'use client'; import { useState, useEffect } from 'react'; import { createPortal } from 'react-dom'; import { showSuccess, showError, showConfirm } from '@/lib/sweetalert'; import { useToast } from '@/components/cyberpunk/CyberToast'; import { useTranslation } from '@/hooks/useTranslation'; import { Shield, Server, Plus, Pencil, Trash2, Zap, Activity, CheckCircle, XCircle, Settings, Terminal, RefreshCw, FileText, X, Wifi, ChevronDown, ChevronUp, Info } from 'lucide-react'; interface VpnServer { id: string name: string host: string username: string apiPort: number subnet: string poolStart: number poolEnd: number gateway: string | null l2tpEnabled: boolean sstpEnabled: boolean pptpEnabled: boolean openVpnEnabled: boolean wgEnabled: boolean wgPublicKey?: string | null wgPort?: number | null isActive: boolean } interface WgPeer { publicKey: string endpoint?: string allowedIps?: string lastHandshake?: string transfer?: string } interface VpnClientData { id: string name: string username: string password: string vpnType: string vpnServerId: string vpnServerHost: string isRadiusServer: boolean } /** @deprecated panel redundansi dihapus */ function VpnServerRedundancyPanel(_props: Record) { return null; } export default function VpnServerPage() { const { t } = useTranslation(); const { addToast } = useToast(); const [servers, setServers] = useState([]); const [loading, setLoading] = useState(true); const [vpnClients, setVpnClients] = useState([]); const [showModal, setShowModal] = useState(false); const [editingServer, setEditingServer] = useState(null); const [testingId, setTestingId] = useState(null); const [settingUpId, setSettingUpId] = useState(null); const [testResult, setTestResult] = useState<{ success: boolean; message: string; identity?: string; } | null>(null); // L2TP VPN Control States const [showL2tpControl, setShowL2tpControl] = useState(false); const [l2tpStatus, setL2tpStatus] = useState(null); const [l2tpLoading, setL2tpLoading] = useState(false); const [l2tpLogs, setL2tpLogs] = useState([]); const [l2tpConnections, setL2tpConnections] = useState(''); // PPTP VPN Control States const [showPptpControl, setShowPptpControl] = useState(false); const [pptpStatus, setPptpStatus] = useState(null); const [pptpLoading, setPptpLoading] = useState(false); const [pptpLogs, setPptpLogs] = useState([]); // WireGuard VPN Server States const [showWgPanel, setShowWgPanel] = useState(false); const [wgPanelServer, setWgPanelServer] = useState(null); const [wgServerInfo, setWgServerInfo] = useState(null); const [wgPeers, setWgPeers] = useState([]); const [wgLoading, setWgLoading] = useState(false); const [wgAddingPeer, setWgAddingPeer] = useState(false); const [wgNewPeerName, setWgNewPeerName] = useState(''); const [wgGeneratedScript, setWgGeneratedScript] = useState(null); // --- Modal States -------------------------------------------------------- const [showL2tpSshModal, setShowL2tpSshModal] = useState(false); const [pendingL2tpAction, setPendingL2tpAction] = useState(''); const [pendingL2tpServer, setPendingL2tpServer] = useState(null); const [l2tpSshForm, setL2tpSshForm] = useState({ host: '', port: '22', username: 'root', password: '', vpnServerIp: '', l2tpUsername: '', l2tpPassword: '' }); const [showPptpSshModal, setShowPptpSshModal] = useState(false); const [pendingPptpAction, setPendingPptpAction] = useState(''); const [pendingPptpServer, setPendingPptpServer] = useState(null); const [pptpSshForm, setPptpSshForm] = useState({ host: '', port: '22', username: 'root', password: '', pptpServer: '', pptpUser: '', pptpPass: '' }); const [showTestPasswordModal, setShowTestPasswordModal] = useState(false); const [testPasswordServer, setTestPasswordServer] = useState(null); const [testPasswordValue, setTestPasswordValue] = useState(''); const [showSetupPasswordModal, setShowSetupPasswordModal] = useState(false); const [setupPasswordServer, setSetupPasswordServer] = useState(null); const [setupPasswordValue, setSetupPasswordValue] = useState(''); const [setupResultModal, setSetupResultModal] = useState<{ success: boolean | null; title: string; message: string; stepsHtml: string } | null>(null); const [showVpnScriptModal, setShowVpnScriptModal] = useState(false); const [vpnScriptData, setVpnScriptData] = useState<{ ros7: string; ros6: string } | null>(null); // Store SSH credentials and L2TP config const [savedSshCredentials, setSavedSshCredentials] = useState<{ host: string; port: string; username: string; password: string; } | null>(null); const [l2tpConfig, setL2tpConfig] = useState({ vpnServerIp: '', l2tpUsername: '', l2tpPassword: '', }); const [formData, setFormData] = useState({ name: '', host: '', username: 'admin', password: '', apiPort: '8728', subnet: '10.20.30.0/24', poolStart: '10', poolEnd: '254', gateway: '', l2tpEnabled: false, sstpEnabled: false, pptpEnabled: false, openVpnEnabled: false, }); const [showTutorial, setShowTutorial] = useState(true); useEffect(() => { // Restore saved SSH + L2TP credentials from localStorage try { const savedCreds = localStorage.getItem('l2tp_ssh_credentials'); const savedConf = localStorage.getItem('l2tp_config'); if (savedCreds) setSavedSshCredentials(JSON.parse(savedCreds)); if (savedConf) setL2tpConfig(JSON.parse(savedConf)); } catch {} loadServers(); loadVpnClients(); // eslint-disable-next-line react-hooks/exhaustive-deps }, []); const loadVpnClients = async () => { try { const res = await fetch('/api/network/vpn-client'); const data = await res.json(); const clients = (data.clients || []).map((c: any) => ({ id: c.id, name: c.name, username: c.username, password: c.password, vpnType: (c.vpnType || 'l2tp').toLowerCase(), vpnServerId: c.vpnServerId, vpnServerHost: (data.vpnServers || []).find((s: any) => s.id === c.vpnServerId)?.host || '', isRadiusServer: c.isRadiusServer ?? false, })); setVpnClients(clients); } catch { // non-critical — ignore } }; const handleL2tpAction = async (action: string, server: VpnServer) => { if (!savedSshCredentials) { addToast({ type: 'error', title: 'Isi kredensial SSH terlebih dahulu di panel kontrol' }); return; } await executeL2tpAction(action, server, savedSshCredentials); }; const handleConnectL2tp = async () => { const { host, port, username, password, vpnServerIp, l2tpUsername, l2tpPassword } = l2tpSshForm; if (!host || !username || !password) { addToast({ type: 'error', title: 'SSH credentials wajib diisi' }); return; } if (!vpnServerIp || !l2tpUsername || !l2tpPassword) { addToast({ type: 'error', title: 'Detail koneksi L2TP wajib diisi semua' }); return; } // Block jika VPN Client tidak dikonfigurasi sebagai RADIUS Server const matchedClient = vpnClients.find(c => c.username === l2tpUsername && c.vpnType === 'l2tp'); if (matchedClient && !matchedClient.isRadiusServer) { addToast({ type: 'error', title: `"${matchedClient.name}" belum dikonfigurasi sebagai RADIUS Server. Buka VPN Client → aktifkan "Jadikan Server RADIUS".` }); return; } const server = editingServer!; const sshCreds = { host, port, username, password }; setSavedSshCredentials(sshCreds); setL2tpConfig({ vpnServerIp, l2tpUsername, l2tpPassword }); // Persist to localStorage so modal doesn't ask again on next open try { localStorage.setItem('l2tp_ssh_credentials', JSON.stringify(sshCreds)); localStorage.setItem('l2tp_config', JSON.stringify({ vpnServerIp, l2tpUsername, l2tpPassword })); } catch {} await executeL2tpAction('status', server, sshCreds); }; const executeL2tpAction = async (action: string, server: VpnServer, formValues: { host: string; port: string; username: string; password: string }) => { setL2tpLoading(true); try { const response = await fetch('/api/network/vpn-server/l2tp-control', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action, host: formValues.host, username: formValues.username, password: formValues.password, port: parseInt(formValues.port) || 22, vpnServerIp: l2tpConfig.vpnServerIp, l2tpUsername: l2tpConfig.l2tpUsername, l2tpPassword: l2tpConfig.l2tpPassword, }), }); const result = await response.json(); if (result.success) { if (action === 'status') setL2tpStatus(result.result); else if (action === 'logs') setL2tpLogs(result.result.logs || []); else if (action === 'connections') setL2tpConnections(result.result.connections || ''); showSuccess(result.message); if (action !== 'status' && action !== 'logs' && action !== 'connections') { setTimeout(() => handleL2tpAction('status', server), 1000); } } else { showError(result.message || t('network.operationFailed')); } } catch (error: any) { showError(t('network.failedExecuteL2tpCommand') + ': ' + error.message); } finally { setL2tpLoading(false); } }; // handleL2tpSshSubmit removed — form is now inline in the L2TP Control modal via handleConnectL2tp const loadServers = async () => { try { const response = await fetch('/api/network/vpn-server'); const data = await response.json(); setServers(data.servers || []); } catch (error) { console.error('Load servers error:', error); showError(t('error.loadFailed') || 'Failed to load VPN servers'); } finally { setLoading(false); } }; // --- PPTP Control Handler ---------------------------------------------------- const handlePptpAction = async (action: string, server: VpnServer) => { if (!savedSshCredentials) { addToast({ type: 'error', title: 'Isi kredensial SSH terlebih dahulu di panel kontrol' }); return; } if (action === 'configure') { setPptpLoading(true); try { const r = await fetch('/api/network/vpn-server/pptp-control', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action: 'configure', ...savedSshCredentials, port: parseInt(savedSshCredentials.port), vpnServerIp: pptpSshForm.pptpServer, pptpUsername: pptpSshForm.pptpUser, pptpPassword: pptpSshForm.pptpPass }), }); const res = await r.json(); if (res.success) { showSuccess(res.message || 'PPTP dikonfigurasi'); setTimeout(() => handlePptpAction('status', server), 2000); } else showError(res.message || 'Konfigurasi PPTP gagal'); } catch (e: any) { showError('Gagal: ' + e.message); } finally { setPptpLoading(false); } return; } setPptpLoading(true); try { const r = await fetch('/api/network/vpn-server/pptp-control', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action, ...savedSshCredentials, port: parseInt(savedSshCredentials.port) }), }); const res = await r.json(); if (res.success) { if (action === 'status') setPptpStatus(res.result); else if (action === 'logs') setPptpLogs(res.result?.logs || [res.result?.output || '']); showSuccess(res.message); } else showError(res.message || 'Operasi gagal'); } catch (e: any) { showError('Gagal: ' + e.message); } finally { setPptpLoading(false); } }; const handleConnectPptp = async () => { const { host, port, username, password } = pptpSshForm; if (!host || !username || !password) { addToast({ type: 'error', title: 'SSH credentials wajib diisi' }); return; } const server = editingServer!; const sshCreds = { host, port, username, password }; setSavedSshCredentials(sshCreds); if (pptpSshForm.pptpServer && pptpSshForm.pptpUser && pptpSshForm.pptpPass) { setPptpLoading(true); try { const r = await fetch('/api/network/vpn-server/pptp-control', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action: 'configure', ...sshCreds, port: parseInt(port), vpnServerIp: pptpSshForm.pptpServer, pptpUsername: pptpSshForm.pptpUser, pptpPassword: pptpSshForm.pptpPass }), }); const res = await r.json(); if (res.success) { showSuccess(res.message || 'PPTP dikonfigurasi'); setTimeout(() => handlePptpAction('status', server), 2000); } else showError(res.message || 'Konfigurasi PPTP gagal'); } catch (e: any) { showError('Gagal: ' + e.message); } finally { setPptpLoading(false); } return; } setPptpLoading(true); try { const r = await fetch('/api/network/vpn-server/pptp-control', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action: 'status', ...sshCreds, port: parseInt(port) }) }); const res = await r.json(); if (res.success) { setPptpStatus(res.result); showSuccess(res.message); } else showError(res.message || 'Gagal'); } catch (e: any) { showError('Gagal: ' + e.message); } finally { setPptpLoading(false); } }; // --- Manual Script Generator ------------------------------------------------- const handleManualScript = (server: VpnServer) => { const [network] = server.subnet.split('/'); const parts = network.split('.'); const base = `${parts[0]}.${parts[1]}.${parts[2]}`; const poolRange = `${base}.10-${base}.254`; const localAddr = `${base}.1`; const vpnNet = `${base}.0/24`; const ros7Script = `# ------------------------------------------------------- # MikroTik RouterOS 7 - VPN Server Setup Script # Server: ${server.name} (${server.host}) # Subnet: ${server.subnet} # Generated: ${new Date().toISOString().split('T')[0]} # ------------------------------------------------------- # --- Step 1: IP Pool --- /ip/pool/add name=vpn-pool ranges=${poolRange} # --- Step 2: PPP Profile --- /ppp/profile/add name=vpn-profile local-address=${localAddr} remote-address=vpn-pool dns-server=8.8.8.8,8.8.4.4 # --- Step 3: L2TP Server --- /interface/l2tp-server/server/set enabled=yes default-profile=vpn-profile use-ipsec=no # --- Step 4: PPTP Server --- /interface/pptp-server/server/set enabled=yes default-profile=vpn-profile # --- Step 5: NAT Masquerade --- /ip/firewall/nat/add chain=srcnat action=masquerade comment="VPN NAT" # --- Step 6: Firewall Forward --- /ip/firewall/filter/add chain=forward src-address=${vpnNet} dst-address=${vpnNet} action=accept comment="SALFANET-VPN-Forward" /ip/firewall/filter/add chain=input protocol=udp src-address=${vpnNet} dst-port=1812,1813,3799 action=accept comment="SALFANET-VPN-Forward-RADIUS" /ip/firewall/filter/add chain=input protocol=tcp src-address=${vpnNet} dst-port=8291,8728,8729 action=accept comment="SALFANET-VPN-Forward-API" `; const ros6Script = `# ------------------------------------------------------- # MikroTik RouterOS 6 - VPN Server Setup Script # Server: ${server.name} (${server.host}) # Subnet: ${server.subnet} # Generated: ${new Date().toISOString().split('T')[0]} # ------------------------------------------------------- # --- Step 1: IP Pool --- /ip pool add name=vpn-pool ranges=${poolRange} # --- Step 2: PPP Profile --- /ppp profile add name=vpn-profile local-address=${localAddr} remote-address=vpn-pool dns-server=8.8.8.8,8.8.4.4 # --- Step 3: L2TP Server --- /interface l2tp-server server set enabled=yes default-profile=vpn-profile use-ipsec=no # --- Step 4: PPTP Server --- /interface pptp-server server set enabled=yes default-profile=vpn-profile # --- Step 5: NAT Masquerade --- /ip firewall