "require-mppe-56\n" + "require-mppe-128\n"); break; default: break; @@ -167,7 +179,7 @@ void start_pptp_client(void) system(buffer); } -#ifdef PPPD_DEBUG +#ifdef PPTPC_DEBUG sprintf(buffer, "/etc/vpn/pptpclient file /etc/vpn/pptpc_options debug"); #else sprintf(buffer, "/etc/vpn/pptpclient file /etc/vpn/pptpc_options"); diff --git a/release/src-rt-6.x.4708/router/rc/pptpd.c b/release/src-rt-6.x.4708/router/rc/pptpd.c index 1a91f1aef9..b29a6a40d4 100644 --- a/release/src-rt-6.x.4708/router/rc/pptpd.c +++ b/release/src-rt-6.x.4708/router/rc/pptpd.c @@ -1,5 +1,5 @@ /* - * pptp.c + * pptpd.c * * Copyright (C) 2007 Sebastian Gottschall * @@ -26,153 +26,129 @@ #include #include #include -#include #include #include -void get_broadcast(char *ipaddr, char *netmask) -{ - int ip2[4], mask2[4]; - unsigned char ip[4], mask[4]; - - if (!ipaddr || !netmask) - return; - sscanf(ipaddr, "%d.%d.%d.%d", &ip2[0], &ip2[1], &ip2[2], &ip2[3]); - sscanf(netmask, "%d.%d.%d.%d", &mask2[0], &mask2[1], &mask2[2], - &mask2[3]); - int i = 0; - - for (i = 0; i < 4; i++) { - ip[i] = ip2[i]; - mask[i] = mask2[i]; - ip[i] = (ip[i] & mask[i]) | (0xff & ~mask[i]); - } +char *ip2bcast(char *ip, char *netmask, char *buf) +{ + struct in_addr addr; - sprintf(ipaddr, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + addr.s_addr = inet_addr(ip) | ~inet_addr(netmask); + if (buf) + sprintf(buf, "%s", inet_ntoa(addr)); - //fprintf(stderr, "get_broadcast return %s\n", value); + return buf; } void write_chap_secret(char *file) { - FILE *fp; - char *nv, *nvp, *b; - char *username, *passwd; -// char buf[64]; - - fp=fopen(file, "w"); - - if (fp==NULL) return; - -// nv = nvp = strdup(nvram_safe_get("pptpd_clientlist")); - nv = nvp = strdup(nvram_safe_get("pptpd_users")); - - if(nv) { - while ((b = strsep(&nvp, ">")) != NULL) { - if((vstrsep(b, "<", &username, &passwd)!=2)) continue; - if(strlen(username)==0||strlen(passwd)==0) continue; - fprintf(fp, "%s * %s *\n", username, passwd); - } - free(nv); - } - fclose(fp); + FILE *fp; + char *nv, *nvp, *b; + char *username, *passwd; + + if ((fp = fopen(file, "w")) == NULL) { + perror(file); + return; + } + + nv = nvp = strdup(nvram_safe_get("pptpd_users")); + + if (nv) { + while ((b = strsep(&nvp, ">")) != NULL) { + if ((vstrsep(b, "<", &username, &passwd) != 2)) + continue; + + if (*username =='\0' || *passwd == '\0') + continue; + + fprintf(fp, "%s * %s *\n", username, passwd); + } + free(nv); + } + fclose(fp); } void start_pptpd(void) { - int ret = 0, mss = 0, manual_dns = 0; -// char *lpTemp; FILE *fp; - -// int pid = getpid(); -// _dprintf("start_pptpd: getpid= %d\n", pid); - -// if(getpid() != 1) { -// notify_rc("start_pptpd"); -// return; -// } + int count = 0, ret = 0, nowins = 0, pptpd_opt; + char bcast[32]; + char options[] = "/etc/vpn/pptpd_options"; + char conffile[] = "/etc/vpn/pptpd.conf"; if (!nvram_match("pptpd_enable", "1")) { return; } - // cprintf("stop vpn modules\n"); - // stop_vpn_modules (); - - // Create directory for use by pptpd daemon and its supporting files - mkdir("/tmp/pptpd", 0744); - cprintf("open options file\n"); - // Create options file that will be unique to pptpd to avoid interference - // with pppoe and pptp - fp = fopen("/tmp/pptpd/options.pptpd", "w"); - fprintf(fp, "logfile /var/log/pptpd-pppd.log\ndebug\n"); -/* - if (nvram_match("pptpd_radius", "1")) - fprintf(fp, "plugin radius.so\nplugin radattr.so\n" - "radius-config-file /tmp/pptpd/radius/radiusclient.conf\n"); -*/ - cprintf("check if wan_wins = zero\n"); - int nowins = 0; - - if (nvram_match("wan_wins", "0.0.0.0")) { - nvram_set("wan_wins", ""); - nowins = 1; + + /* Make sure vpn directory exists */ + mkdir("/etc/vpn", 0700); + + /* Create unique options file */ + if ((fp = fopen(options, "w")) == NULL) { + perror(options); + return; } - if (strlen(nvram_safe_get("wan_wins")) == 0) - nowins = 1; - cprintf("write config\n"); + fprintf(fp, + "logfile /var/log/pptpd-pppd.log\n" + "debug\n"); + +#if 0 + if (nvram_match("pptpd_radius", "1") && nvram_invmatch("pptpd_radserver", "") && nvram_invmatch("pptpd_radpass", "")) { + fprintf(fp, + "plugin radius.so\n" + "plugin radattr.so\n" + "radius-config-file /etc/vpn/radius/radiusclient.conf\n"); +#endif + fprintf(fp, "lock\n" "name *\n" "proxyarp\n" // "ipcp-accept-local\n" // "ipcp-accept-remote\n" - "minunit 10\n" // AB !! - we leave ppp0-ppp3 for WAN and/or other ppp connections (PPTP client, ADSL, etc... perhaps)? - "nobsdcomp\n" "lcp-echo-failure 10\n" "lcp-echo-interval 5\n" -// "deflate 0\n" "auth\n" "-chap\n" "-mschap\n" "+mschap-v2\n"); + "lcp-echo-adaptive\n" + "auth\n" + "nobsdcomp\n" "refuse-pap\n" "refuse-chap\n" - "refuse-mschap\n" - "require-mschap-v2\n"); - -// if (nvram_match("pptpd_forcemppe", "none")) { - if (nvram_match("pptpd_forcemppe", "0")) { -// fprintf(fp, "-mppc\n"); - fprintf(fp, "nomppe\n"); - } else { -// fprintf(fp, "+mppc\n"); -/* if (nvram_match("pptpd_forcemppe", "auto")) { - fprintf(fp, "+mppe-40\n"); - fprintf(fp, "+mppe-56\n"); - fprintf(fp, "+mppe-128\n"); - } - else if (nvram_match("pptpd_forcemppe", "+mppe-40")) { - fprintf(fp, "+mppe\n"); - fprintf(fp, "+mppe-40\n"); - fprintf(fp, "-mppe-56\n"); - fprintf(fp, "-mppe-128\n"); - } - else if (nvram_match("pptpd_forcemppe", "+mppe-128")) { - fprintf(fp, "+mppe\n"); - fprintf(fp, "-mppe-40\n"); - fprintf(fp, "-mppe-56\n"); - fprintf(fp, "+mppe-128\n"); -*/ - fprintf(fp, "require-mppe-128\n"); - } - fprintf(fp, "nomppe-stateful\n"); -// } - - fprintf(fp, "ms-ignore-domain\n" - "chap-secrets /tmp/pptpd/chap-secrets\n" - "ip-up-script /tmp/pptpd/ip-up\n" - "ip-down-script /tmp/pptpd/ip-down\n" - "mtu %s\n" "mru %s\n", - nvram_get("pptpd_mtu") ? nvram_get("pptpd_mtu") : "1450", - nvram_get("pptpd_mru") ? nvram_get("pptpd_mru") : "1450"); - //WINS Server + "nomppe-stateful\n"); + + pptpd_opt = nvram_get_int("pptpd_chap"); + fprintf(fp, "%s-mschap\n", (pptpd_opt == 0 || pptpd_opt & 1) ? "require" : "refuse"); + fprintf(fp, "%s-mschap-v2\n", (pptpd_opt == 0 || pptpd_opt & 2) ? "require" : "refuse"); + + if (nvram_match("pptpd_forcemppe", "0")) + fprintf(fp, "nomppe nomppc\n"); + else + fprintf(fp, "require-mppe-128\n"); + + fprintf(fp, + "ms-ignore-domain\n" + "chap-secrets /etc/vpn/chap-secrets\n" + "ip-up-script /etc/vpn/pptpd_ip-up\n" + "ip-down-script /etc/vpn/pptpd_ip-down\n" + "mtu %d\n" + "mru %d\n", + nvram_get_int("pptpd_mtu") ? : 1400, + nvram_get_int("pptpd_mru") ? : 1400); + + /* DNS Server */ + if (nvram_invmatch("pptpd_dns1", "")) + count += fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns1")) > 0 ? 1 : 0; + if (nvram_invmatch("pptpd_dns2", "")) + count += fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns2")) > 0 ? 1 : 0; + if (count == 0 && nvram_invmatch("lan_ipaddr", "")) + fprintf(fp, "ms-dns %s\n", nvram_safe_get("lan_ipaddr")); + + /* WINS Server */ + if (nvram_match("wan_wins", "0.0.0.0") || (strlen(nvram_safe_get("wan_wins")) == 0)) { + nvram_set("wan_wins", ""); + nowins = 1; + } + if (!nowins) { fprintf(fp, "ms-wins %s\n", nvram_safe_get("wan_wins")); } @@ -182,143 +158,121 @@ void start_pptpd(void) if (strlen(nvram_safe_get("pptpd_wins2"))) { fprintf(fp, "ms-wins %s\n", nvram_safe_get("pptpd_wins2")); } - //DNS Server - if (strlen(nvram_safe_get("pptpd_dns1"))) { - fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns1")); - manual_dns=1; - } - if (strlen(nvram_safe_get("pptpd_dns2"))) { - fprintf(fp, "ms-dns %s\n", nvram_safe_get("pptpd_dns2")); - manual_dns=1; - } - if(!manual_dns && !nvram_match("lan_ipaddr", "")) - fprintf(fp, "ms-dns %s\n", nvram_safe_get("lan_ipaddr")); - - fprintf(fp, "%s\n\n", nvram_safe_get("pptpd_custom")); - - // Following is all crude and need to be revisited once testing confirms - // that it does work - // Should be enough for testing.. -/* if (nvram_match("pptpd_radius", "1")) { - if (nvram_get("pptpd_radserver") != NULL - && nvram_get("pptpd_radpass") != NULL) { - - fclose(fp); - - mkdir("/tmp/pptpd/radius", 0744); - - fp = fopen("/tmp/pptpd/radius/radiusclient.conf", "w"); - fprintf(fp, "auth_order radius\n" - "login_tries 4\n" - "login_timeout 60\n" - "radius_timeout 10\n" - "nologin /etc/nologin\n" - "servers /tmp/pptpd/radius/servers\n" - "dictionary /etc/dictionary\n" - "seqfile /var/run/radius.seq\n" - "mapfile /etc/port-id-map\n" - "radius_retries 3\n" - "authserver %s:%s\n", - nvram_get("pptpd_radserver"), - nvram_get("pptpd_radport") ? - nvram_get("pptpd_radport") : "radius"); - - if (nvram_get("pptpd_radserver") != NULL - && nvram_get("pptpd_acctport") != NULL) - fprintf(fp, "acctserver %s:%s\n", - nvram_get("pptpd_radserver"), - nvram_get("pptpd_acctport") ? - nvram_get("pptpd_acctport") : - "radacct"); - fclose(fp); - - fp = fopen("/tmp/pptpd/radius/servers", "w"); - fprintf(fp, "%s\t%s\n", nvram_get("pptpd_radserver"), - nvram_get("pptpd_radpass")); - fclose(fp); - - } else - fclose(fp); - } else -*/ fclose(fp); - - // Create pptpd.conf options file for pptpd daemon - fp = fopen("/tmp/pptpd/pptpd.conf", "w"); - fprintf(fp, "bcrelay %s\n", nvram_safe_get("pptpd_broadcast")); - fprintf(fp, "localip %s\n" - "remoteip %s\n", nvram_safe_get("lan_ipaddr"), - nvram_safe_get("pptpd_remoteip")); + + fprintf(fp, + "minunit 10\n" /* force ppp interface starting from 10 */ + "%s\n\n", nvram_safe_get("pptpd_custom")); fclose(fp); - // Create ip-up and ip-down scripts that are unique to pptpd to avoid - // interference with pppoe and pptp - /* - * adjust for tunneling overhead (mtu - 40 byte IP - 108 byte tunnel - * overhead) + /* Following is all crude and need to be revisited once testing confirms that it does work + * Should be enough for testing.. */ - if (nvram_match("mtu_enable", "1")) - mss = atoi(nvram_safe_get("wan_mtu")) - 40 - 108; - else - mss = 1500 - 40 - 108; - char bcast[32]; +#if 0 + if (nvram_get_int("pptpd_radius") && nvram_invmatch("pptpd_radserver", "") && nvram_invmatch("pptpd_radpass", "")) { + mkdir("/etc/vpn/radius", 0700); + + fp = fopen("/etc/vpn/radius/radiusclient.conf", "w"); + fprintf(fp, + "auth_order radius\n" + "login_tries 4\n" + "login_timeout 60\n" + "radius_timeout 10\n" + "nologin /etc/nologin\n" + "servers /etc/vpn/radius/servers\n" + "dictionary /etc/dictionary\n" + "seqfile /var/run/radius.seq\n" + "mapfile /etc/port-id-map\n" + "radius_retries 3\n" + "authserver %s:%s\n", + nvram_get("pptpd_radserver"), + nvram_get("pptpd_radport") ? nvram_get("pptpd_radport") : "radius"); + + if ((nvram_get("pptpd_radserver") != NULL) && (nvram_get("pptpd_acctport") != NULL)) + fprintf(fp, + "acctserver %s:%s\n", + nvram_get("pptpd_radserver"), + nvram_get("pptpd_acctport") ? nvram_get("pptpd_acctport") : "radacct"); + fclose(fp); + + fp = fopen("/etc/vpn/radius/servers", "w"); + fprintf(fp, + "%s\t%s\n", + nvram_get("pptpd_radserver"), + nvram_get("pptpd_radpass")); + fclose(fp); +#endif + + /* Create pptpd.conf options file for pptpd daemon */ + fp = fopen(conffile, "w"); + fprintf(fp, + "localip %s\n" + "remoteip %s\n" + "bcrelay %s\n", + nvram_safe_get("lan_ipaddr"), + nvram_safe_get("pptpd_remoteip"), + nvram_safe_get("pptpd_broadcast")); + fclose(fp); - strcpy(bcast, nvram_safe_get("lan_ipaddr")); - get_broadcast(bcast, nvram_safe_get("lan_netmask")); + ip2bcast(nvram_safe_get("lan_ipaddr"), nvram_safe_get("lan_netmask"), bcast); - fp = fopen("/tmp/pptpd/ip-up", "w"); -// fprintf(fp, "#!/bin/sh\n" "startservice set_routes\n" // reinitialize - fprintf(fp, "#!/bin/sh\n" //"startservice set_routes\n" // reinitialize - "echo $PPPD_PID $1 $5 $6 $PEERNAME `date +%%s`>> /tmp/pptp_connected\n" - "iptables -I FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n" + /* Create ip-up and ip-down scripts that are unique to pptpd to avoid interference with pppoe and pptpc */ + fp = fopen("/etc/vpn/pptpd_ip-up", "w"); + fprintf(fp, + "#!