1 files changed, 21 insertions, 7 deletions

diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php
index 6985b2b..395b81e 100644
--- a/usr/local/www/vpn_ipsec_phase2.php
+++ b/usr/local/www/vpn_ipsec_phase2.php
@@ -143,7 +143,7 @@ if ($_POST) {
 	/* Validate enabled phase2's are not duplicates */
 	if (isset($pconfig['mobile'])){
 		/* User is adding phase 2 for mobile phase1 */
-		foreach($a_phase2 as $name){
+		foreach($a_phase2 as $key => $name){
 			if (isset($name['mobile'])){
 				/* check duplicate localids only for mobile clents */
 				$localid_data = ipsec_idinfo_to_cidr($name['localid']);
@@ -152,16 +152,23 @@ if ($_POST) {
 				if (isset($pconfig['localid_address'])) $entered['address'] = $pconfig['localid_address'];
 				if (isset($pconfig['localid_netbits'])) $entered['netbits'] = $pconfig['localid_netbits'];
 				$entered_localid_data = ipsec_idinfo_to_cidr($entered);
-				if ($localid_data == $entered_localid_data){ 
-					$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
-					break;
+				if ($localid_data == $entered_localid_data){
+					if (!isset($pconfig['p2index'])){
+						/* adding new p2 entry */
+						$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
+						break;
+					}else if ($pconfig['p2index'] != $key){
+						/* editing p2 and entered p2 networks match with different p2 for given p1 */
+						$input_errors[] = gettext("Phase2 with this Local Network is already defined for mobile clients.");
+						break;
+					}
 				}
 			}
 		}
 	}else{
 		/* User is adding phase 2 for site-to-site phase1 */
 		$input_error = 0;
-		foreach($a_phase2 as $name){
+		foreach($a_phase2 as $key => $name){
 			if (!isset($name['mobile']) && $pconfig['ikeid'] == $name['ikeid']){
 				/* check duplicate subnets only for given phase1 */
 				$localid_data = ipsec_idinfo_to_cidr($name['localid']);
@@ -177,8 +184,15 @@ if ($_POST) {
 				if (isset($pconfig['remoteid_netbits'])) $entered_remote['netbits'] = $pconfig['remoteid_netbits'];
 				$entered_remoteid_data = ipsec_idinfo_to_cidr($entered_remote);
 				if ($localid_data == $entered_localid_data && $remoteid_data == $entered_remoteid_data) { 
-					$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
-					break;
+					if (!isset($pconfig['p2index'])){
+						/* adding new p2 entry */
+						$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
+						break;
+					}else if ($pconfig['p2index'] != $key){
+						/* editing p2 and entered p2 networks match with different p2 for given p1 */
+						$input_errors[] = gettext("Phase2 with this Local/Remote networks combination is already defined for this Phase1.");
+						break;
+					}
 				}
 			}
 		}