nat add chain=srcnat action=masquerade comment="VPN NAT" # --- Step 6: Firewall Forward --- /ip firewall filter add chain=forward src-address=${vpnNet} dst-address=${vpnNet} action=accept comment="SALFANET-VPN-Forward" /ip firewall filter add chain=input protocol=udp src-address=${vpnNet} dst-port=1812,1813,3799 action=accept comment="SALFANET-VPN-Forward-RADIUS" /ip firewall filter add chain=input protocol=tcp src-address=${vpnNet} dst-port=8291,8728,8729 action=accept comment="SALFANET-VPN-Forward-API" # --- Verify --- /interface l2tp-server server print /interface pptp-server server print /ip pool print where name=vpn-pool /ppp profile print where name=vpn-profile`; setVpnScriptData({ ros7: ros7Script, ros6: ros6Script }); setShowVpnScriptModal(true); }; // ── WireGuard Handlers ────────────────────────────────────────────────── const openWgPanel = async (server: VpnServer) => { setWgPanelServer(server); setWgServerInfo(null); setWgPeers([]); setWgGeneratedScript(null); setShowWgPanel(true); setWgLoading(true); try { const res = await fetch('/api/network/vps-wg-peer'); const data = await res.json(); if (data.installed) { setWgServerInfo(data); setWgPeers(data.peers || []); // Sync publicKey to DB if not yet saved if (data.publicKey && data.publicKey !== server.wgPublicKey) { await fetch('/api/network/vpn-server', { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ id: server.id, name: server.name, host: server.host, username: server.username, apiPort: server.apiPort, subnet: server.subnet, l2tpEnabled: server.l2tpEnabled, sstpEnabled: server.sstpEnabled, pptpEnabled: server.pptpEnabled, wgEnabled: true, wgPublicKey: data.publicKey, wgPort: data.listenPort }), }); loadServers(); } } else { setWgServerInfo({ installed: false, message: data.message }); } } catch (e: any) { addToast({ type: 'error', title: 'Gagal membaca status WireGuard', description: e.message }); } finally { setWgLoading(false); } }; const handleWgAddPeer = async () => { if (!wgNewPeerName.trim()) { addToast({ type: 'error', title: 'Nama NAS wajib diisi' }); return; } setWgAddingPeer(true); try { const res = await fetch('/api/network/vps-wg-peer', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action: 'add', nasName: wgNewPeerName.trim() }), }); const data = await res.json(); if (!res.ok || !data.success) throw new Error(data.error || 'Gagal tambah peer'); // Build RouterOS 7 WireGuard setup script const parts = data.vpnIp.split('.'); const script = `# WireGuard NAS Setup — ${wgNewPeerName} # Generated: ${new Date().toISOString().split('T')[0]} # ──────────────────────────────────────────────── /interface/wireguard/add name=wg-salfanet private-key="${data.clientPrivateKey || ''}" /interface/wireguard/peers/add interface=wg-salfanet public-key="${data.serverPublicKey}" endpoint-address="${data.serverEndpoint?.split(':')[0]}" endpoint-port=${data.wgPort} allowed-address="${data.allowedIps}" persistent-keepalive=25 /ip/address/add address=${data.vpnIp}/32 interface=wg-salfanet /ip/route/add dst-address=${data.allowedIps.includes('/') ? data.allowedIps : data.allowedIps + '/32'} gateway=wg-salfanet # FreeRADIUS server source IP via WireGuard /radius/add address=${data.allowedIps?.split('/')[0] || data.serverEndpoint?.split(':')[0]} secret= service=ppp,login timeout=3000 # RADIUS auth via WireGuard tunnel /ip/firewall/filter/add chain=input src-address=${data.vpnIp}/32 protocol=udp dst-port=1812,1813,3799 action=accept comment="RADIUS via WG" `; setWgGeneratedScript(script); setWgNewPeerName(''); addToast({ type: 'success', title: `Peer "${wgNewPeerName}" ditambahkan`, description: `VPN IP: ${data.vpnIp}` }); // Refresh peer list await openWgPanel(wgPanelServer!); } catch (e: any) { addToast({ type: 'error', title: 'Gagal tambah peer WireGuard', description: e.message }); } finally { setWgAddingPeer(false); } }; const handleWgRemovePeer = async (pubKey: string) => { const confirmed = await showConfirm('Hapus peer WireGuard ini? Koneksi NAS akan terputus.', 'Hapus Peer'); if (!confirmed) return; try { const res = await fetch('/api/network/vps-wg-peer', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ action: 'remove', publicKey: pubKey }), }); const data = await res.json(); if (!res.ok || !data.success) throw new Error(data.error || 'Gagal hapus peer'); addToast({ type: 'success', title: 'Peer dihapus' }); setWgPeers(prev => prev.filter(p => p.publicKey !== pubKey)); } catch (e: any) { addToast({ type: 'error', title: 'Gagal hapus peer', description: e.message }); } }; // ── End WireGuard Handlers ────────────────────────────────────────────── const handleAdd = () => { setEditingServer(null); setTestResult(null); setFormData({ name: '', host: '', username: 'admin', password: '', apiPort: '8728', subnet: '10.20.30.0/24', poolStart: '10', poolEnd: '254', gateway: '', l2tpEnabled: false, sstpEnabled: false, pptpEnabled: false, openVpnEnabled: false }); setShowModal(true); } const handleEdit = (server: VpnServer) => { setEditingServer(server) setTestResult(null) setFormData({ name: server.name, host: server.host, username: server.username, password: '', apiPort: server.apiPort.toString(), subnet: server.subnet, poolStart: String(server.poolStart ?? 