Avoid generating an invalid racoon config if the user specified a mobile pool that is too small.

2 files changed, 6 insertions, 1 deletions

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index 3a75c96..b047132 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -345,6 +345,11 @@ function vpn_ipsec_configure($ipchg = false)
 					$pool_address = long2ip32(ip2long($pool_address)+1);
 					$pool_size = (~ip2long($pool_netmask) & 0xFFFFFFFF) - 2;
 
+					if ($pool_size < 0) {
+						log_error(sprintf(gettext("Invalid mobile IPsec pool size: %s, using 0"), $pool_size));
+						$pool_size = 0;
+					}
+
 					$racoonconf .= "\tpool_size {$pool_size};\n";
 					$racoonconf .= "\tnetwork4 {$pool_address};\n";
 					$racoonconf .= "\tnetmask4 {$pool_netmask};\n";
diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php
index 84bf198..5a4c269 100755
--- a/usr/local/www/vpn_ipsec_mobile.php
+++ b/usr/local/www/vpn_ipsec_mobile.php
@@ -434,7 +434,7 @@ function login_banner_change() {
 										<input name="pool_address" type="text" class="formfld unknown" id="pool_address" size="20" value="<?=htmlspecialchars($pconfig['pool_address']);?>"/>
 										/
 										<select name="pool_netbits" class="formselect" id="pool_netbits">
-											<?php for ($i = 32; $i >= 0; $i--): ?>
+											<?php for ($i = 29; $i >= 0; $i--): ?>
 											<option value="<?=$i;?>" <?php if ($i == $pconfig['pool_netbits']) echo "selected=\"selected\""; ?>>
 												<?=$i;?>
 											</option>