/bin/sh\n" + "echo \"$PPPD_PID $1 $5 $6 $PEERNAME $(date +%%s)\" >> /etc/vpn/pptpd_connected\n" "iptables -I INPUT -i $1 -j ACCEPT\n" "iptables -I FORWARD -i $1 -j ACCEPT\n" - "iptables -I FORWARD -o $1 -j ACCEPT\n" // AB!! - "iptables -t nat -I PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s\n" // rule for wake on lan over pptp tunnel - "%s\n", bcast, + "iptables -I FORWARD -o $1 -j ACCEPT\n" + "iptables -I FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n" + "iptables -t nat -I PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s\n" /* rule for wake on lan over pptp tunnel */ + "%s\n", + bcast, nvram_get("pptpd_ipup_script") ? nvram_get("pptpd_ipup_script") : ""); fclose(fp); - fp = fopen("/tmp/pptpd/ip-down", "w"); - fprintf(fp, "#!/bin/sh\n" "grep -v $1 /tmp/pptp_connected > /tmp/pptp_connected.new\n" - "mv /tmp/pptp_connected.new /tmp/pptp_connected\n" - "iptables -D FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n" - "iptables -D INPUT -i $1 -j ACCEPT\n" - "iptables -D FORWARD -i $1 -j ACCEPT\n" - "iptables -D FORWARD -o $1 -j ACCEPT\n" // AB!! - "iptables -t nat -D PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s\n" // rule for wake on lan over pptp tunnel - "%s\n", bcast, + + fp = fopen("/etc/vpn/pptpd_ip-down", "w"); + fprintf(fp, + "#!/bin/sh\n" "grep -v $1 /etc/vpn/pptpd_connected > /etc/vpn/pptpd_connected.new\n" + "mv /etc/vpn/pptpd_connected.new /etc/vpn/pptpd_connected\n" + "iptables -D FORWARD -i $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu\n" + "iptables -D INPUT -i $1 -j ACCEPT\n" + "iptables -D FORWARD -i $1 -j ACCEPT\n" + "iptables -D FORWARD -o $1 -j ACCEPT\n" + "iptables -t nat -D PREROUTING -i $1 -p udp -m udp --sport 9 -j DNAT --to-destination %s\n" /* rule for wake on lan over pptp tunnel */ + "%s\n", + bcast, nvram_get("pptpd_ipdown_script") ? nvram_get("pptpd_ipdown_script") : ""); fclose(fp); - chmod("/tmp/pptpd/ip-up", 0744); - chmod("/tmp/pptpd/ip-down", 0744); - // Extract chap-secrets from nvram - write_chap_secret("/tmp/pptpd/chap-secrets"); + chmod("/etc/vpn/pptpd_ip-up", 0744); + chmod("/etc/vpn/pptpd_ip-down", 0744); + + /* Extract chap-secrets from nvram */ + write_chap_secret("/etc/vpn/chap-secrets"); - chmod("/tmp/pptpd/chap-secrets", 0600); + chmod("/etc/vpn/chap-secrets", 0600); - // Execute pptpd daemon - ret = - eval("pptpd", "-c", "/tmp/pptpd/pptpd.conf", "-o", - "/tmp/pptpd/options.pptpd", - "-C", "50"); + /* Execute pptpd daemon */ + ret = eval("pptpd", "-c", conffile, "-o", options, "-C", "50"); _dprintf("start_pptpd: ret= %d\n", ret); - //dd_syslog(LOG_INFO, "pptpd : pptp daemon successfully started\n"); - return; } void stop_pptpd(void) { FILE *fp; + int argc; + char *argv[7]; int ppppid; char line[128]; - eval("cp", "/tmp/pptp_connected", "/tmp/pptp_shutdown"); + eval("cp", "/etc/vpn/pptpd_connected", "/etc/vpn/pptpd_shutdown"); - fp = fopen("/tmp/pptp_shutdown", "r"); - if (fp) { + if ((fp = fopen("/etc/vpn/pptpd_shutdown", "r")) != NULL) { while (fgets(line, sizeof(line), fp) != NULL) { - if (sscanf(line, "%d %*s %*s %*s %*s %*d", &ppppid) != 1) continue; + if (sscanf(line, "%d %*s %*s %*s %*s %*d", &ppppid) != 1) + continue; + int n = 10; while ((kill(ppppid, SIGTERM) == 0) && (n > 1)) { sleep(1); @@ -327,15 +281,19 @@ void stop_pptpd(void) } fclose(fp); } - unlink("/tmp/pptp_shutdown"); - -// if (getpid() != 1) { -// notify_rc("stop_pptpd"); -// } killall_tk("pptpd"); killall_tk("bcrelay"); - return; + + /* Delete all files for this server */ + unlink("/etc/vpn/pptpd_shutdown"); + memset(line, 0, sizeof(line)); + sprintf(line, "rm -rf /etc/vpn/pptpd.conf /etc/vpn/pptpd_options /etc/vpn/pptpd_ip-down /etc/vpn/pptpd_ip-up /etc/vpn/chap-secrets"); + for (argv[argc = 0] = strtok(line, " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " ")); + _eval(argv, NULL, 0, NULL); + + /* Attempt to remove directory. Will fail if not empty */ + rmdir("/etc/vpn"); } void write_pptpd_dnsmasq_config(FILE* f) { diff --git a/release/src-rt-6.x.4708/router/rc/services.c b/release/src-rt-6.x.4708/router/rc/services.c index 5f1d9a432a..245a32ac06 100644 --- a/release/src-rt-6.x.4708/router/rc/services.c +++ b/release/src-rt-6.x.4708/router/rc/services.c @@ -435,7 +435,9 @@ void start_dnsmasq() n = nvram_get_int("dhcpd_lmax"); fprintf(f, "dhcp-lease-max=%d\n", (n > 0) ? n : 255); if (nvram_get_int("dhcpd_auth") >= 0) { - fprintf(f, "dhcp-authoritative\n"); + fprintf(f, + "dhcp-option=lan,252,\"\\n\"\n" + "dhcp-authoritative\n"); } if (nvram_match("dnsmasq_debug", "1")) { diff --git a/release/src-rt-6.x.4708/router/shared/defaults.c b/release/src-rt-6.x.4708/router/shared/defaults.c index 332ab7bf26..b133afcb05 100644 --- a/release/src-rt-6.x.4708/router/shared/defaults.c +++ b/release/src-rt-6.x.4708/router/shared/defaults.c @@ -1262,9 +1262,9 @@ struct nvram_tuple router_defaults[] = { { "pptp_client_usewan", "wan" , 0 }, { "pptp_client_peerdns", "0" , 0 }, { "pptp_client_mtuenable", "0" , 0 }, - { "pptp_client_mtu", "1450" , 0 }, + { "pptp_client_mtu", "1400" , 0 }, { "pptp_client_mruenable", "0" , 0 }, - { "pptp_client_mru", "1450" , 0 }, + { "pptp_client_mru", "1400" , 0 }, { "pptp_client_nat", "0" , 0 }, { "pptp_client_srvip", "" , 0 }, { "pptp_client_srvsub", "10.0.0.0" , 0 }, @@ -1274,6 +1274,8 @@ struct nvram_tuple router_defaults[] = { { "pptp_client_crypt", "0" , 0 }, { "pptp_client_custom", "" , 0 }, { "pptp_client_dfltroute", "0" , 0 }, + { "pptp_client_stateless", "1" , 0 }, + { "pptpd_chap", "0" , 0 }, /* 0/1/2 (Auto/MS-CHAPv1/MS-CHAPv2) */ #endif #ifdef TCONFIG_TINC diff --git a/release/src-rt-6.x.4708/router/www/basic-ddns.asp b/release/src-rt-6.x.4708/router/www/basic-ddns.asp index 58398a91c7..17569aa828 100644 --- a/release/src-rt-6.x.4708/router/www/basic-ddns.asp +++ b/release/src-rt-6.x.4708/router/www/basic-ddns.asp @@ -77,6 +77,8 @@ var services = [ ['ovh', 'OVH', 'http://www.ovh.com/', 'uh'], ['sovh', 'OVH (https)', 'https://www.ovh.com/', 'uh'], ['schangeip', 'ChangeIP (https)', 'https://www.changeip.com/', 'uh'], + ['dnshenet', 'dns.he.net', 'http://dns.he.net/', 'u', 'Host name', 'DDNS