10), poolEnd: String(server.poolEnd ?? 254), gateway: server.gateway ?? '', l2tpEnabled: server.l2tpEnabled, sstpEnabled: server.sstpEnabled, pptpEnabled: server.pptpEnabled, openVpnEnabled: server.openVpnEnabled }) setShowModal(true) } const handleTestInModal = async () => { if (!formData.host || !formData.username || !formData.password) { showError(t('network.fillHostUsernamePassword')) return } setTestingId('modal') setTestResult(null) try { const response = await fetch('/api/network/vpn-server/test', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ host: formData.host, username: formData.username, password: formData.password, apiPort: parseInt(formData.apiPort) || 8728 }), }) const result = await response.json(); setTestResult(result); if (result.success) { showSuccess(`Router Identity: ${result.identity}\n${result.message}`, t('network.connectionSuccess')); } else { showError(result.message, t('network.connectionFailed')); } } catch (error) { const errorResult = { success: false, message: t('network.failedTestConnection') } setTestResult(errorResult); showError(errorResult.message); } finally { setTestingId(null) } } const handleSubmit = async (e: React.FormEvent) => { e.preventDefault() try { if (!editingServer) { // Save new server to DB (use Auto Setup button to configure MikroTik protocols) const response = await fetch('/api/network/vpn-server', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...formData }), }) const result = await response.json() if (response.ok) { showSuccess(t('network.vpnServerUpdated') || 'VPN Server berhasil disimpan'); setShowModal(false) loadServers() } else { showError(result.error || t('common.error')); } } else { const response = await fetch('/api/network/vpn-server', { method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...formData, id: editingServer.id }), }) if (response.ok) { showSuccess(t('network.vpnServerUpdated')); setShowModal(false) loadServers() } else { showError(t('network.failedUpdateVpnServer')); } } } catch (error) { showError(t('common.error')); } } const handleDelete = async (id: string, name: string) => { const confirmed = await showConfirm(t('network.deleteConfirm').replace('{name}', name), t('network.deleteVpnServer')); if (confirmed) { try { const response = await fetch(`/api/network/vpn-server?id=${id}`, { method: 'DELETE' }) if (response.ok) { showSuccess(t('network.vpnServerDeleted'), t('common.deleted')); loadServers(); } } catch (error) { showError(t('network.failedDeleteVpnServer')); } } } const handleTest = async (server: VpnServer) => { setTestPasswordServer(server); setTestPasswordValue(''); setShowTestPasswordModal(true); }; const handleSubmitTestPassword = async () => { const server = testPasswordServer; if (!server || !testPasswordValue) { addToast({ type: 'error', title: t('network.passwordRequired') || 'Password diperlukan' }); return; } setShowTestPasswordModal(false); setTestingId(server.id); try { const response = await fetch('/api/network/vpn-server/test', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ host: server.host, username: server.username, password: testPasswordValue, apiPort: server.apiPort }), }); if (!response.ok && response.status === 401) { addToast({ type: 'error', title: 'Sesi telah habis, silakan login ulang' }); return; } const result = await response.json(); if (result.success) { addToast({ type: 'success', title: t('network.connectionSuccess') || 'Koneksi Berhasil', description: `Identity: ${result.identity || '-'} — ${result.message || ''}` }); } else { addToast({ type: 'error', title: t('network.connectionFailed') || 'Koneksi Gagal', description: result.message || 'Tidak dapat terhubung ke RouterOS API' }); } } catch (error: any) { addToast({ type: 'error', title: 'Gagal Uji Koneksi', description: error?.message || String(error) }); } finally { setTestingId(null); setTestPasswordValue(''); } }; const handleSetup = async (server: VpnServer) => { setSetupPasswordServer(server); setSetupPasswordValue(''); setShowSetupPasswordModal(true); }; const handleSubmitSetupPassword = async () => { const server = setupPasswordServer; if (!server || !setupPasswordValue) { addToast({ type: 'error', title: t('network.passwordRequired') }); return; } setShowSetupPasswordModal(false); setSettingUpId(server.id); const formatStep = (s: string) => { const cls = s.startsWith('✅') ? 'text-green-400' : s.startsWith('❌') ? 'text-red-400' : s.startsWith('⚠️') ? 'text-yellow-400' : 'text-gray-300'; return `

