diff options
| author | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-06-01 09:00:09 -0400 |
| commit | 58005e521346eea230c564aacf34b0820b9a6123 (patch) | |
| tree | 7242c84ccd28d9044a7c0f08f7ecfee952634a65 /usr/local/www/vpn_ipsec_phase2.php | |
| parent | e5770bc233d9a6a9a335b02490d7c4607410cd95 (diff) | |
| parent | 97c1f2684c5dd225075fec08148f084ff190af0a (diff) | |
| download | pfsense-58005e521346eea230c564aacf34b0820b9a6123.zip pfsense-58005e521346eea230c564aacf34b0820b9a6123.tar.gz | |
Merge remote branch 'upstream/master'
Conflicts:
conf.default/config.xml
etc/inc/filter.inc
etc/inc/globals.inc
etc/inc/pfsense-utils.inc
etc/inc/upgrade_config.inc
usr/local/www/interfaces.php
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 70 |
1 files changed, 68 insertions, 2 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 5957c9e..6586b42 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -141,8 +141,74 @@ if ($_POST) { } } - /* TODO : Validate enabled phase2's are not duplicates */ - + /* Validate enabled phase2's are not duplicates */ + if (isset($pconfig['mobile'])){ + /* User is adding phase 2 for mobile phase1 */ + foreach($a_phase2 as $name){ + if (isset($name['mobile'])){ + /* check duplicate localids only for mobile clents */ + if ($name['localid']['type'] == $pconfig['localid_type']){ + /* Types match, check further */ + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address']) + $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits']) + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + if (count($input_errors) > 0) + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + }else{ + /* User is adding phase 2 for site-to-site phase1 */ + $input_error = 0; + foreach($a_phase2 as $name){ + if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ + /* check duplicate subnets only for given phase1 */ + if ($name['localid']['type'] == $pconfig['localid_type'] && + $name['remoteid']['type'] == $pconfig['remoteid_type']){ + /* Types match, check further */ + $configured_remote_string = $name['remoteid']['address'] . $name['remoteid']['netbits']; + $eneterd_remote_string = $pconfig['remoteid_address'] . $pconfig['remoteid_netbits']; + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + if ($configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits'] && + $configured_remote_string == $eneterd_remote_string) + $input_error = 1; + break; + } + if ($input_error){ + $input_errors[] = gettext("Phase2 with this Local/Remote Networks combination is already defined for this Phase1."); + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } + } + $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { |
