diff options
author | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 05:03:39 -0400 |
---|---|---|
committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-05-31 05:03:39 -0400 |
commit | 061f28bfd582d1f08d8dfe60f87fc4fd99ec0a93 (patch) | |
tree | 421486e3ef54b2c1e0e1b957fefbd336aef865dd /usr | |
parent | edb2a3dab4833fa024828f3150cdcc1521ea1b48 (diff) | |
download | pfsense-061f28bfd582d1f08d8dfe60f87fc4fd99ec0a93.zip pfsense-061f28bfd582d1f08d8dfe60f87fc4fd99ec0a93.tar.gz |
Bug #1560. IPsec GUI needs to reject duplicate subnets in phase 2s for a given phase 1(mobile clients).
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index d45b0d6..bd71191 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -142,7 +142,34 @@ if ($_POST) { } /* TODO : Validate enabled phase2's are not duplicates */ - + if (isset($pconfig['mobile'])){ + foreach($a_phase2 as $name){ + if (isset($name['mobile'])){ + /* check duplicate localids only for mobile clents */ + if ($name['localid']['type'] == $pconfig['localid_type']){ + /* Types match, check further */ + switch($pconfig['localid_type']){ + case "none": + case "lan": + case "wan": + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + case "address": + if ($name['localid']['address'] == $pconfig['localid_address']) + $input_errors[] = gettext("Phase2 with this Local Address is already defined for mobile clients."); + break; + case "network": + if ($name['localid']['address'] == $pconfig['localid_address'] && + $name['localid']['netbits'] == $pconfig['localid_netbits']) + $input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients."); + break; + } + if (count($input_errors) > 0) + break; /* there is an error, stop checking other phase2 definitions */ + } + } + } + } $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { |