diff options
| author | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 23:41:32 -0400 |
|---|---|---|
| committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 23:41:32 -0400 |
| commit | 538b6eb353ce568627513e681483329ecb0d1ec8 (patch) | |
| tree | 3750aa1212875f9ef5bb76b4ca3a4e69e213daaa /usr/local/www/vpn_ipsec_phase2.php | |
| parent | 9d545c88c68539c6f7e6790d6d80e6ed4f51e179 (diff) | |
| download | pfsense-538b6eb353ce568627513e681483329ecb0d1ec8.zip pfsense-538b6eb353ce568627513e681483329ecb0d1ec8.tar.gz | |
Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(site-to-site).
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index bd71191..c0ddf0e 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,8 +141,9 @@ if ($_POST) { } } - /* TODO : Validate enabled phase2's are not duplicates */ + /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ + /* User is adding phase 2 for mobile phase1 */ foreach($a_phase2 as $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ @@ -169,7 +170,45 @@ if ($_POST) { } } } - } + }else{ + /* User is adding phase 2 for site-to-site phase1 */ + $input_error = 0; + foreach($a_phase2 as $name){ + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ + /* check duplicate subnets only for given phase1 */ + if ($name['localid']['type'] == $pconfig['localid_type'] && + $name['remoteid']['type'] == $pconfig['remoteid_type']){ + /* Types match, check further */ + $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; + $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + if ($configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + } + if ($input_error){ + $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } + } + $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { |
