diff options
| author | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-02 11:23:11 -0400 |
|---|---|---|
| committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-06-02 11:23:11 -0400 |
| commit | b717f1bc62decb9a02404d427742c352b2b3fbec (patch) | |
| tree | 63eb78330e50fc58990a713f63542e240c067dd6 /usr/local/www/vpn_ipsec_phase2.php | |
| parent | fc3dcc8b00e8c67c17494be7623e573b3e27bb96 (diff) | |
| download | pfsense-b717f1bc62decb9a02404d427742c352b2b3fbec.zip pfsense-b717f1bc62decb9a02404d427742c352b2b3fbec.tar.gz | |
Bug #1560.IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1 (fixing p2 edit)
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 6985b2b..395b81e 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -143,7 +143,7 @@ if ($_POST) { /* Validate enabled phase2's are not duplicates */ if (isset($pconfig['mobile'])){ /* User is adding phase 2 for mobile phase1 */ - foreach($a_phase2 as $name){ + foreach($a_phase2 as $key => $name){ if (isset($name['mobile'])){ /* check duplicate localids only for mobile clents */ $localid_data = ipsec_idinfo_to_cidr($name['localid']); @@ -152,16 +152,23 @@ if ($_POST) { if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address']; if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits']; $entered_localid_data = ipsec_idinfo_to_cidr($entered); - if ($localid_data == $entered_localid_data){ - $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); - break; + if ($localid_data == $entered_localid_data){ + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } } } } }else{ /* User is adding phase 2 for site-to-site phase1 */ $input_error = 0; - foreach($a_phase2 as $name){ + foreach($a_phase2 as $key => $name){ if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){ /* check duplicate subnets only for given phase1 */ $localid_data = ipsec_idinfo_to_cidr($name['localid']); @@ -177,8 +184,15 @@ if ($_POST) { if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits']; $entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote); if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { - $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); - break; + if (!isset($pconfig['p2index'])){ + /* adding new p2 entry */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + }else if ($pconfig['p2index'] != $key){ + /* editing p2 and entered p2 networks match with different p2 for given p1 */ + $input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1."); + break; + } } } } |