${s}

`; }; // Show live modal immediately so user sees progress setSetupResultModal({ success: null, title: 'Setup Sedang Berjalan...', message: 'Menghubungkan ke RouterOS API...', stepsHtml: '

⏳ Menghubungkan...

' }); const liveSteps: string[] = []; try { const response = await fetch('/api/network/vpn-server/setup', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ serverId: server.id, host: server.host, username: server.username, password: setupPasswordValue, apiPort: server.apiPort.toString(), subnet: server.subnet, name: server.name }), }); if (!response.body) { throw new Error(`No response body (HTTP ${response.status})`); } const reader = response.body.getReader(); const decoder = new TextDecoder(); let buffer = ''; while (true) { const { done, value } = await reader.read(); if (done) break; buffer += decoder.decode(value, { stream: true }); const lines = buffer.split('\n'); buffer = lines.pop() || ''; for (const line of lines) { const trimmed = line.trim(); if (!trimmed) continue; try { const data = JSON.parse(trimmed); if (data.step) { liveSteps.push(data.step); setSetupResultModal({ success: null, title: 'Setup Sedang Berjalan...', message: 'Mengkonfigurasi RouterOS API, mohon tunggu...', stepsHtml: liveSteps.map(formatStep).join(''), }); } if (data.done) { const allSteps: string[] = data.steps || liveSteps; const stepsHtml = allSteps.map(formatStep).join(''); if (data.success) { const protocols: string[] = []; if (data.l2tp) protocols.push('L2TP'); if (data.sstp) protocols.push('SSTP'); if (data.pptp) protocols.push('PPTP'); const successMsg = (t('network.protocolsEnabled') || 'Protokol aktif: {protocols}').replace('{protocols}', protocols.join(', ')) + (data.rosVersion ? ` | RouterOS: ${data.rosVersion}` : ''); setSetupResultModal({ success: true, title: t('network.setupComplete') || 'Setup Selesai', message: successMsg, stepsHtml }); addToast({ type: 'success', title: t('network.setupComplete') || 'Setup VPN Berhasil', description: `Protokol aktif: ${protocols.join(', ') || '-'}` }); loadServers(); } else { const errMsg = data.message || 'Setup gagal — periksa koneksi ke CHR'; setSetupResultModal({ success: false, title: t('network.connectionFailed') || 'Setup Gagal', message: errMsg, stepsHtml }); addToast({ type: 'error', title: 'Setup VPN Gagal', description: errMsg }); } } } catch { /* ignore JSON parse errors on partial lines */ } } } } catch (error: any) { const msg = error?.message || t('network.failedSetupVpnServer') || 'Setup VPN gagal'; const stepsHtml = liveSteps.map(formatStep).join('') + `

❌ Error: ${msg}

`; addToast({ type: 'error', title: 'Setup VPN Gagal', description: msg }); setSetupResultModal({ success: false, title: 'Setup Gagal', message: msg, stepsHtml }); } finally { setSettingUpId(null); setSetupPasswordValue(''); } }; // Stats calculations const totalServers = servers.length; const activeServers = servers.filter(s => s.l2tpEnabled || s.sstpEnabled || s.pptpEnabled).length; const l2tpServers = servers.filter(s => s.l2tpEnabled).length; const sstpServers = servers.filter(s => s.sstpEnabled).length; if (loading) { return (

{t('network.loadingVpnServers')}

); } return ( <> {/* L2TP SSH Credential Modal — removed, form is now inline in L2TP Control modal */} {/* PPTP SSH Credential Modal — removed, form is now inline in PPTP Control modal */} {/* Test Password Modal */} {showTestPasswordModal && createPortal(
setShowTestPasswordModal(false)}>
e.stopPropagation()}>

{t('network.enterPassword')}

{t('network.mikrotikPassword')} - {testPasswordServer?.name}

setTestPasswordValue(e.target.value)} onKeyDown={(e) => e.key === 'Enter' && handleSubmitTestPassword()} autoFocus />
, document.body )} {/* Setup Password Modal */} {showSetupPasswordModal && createPortal(
setShowSetupPasswordModal(false)}>
e.stopPropagation()}>

Auto-Setup VPN Server?

This will configure: L2TP, SSTP (port 992), PPTP, IP Pool ({setupPasswordServer?.subnet}), PPP Profile, NAT.

setSetupPasswordValue(e.target.value)} onKeyDown={(e) => e.key === 'Enter' && handleSubmitSetupPassword()} autoFocus />
, document.body )} {/* Setup Result Modal */} {setupResultModal && createPortal(
setupResultModal?.success !== null && setSetupResultModal(null)}>
e.stopPropagation()}>

{setupResultModal.title}

{setupResultModal.message}

{setupResultModal.stepsHtml &&
}
, document.body )} {/* VPN Script Modal */} {showVpnScriptModal && vpnScriptData && createPortal(
setShowVpnScriptModal(false)}>
e.stopPropagation()}>

📋 Manual Setup Script

Copy & paste script ke Terminal/Winbox MikroTik.

RouterOS 7
{vpnScriptData.ros7}
RouterOS 6
{vpnScriptData.ros6}
, document.body )}
{/* Animated Background */}
{/* Header Section */}