key'], + ['sdnshenet', 'dns.he.net (https)', 'https://dns.he.net/', 'u', 'Host name', 'DDNS key'], ['cloudflare', 'Cloudflare (https)', 'https://www.cloudflare.com/', 'uhbnws', 'Email Address', 'API Key', null, 'Proxied', 'Create record if needed', 'Zone ID'], ['custom', 'Custom URL', '', 'c']]; diff --git a/release/src-rt-6.x.4708/router/www/vpn-client.asp b/release/src-rt-6.x.4708/router/www/vpn-client.asp index d39f34715c..94ac55ad70 100644 --- a/release/src-rt-6.x.4708/router/www/vpn-client.asp +++ b/release/src-rt-6.x.4708/router/www/vpn-client.asp @@ -474,6 +474,9 @@ for (i = 0; i < tabs.length; ++i) { name: 'vpn_'+t+'_addr', type: 'text', maxlen: 60, size: 17, value: eval( 'nvram.vpn_'+t+'_addr' ) }, { name: 'vpn_'+t+'_port', type: 'text', maxlen: 5, size: 7, value: eval( 'nvram.vpn_'+t+'_port' ) } ] }, { title: 'Firewall', name: 'vpn_'+t+'_firewall', type: 'select', options: [ ['auto', 'Automatic'], ['custom', 'Custom'] ], value: eval( 'nvram.vpn_'+t+'_firewall' ) }, + { title: 'Create NAT on tunnel', name: 'f_vpn_'+t+'_nat', type: 'checkbox', value: eval( 'nvram.vpn_'+t+'_nat' ) != 0, + suffix: ' Routes must be configured manually.<\/small><\/span>' }, + { title: 'Inbound Firewall', name: 'f_vpn_'+t+'_fw', type: 'checkbox', value: eval( 'nvram.vpn_'+t+'_fw' ) != 0 }, { title: 'Authorization Mode', name: 'vpn_'+t+'_crypt', type: 'select', options: [ ['tls', 'TLS'], ['secret', 'Static Key'], ['custom', 'Custom'] ], value: eval( 'nvram.vpn_'+t+'_crypt' ), suffix: ' (must configure manually...)<\/small><\/span>' }, { title: 'TLS control channel security (tls-auth/tls-crypt)<\/small>', name: 'vpn_'+t+'_hmac', type: 'select', options: [ [-1, 'Disabled'], [2, 'Bi-directional Auth'], [0, 'Incoming Auth (0)'], [1, 'Outgoing Auth (1)'], [3, 'Encrypt Channel'] ], value: eval( 'nvram.vpn_'+t+'_hmac' ) }, @@ -485,9 +488,6 @@ for (i = 0; i < tabs.length; ++i) { title: 'Auth digest', name: 'vpn_'+t+'_digest', type: 'select', options: digests, value: eval( 'nvram.vpn_'+t+'_digest' ) }, { title: 'Server is on the same subnet', name: 'f_vpn_'+t+'_bridge', type: 'checkbox', value: eval( 'nvram.vpn_'+t+'_bridge' ) != 0, suffix: ' Warning: Cannot bridge distinct subnets. Defaulting to routed mode.<\/small><\/span>' }, - { title: 'Create NAT on tunnel', name: 'f_vpn_'+t+'_nat', type: 'checkbox', value: eval( 'nvram.vpn_'+t+'_nat' ) != 0, - suffix: ' Routes must be configured manually.<\/small><\/span>' }, - { title: 'Inbound Firewall', name: 'f_vpn_'+t+'_fw', type: 'checkbox', value: eval( 'nvram.vpn_'+t+'_fw' ) != 0 }, { title: 'Local/remote endpoint addresses', multi: [ { name: 'vpn_'+t+'_local', type: 'text', maxlen: 15, size: 17, value: eval( 'nvram.vpn_'+t+'_local' ) }, { name: 'vpn_'+t+'_remote', type: 'text', maxlen: 15, size: 17, value: eval( 'nvram.vpn_'+t+'_remote' ) } ] }, diff --git a/release/src-rt-6.x.4708/router/www/vpn-pptp-server.asp b/release/src-rt-6.x.4708/router/www/vpn-pptp-server.asp index 032342c676..8412c7b10f 100644 --- a/release/src-rt-6.x.4708/router/www/vpn-pptp-server.asp +++ b/release/src-rt-6.x.4708/router/www/vpn-pptp-server.asp @@ -29,7 +29,7 @@ textarea { diff --git a/release/src-rt-6.x.4708/router/www/vpn-pptp.asp b/release/src-rt-6.x.4708/router/www/vpn-pptp.asp index 0bbc391a4a..a13361a92d 100644 --- a/release/src-rt-6.x.4708/router/www/vpn-pptp.asp +++ b/release/src-rt-6.x.4708/router/www/vpn-pptp.asp @@ -37,7 +37,7 @@ function toggle(service, isup) { E('_' + service + '_button').disabled = true; form.submitHidden('service.cgi', { _redirect: 'vpn-pptp.asp', - _sleep: '3', + _sleep: '5', _service: service + (isup ? '-stop' : '-start') }); } @@ -49,12 +49,12 @@ function verifyFields(focused, quiet) { var f = E('_pptp_client_mtuenable').value == '0'; if (f) { - E('_pptp_client_mtu').value = '1450'; + E('_pptp_client_mtu').value = '1400'; } E('_pptp_client_mtu').disabled = f; f = E('_pptp_client_mruenable').value == '0'; if (f) { - E('_pptp_client_mru').value = '1450'; + E('_pptp_client_mru').value = '1400'; } E('_pptp_client_mru').disabled = f; @@ -128,12 +128,12 @@ createFieldTable('', [ /* MULTIWAN-BEGIN */ ['wan3','WAN3'],['wan4','WAN4'], /* MULTIWAN-END */ - ['none','none']], value: nvram.pptp_client_usewan }, + ['none','none']], value: nvram.pptp_client_usewan, suffix: '  In Wireless Client or WET mode, disable bind (set to none<\/i>)<\/small>' }, { title: 'Server Address', name: 'pptp_client_srvip', type: 'text', maxlen: 50, size: 27, value: nvram.pptp_client_srvip }, { title: 'Username: ', name: 'pptp_client_username', type: 'text', maxlen: 50, size: 54, value: nvram.pptp_client_username }, { title: 'Password: ', name: 'pptp_client_passwd', type: 'password', maxlen: 50, size: 54, value: nvram.pptp_client_passwd }, { title: 'Encryption', name: 'pptp_client_crypt', type: 'select', value: nvram.pptp_client_crypt, - options: [['0', 'Auto'],['1', 'None'],['2','Maximum (128 bit only)'],['3','Required (128 or 40 bit)']] }, + options: [['0', 'Auto'],['1', 'None'],['2','Maximum (128 bit only)'],['3','Required (128, 56 or 40 bit)']] }, { title: 'Stateless MPPE connection', name: 'f_pptp_client_stateless', type: 'checkbox', value: nvram.pptp_client_stateless != 0 }, { title: 'Accept DNS configuration', name: 'pptp_client_peerdns', type: 'select', options: [[0, 'Disabled'],[1, 'Yes'],[2, 'Exclusive']], value: nvram.pptp_client_peerdns }, { title: 'Redirect Internet traffic', name: 'f_pptp_client_dfltroute', type: 'checkbox', value: nvram.pptp_client_dfltroute != 0 }, @@ -158,7 +158,9 @@ createFieldTable('', [
Notes
    -
  • Do not change and save the settings when client is running - you may end up with a downed firewall or broken routing table!
    • +
  • Do not change (and save) the settings when client is running - you may end up with a downed firewall or broken routing table!
    • +
  • In case of connection problems, reduce the MTU and/or MRU values.
    • +
  • To boost connection performance, you can try to increase MTU/MRU values.