/* $Id$ */ /* ========================================================================== */ /* authng_wizard.xml part of pfSense (http://www.pfSense.com) Copyright (C) 2007 Daniel S. Haischt All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. */ /* ========================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ 8 1 true This wizard will guide you through the initial configuration of the pfSense authentication system. Next submit 2 On this screen you will define where to define pfSense users and groups PrincipalStore select true installedpackages->authng->config->principal_store XML xml LDAP ldap DB db Backend select true installedpackages->authng->config->backend htpasswd htpasswd PAM pam Radius radius passwd passwd LDAP ldap AuthenticationMethod select true installedpackages->authng->config->auth_method Session session Basic basic 3 Please enter the time, date and time zone. Time server dns name Enter the name of the time server. input system->timeservers Timezone timezone_select system->timezone Next submit 4 true On this screen we will configure the Wide Area Network information. var selectedItem = 0; if(document.forms[0].ipaddress.value == 'dhcp') { selectedItem = 1; document.forms[0].ipaddress.value = ''; } else if(document.forms[0].ipaddress.value == 'PPPoE') { selectedItem = 2; document.forms[0].ipaddress.value = ''; } else if(document.forms[0].ipaddress.value == 'PPTP') { selectedItem = 3; document.forms[0].ipaddress.value = ''; } else if(document.forms[0].ipaddress.value == 'BigPond') { selectedItem = 4; document.forms[0].ipaddress.value = ''; } else { selectedItem = 0; } document.forms[0].selectedtype.selectedIndex = selectedItem; enableitems(selectedItem); SelectedType select true Static Static ipaddress,subnetmask,gateway DHCP dhcp dhcphostname PPPoE pppoe pppoeusername,pppoepassword,pppoeservicename,pppoedialondemand,pppoeidletimeout PPTP pptp pptpusername,pptppassword,pptplocalipaddress,pptplocalsubnet,pptpremoteipaddress,pptpdialondemand,pptpidletimeout BigPond bigpond bigpondusername,bigpondpassword,bigpondauthenticationserver,bigpondauthenticationdomain,bigpondminheartbeatinterval General configuration listtopic true MAC Address interfaces->wan->spoofmac input This field can be used to modify ("spoof") the MAC address of the WAN interface (may be required with some cable connections) Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank true MTU input interfaces->wan->mtu If you enter a value in this field, then MSS clamping for TCP connections to the value entered above minus 40 (TCP/IP header size) will be in effect. If you leave this field blank, an MTU of 1492 bytes for PPPoE and 1500 bytes for all other connection types will be assumed. Static IP Configuration listtopic IP Address interfaces->wan->ipaddr input / true true true true Subnet Mask interfaces->wan->subnet subnet_select Gateway interfaces->wan->gateway input DHCP client configuration listtopic DHCP Hostname input interfaces->wan->dhcphostname The value in this field is sent as the DHCP client identifier and hostname when requesting a DHCP lease. Some ISPs may require this (for client identification). PPPoE configuration listtopic PPPoE Username input pppoe->username PPPoE Password input pppoe->password PPPoE Service name input Hint: this field can usually be left empty PPPoE Dial on demand Enable Dial-On-Demand mode checkbox This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected. PPPoE Idle timeout input If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature. PPTP configuration listtopic PPTP Username input pptp->username PPTP Password input pptp->password true PPTP Local IP Address input / pptp->local true true true pptplocalsubnet pptp->subnet subnet_select PPTP Remote IP Address pptp->remote input PPTP Dial on demand Enable Dial-On-Demand mode checkbox This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected. PPTP Idle timeout input If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature. BigPond configuration listtopic BigPond Username input bigpond->username BigPond Password input bigpond->password BigPond Authentication server input bigpond->authserver If this field is left empty, the default ("dce-server") is used. BigPond Authentication domain input bigpond->authdomain If this field is left empty, the domain name assigned via DHCP will be used. Note: the BigPond client implicitly sets the "Allow DNS server list to be overridden by DHCP/PPP on WAN" on the System: General setup page. BigPond min heartbeat interval input seconds bigpond->minheartbeatinterval Setting this to a sensible value (e.g. 60 seconds) can protect against DoS attacks. RFC1918 Networks listtopic true Block RFC1918 Private Networks When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8). You should generally leave this option turned on, unless your WAN network lies in such a private address space, too. checkbox interfaces->wan->blockpriv Block private networks from entering via WAN Block bogon networks listtopic true Block bogon networks Block bogon networks when set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive. checkbox interfaces->wan->blockbogons Block non-Internet routed networks from entering via WAN Next submit if($_POST['selectedtype'] == "Static") { } else { $_POST['ipaddress'] = $_POST['selectedtype']; $config['interfaces']['wan']['ipaddr'] = $_POST['selectedtype']; write_config(); } 5 On this screen we will configure the Local Area Network information. LAN IP Address input interfaces->lan->ipaddr Type dhcp if this interface uses dhcp to obtain its ip address. Subnet Mask subnet_select interfaces->lan->subnet Next submit $ft = split("\.", $_POST['lanipaddress']); $ft_ip = $ft[0] . "." . $ft[1] . "." . $ft[2] . "."; $config['dhcpd']['lan']['range']['from'] = $ft_ip . "10"; $highestip = gen_subnet_max($_POST['lanipaddress'], $config['interfaces']['lan']['subnet']); $hi = split("\.", $highestip); $highestip = $hi[3]-10; $config['dhcpd']['lan']['range']['to'] = $ft_ip . $highestip; 6 On this screen we will set the Admin password which is used to access the WebGUI and also SSH services if you wish to enable. Admin Password password Admin Password AGAIN password Next submit if($_POST['adminpassword'] != "") { if($_POST['adminpassword'] == $_POST['adminpasswordagain']) { $fd = popen("/usr/sbin/pw usermod -n root -H 0", "w"); $salt = md5(time()); $crypted_pw = crypt($_POST['adminpassword'],$salt); fwrite($fd, $crypted_pw); pclose($fd); $config['system']['password'] = crypt($_POST['adminpassword']); write_config(); system_password_configure(); } else { print_info_box_np("Passwords do not match! Please press back in your browser window and correct."); die; } } 7 true Click 'Reload' to reload pfSense with new changes. If you changed the password, pfSense will ask you to log in again. Reload submit 8 A reload is now in progress. Please wait. <p> The system will automatically try to access $myurl in 120 seconds. <p> You can click on the icon above to access the site more quickly. <meta http-equiv="refresh" content="60; url=$myurl" > reload_all();