diff options
author | jim-p <jimp@netgate.com> | 2018-09-07 08:10:55 -0400 |
---|---|---|
committer | jim-p <jimp@netgate.com> | 2018-09-07 08:11:32 -0400 |
commit | 2ee829ae71ba99d2ba3cb9f4b5288e90c5c1d0dc (patch) | |
tree | bb43ed911edd9339ca0817de966d9af3217e0ae6 | |
parent | 39504035c2a88bfe50fa965b6833ac420a0a921c (diff) | |
download | pfsense-2ee829ae71ba99d2ba3cb9f4b5288e90c5c1d0dc.zip pfsense-2ee829ae71ba99d2ba3cb9f4b5288e90c5c1d0dc.tar.gz |
Prevent a user from selecting VTI for mobile IPsec. Fixes #8877
(cherry picked from commit 885cf6a751f076f43fa89167ba2a79f779244f1b)
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase2.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php index 1985743..43a9697 100644 --- a/src/usr/local/www/vpn_ipsec_phase2.php +++ b/src/usr/local/www/vpn_ipsec_phase2.php @@ -243,6 +243,10 @@ if ($_POST['save']) { /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])) { /* User is adding phase 2 for mobile phase1 */ + if ($pconfig['mode'] == "vti") { + $input_errors[] = gettext("VTI is not compatible with mobile IPsec."); + } + foreach ($a_phase2 as $key => $name) { if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) { /* check duplicate localids only for mobile clents */ |