{t('network.vpnServerManagement')}

{t('network.vpnServerManagementDesc')}

{/* ── Tutorial / Flow Banner ───────────────────────────────── */}
{showTutorial && (
{[ { step: 1, icon: '☁️', color: 'border-[#bc13fe]/40 bg-[#bc13fe]/5', title: 'Install di VPS', desc: 'Jalankan installer SALFANET di VPS: bash vps-install.sh. FreeRADIUS, Node.js, dan PM2 akan terinstall otomatis.', link: null, linkLabel: null }, { step: 2, icon: '🖥️', color: 'border-[#00f7ff]/40 bg-[#00f7ff]/5', title: 'Tambah VPN Server', desc: 'Isi IP MikroTik CHR, username admin, dan subnet VPN (contoh: 10.20.30.0/24). Klik "Test Koneksi" lalu Simpan.', link: null, linkLabel: null }, { step: 3, icon: '⚙️', color: 'border-green-500/40 bg-green-500/5', title: 'Setup Protokol', desc: 'Klik tombol "Setup" pada kartu server untuk konfigurasi L2TP/SSTP/PPTP di MikroTik CHR secara otomatis. Untuk WireGuard (RouterOS 7+) klik tombol WireGuard.', link: null, linkLabel: null }, { step: 4, icon: '📡', color: 'border-amber-500/40 bg-amber-500/5', title: 'Tambah VPN Client', desc: 'Setelah server siap, pergi ke menu VPN Client untuk tambahkan setiap NAS sebagai client. Sistem generate script RouterOS otomatis.', link: '/admin/network/vpn-client', linkLabel: '→ Menu VPN Client' }, ].map(item => (
{item.icon} Step {item.step}

{item.title}

{item.desc}

{item.link && ( {item.linkLabel} )}
))}

🔷 WireGuard (RouterOS 7+)

Arsitektur baru: VPS sebagai WG server, setiap NAS connect langsung ke VPS. Lebih cepat, lebih aman, tidak perlu CHR.

🔶 L2TP/SSTP (RouterOS 6+)

Arsitektur legacy: VPS connect ke MikroTik CHR via L2TP/SSTP. NAS kemudian connect ke CHR. Gunakan jika RouterOS belum di-upgrade.

)}
{/* Stats Cards */}
{/* Total Servers */}

{totalServers}

Total Server

{/* Active Servers */}

{activeServers}

Server Aktif

{/* L2TP Servers */}

{l2tpServers}

L2TP Aktif

{/* SSTP Servers */}

{sstpServers}

SSTP Aktif

{/* Server List */} {servers.length === 0 ? (

{t('network.noVpnServersYet')}

{t('network.noVpnServersDesc')}

) : (
{servers.map((server) => (
{/* Server Header */}

{server.name}

{server.host}:{server.apiPort}

{/* Protocol Badges */}
{server.l2tpEnabled && ( L2TP/IPSec )} {server.sstpEnabled && ( SSTP )} {server.pptpEnabled && ( PPTP )} {server.wgEnabled && ( WireGuard )} {!server.l2tpEnabled && !server.sstpEnabled && !server.pptpEnabled && !server.wgEnabled && ( {t('network.notConfigured')} )}
{/* Server Details */}

{t('network.hostAddress')}

{server.host}

{t('network.username')}

{server.username}

{t('network.apiPort')}

{server.apiPort}

{t('network.vpnSubnet')}

{server.subnet}

{/* Pool Config Info */}
Pool IP: {server.subnet.split('.').slice(0,3).join('.')}.{server.poolStart ?? 10} – {server.subnet.split('.').slice(0,3).join('.')}.{server.poolEnd ?? 254} Gateway: {server.gateway || (server.subnet.split('.').slice(0,3).join('.') + '.1')}
{/* Action Buttons */}
{server.l2tpEnabled && ( )}
)) }
)}
{/* Add/Edit Modal */} { showModal && (

{editingServer ? t('network.editVpnServer') : t('network.addNewVpnServer')}

setFormData({ ...formData, name: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all" placeholder={t('network.mainVpnServerPlaceholder')} required />
setFormData({ ...formData, host: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all" placeholder={t('network.ipAddressPlaceholder')} required />
setFormData({ ...formData, apiPort: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all" placeholder={t('network.apiPortPlaceholder')} />
setFormData({ ...formData, username: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all" placeholder={t('network.adminPlaceholder')} required />
setFormData({ ...formData, password: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all" placeholder={t('network.passwordPlaceholder')} required={!editingServer} />
setFormData({ ...formData, subnet: e.target.value })} className="w-full px-4 py-3 bg-input border border-border rounded-xl text-foreground placeholder-gray-500 focus:border-[#00f7ff] focus:ring-2 focus:ring-[#00f7ff]/30 transition-all font-mono" placeholder={t('network.vpnSubnetPlaceholder')} required />
{/* Pool Config */}
x.x.x. setFormData({ ...formData, poolStart: e.target.value })} className="flex-1 px-3 py-2 bg-input border border-border rounded-lg text-foreground font-mono focus:border-[#00f7ff] focus:ring-1 focus:ring-[#00f7ff]/30 transition-all" placeholder="10" />
x.x.x. setFormData({ ...formData, poolEnd: e.target.value })} className="flex-1 px-3 py-2 bg-input border border-border rounded-lg text-foreground font-mono focus:border-[#00f7ff] focus:ring-1 focus:ring-[#00f7ff]/30 transition-all" placeholder="254" />
setFormData({ ...formData, gateway: e.target.value })} className="w-full px-3 py-2 bg-input border border-border rounded-lg text-foreground font-mono placeholder-gray-500 focus:border-[#00f7ff] focus:ring-1 focus:ring-[#00f7ff]/30 transition-all" placeholder="mis. 10.20.30.1 (opsional)" />

