diff options
| author | jim-p <jimp@netgate.com> | 2018-09-06 16:31:08 -0400 |
|---|---|---|
| committer | jim-p <jimp@netgate.com> | 2018-09-06 16:32:10 -0400 |
| commit | 39504035c2a88bfe50fa965b6833ac420a0a921c (patch) | |
| tree | e32e4cff8e4ce4094c42626c4ee16b1d4d3717e1 | |
| parent | af65661509a938cde48da6974d08a7d89e5bc3f0 (diff) | |
| download | pfsense-39504035c2a88bfe50fa965b6833ac420a0a921c.zip pfsense-39504035c2a88bfe50fa965b6833ac420a0a921c.tar.gz | |
IPsec VTI requires a manually specified network/address. Issue #8877
Prevent a user from selecting an interface macro like "LAN Network"
which cannot be used with VTI since it does not work like traditional
IPsec Phase 2 definitions.
(cherry picked from commit 02af14942872567362f1761f06a1d754080da074)
| -rw-r--r-- | src/usr/local/www/vpn_ipsec_phase2.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php index 9a8c67c..1985743 100644 --- a/src/usr/local/www/vpn_ipsec_phase2.php +++ b/src/usr/local/www/vpn_ipsec_phase2.php @@ -172,6 +172,11 @@ if ($_POST['save']) { $input_errors[] = gettext("An IPv6 local address was specified but the mode is not set to tunnel6"); } break; + default: + if (($pconfig['mode'] == "vti") && !is_ipaddr($pconfig['localid_address'])) { + $input_errors[] = gettext("VTI requires a valid local network or IP address for its endpoint address, it cannot use a network macro for a different interface (e.g. LAN)."); + } + } /* Check if the localid_type is an interface, to confirm if it has a valid subnet. */ if (is_array($config['interfaces'][$pconfig['localid_type']])) { |
