diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-01-24 17:33:13 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-01-24 17:33:13 -0200 |
commit | e4ffca08822057400f6a8c2af91622e0c32f6140 (patch) | |
tree | 47588f1f0ee20af929530fb0e3fe44a841ab0ba5 /usr/local/www/vpn_ipsec_phase1.php | |
parent | ab2ccd9f8c5c12bee3d5bcf8ceacd53b9e3f316f (diff) | |
download | pfsense-e4ffca08822057400f6a8c2af91622e0c32f6140.zip pfsense-e4ffca08822057400f6a8c2af91622e0c32f6140.tar.gz |
Make IPv4/IPv6 validation on IPSec
It should fix #2769
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index ee50cf8..90c2c34 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -176,8 +176,14 @@ if ($_POST) { if (($pconfig['lifetime'] && !is_numeric($pconfig['lifetime']))) $input_errors[] = gettext("The P1 lifetime must be an integer."); - if (($pconfig['remotegw'] && !is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw']))) - $input_errors[] = gettext("A valid remote gateway address or host name must be specified."); + if ($pconfig['remotegw']) { + if (!is_ipaddr($pconfig['remotegw']) && !is_domain($pconfig['remotegw'])) + $input_errors[] = gettext("A valid remote gateway address or host name must be specified."); + elseif (is_ipaddrv4($pconfig['remotegw']) && ($pconfig['protocol'] != "inet")) + $input_errors[] = gettext("A valid remote gateway IPv4 address must be specified or you need to change protocol to IPv6"); + elseif (is_ipaddrv6($pconfig['remotegw']) && ($pconfig['protocol'] != "inet6")) + $input_errors[] = gettext("A valid remote gateway IPv6 address must be specified or you need to change protocol to IPv4"); + } if (($pconfig['remotegw'] && is_ipaddr($pconfig['remotegw']) && !isset($pconfig['disabled']) )) { $t = 0; @@ -192,6 +198,21 @@ if ($_POST) { } } + if (is_array($a_phase2) && (count($a_phase2))) { + foreach ($a_phase2 as $phase2) { + if($phase2['ikeid'] == $pconfig['ikeid']) { + if (($pconfig['protocol'] == "inet") && ($phase2['mode'] == "tunnel6")) { + $input_errors[] = gettext("There is a Phase 2 using IPv6, you cannot use IPv4."); + break; + } + if (($pconfig['protocol'] == "inet6") && ($phase2['mode'] == "tunnel")) { + $input_errors[] = gettext("There is a Phase 2 using IPv4, you cannot use IPv6."); + break; + } + } + } + } + /* My identity */ if ($pconfig['myid_type'] == "myaddress") |