Pool: x.x.x.{formData.poolStart || '10'} – x.x.x.{formData.poolEnd || '254'} · Gateway: {formData.gateway || (formData.subnet ? formData.subnet.split('.').slice(0,3).join('.') + '.1' : 'auto')}

{[ { key: 'l2tpEnabled', label: 'L2TP/IPSec', color: 'green' }, { key: 'sstpEnabled', label: 'SSTP (port 992)', color: 'cyan' }, { key: 'pptpEnabled', label: 'PPTP', color: 'purple' }, ].map(({ key, label, color }) => ( ))}
{/* Test Result */} {testResult && (
{testResult.success ? ( ) : ( )} {testResult.success ? `Connected: ${testResult.identity}` : testResult.message}
)}
) } {/* ── WireGuard Panel Modal ── */} {showWgPanel && wgPanelServer && (
setShowWgPanel(false)}>
e.stopPropagation()}>

WireGuard VPN Server — {wgPanelServer.name}

{wgLoading &&

⏳ Membaca status WireGuard dari VPS...

} {!wgLoading && wgServerInfo && !wgServerInfo.installed && (

⚠️ WireGuard server belum di-install

{wgServerInfo.message}

Jalankan di VPS:

bash /var/www/salfanet-radius/vps-install/install-wg-server.sh
)} {!wgLoading && wgServerInfo?.installed && ( <> {/* Server Info */}
{[ { label: 'Public IP', value: wgServerInfo.publicIp }, { label: 'Listen Port', value: `${wgServerInfo.listenPort}/UDP` }, { label: 'Subnet', value: wgServerInfo.subnet }, { label: 'Peers Aktif', value: wgPeers.length.toString() }, ].map(({ label, value }) => (

{label}

{value}

))}
{/* Server Public Key */}

Server Public Key (untuk config NAS)

{wgServerInfo.publicKey}
{/* Pool Config moved to VPN Client page → Konfigurasi VPS Built-in VPN */}

NAS Peers ({wgPeers.length})

{wgPeers.length === 0 ? (

Belum ada peer terhubung. Tambahkan NAS di bawah.

) : (
{wgPeers.map((peer) => (

{peer.allowedIps || '–'}

{peer.endpoint || 'no endpoint'} • {peer.transfer || '–'}

{peer.publicKey}

{peer.lastHandshake &&

Handshake: {new Date(peer.lastHandshake).toLocaleString('id-ID')}

}
))}
)}
{/* Add New Peer */}

Tambah NAS Baru via WireGuard

setWgNewPeerName(e.target.value)} onKeyDown={(e) => e.key === 'Enter' && handleWgAddPeer()} />

VPS akan generate keypair dan assign VPN IP. Script RouterOS 7 ditampilkan otomatis.

{/* Generated RouterOS Script */} {wgGeneratedScript && (

Script RouterOS 7 — Copy ke Winbox Terminal

{wgGeneratedScript}
)} )}
)} {/* L2TP Control Modal */} {showL2tpControl && editingServer && (

L2TP Control - {editingServer.name}

{/* Inline SSH + L2TP Credentials */} {!savedSshCredentials ? (

🔑 SSH Connection — VPS RADIUS Server

Target: {editingServer.name} ({editingServer.host})

setL2tpSshForm(p => ({...p, host: e.target.value}))} />
setL2tpSshForm(p => ({...p, port: e.target.value}))} /> setL2tpSshForm(p => ({...p, username: e.target.value}))} />
setL2tpSshForm(p => ({...p, password: e.target.value}))} />

🔗 L2TP Connection Details

{(() => { const radiusClients = vpnClients.filter(c => c.vpnType === 'l2tp' && c.isRadiusServer); const allL2tp = vpnClients.filter(c => c.vpnType === 'l2tp'); return (
{allL2tp.length > 0 && radiusClients.length === 0 && (

⚠️ Tidak ada VPN Client L2TP yang dikonfigurasi sebagai RADIUS Server. Buka menu VPN Client → centang “Jadikan Server RADIUS”.

)} {radiusClients.length > 0 && ( )}
); })()} setL2tpSshForm(p => ({...p, vpnServerIp: e.target.value}))} />
setL2tpSshForm(p => ({...p, l2tpUsername: e.target.value}))} /> setL2tpSshForm(p => ({...p, l2tpPassword: e.target.value}))} />
) : (

✅ SSH: {savedSshCredentials.username}@{savedSshCredentials.host}

)} {/* VPN Connection Status */} {l2tpStatus && (
{l2tpStatus.connected ? : }

VPN Tunnel

{l2tpStatus.connected ? 'Connected' : 'Disconnected'}

{l2tpStatus.connected && (

VPN IP (VPS)

{l2tpStatus.vpnIp ?? '-'}

Remote (CHR)

{l2tpStatus.vpnPeer ?? '-'}

Interface

{l2tpStatus.pppIface ?? '-'}

)}
)} {/* Pool Config moved to VPN Client page → Konfigurasi VPS Built-in VPN */} {/* Control Buttons */}
{l2tpLogs.length > 0 && (

{t('network.recentLogs')}

{l2tpLogs.join('\n')}
)}
)}
); }