From 2ee829ae71ba99d2ba3cb9f4b5288e90c5c1d0dc Mon Sep 17 00:00:00 2001
From: jim-p <jimp@netgate.com>
Date: Fri, 7 Sep 2018 08:10:55 -0400
Subject: Prevent a user from selecting VTI for mobile IPsec. Fixes #8877

(cherry picked from commit 885cf6a751f076f43fa89167ba2a79f779244f1b)
---
 src/usr/local/www/vpn_ipsec_phase2.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/usr/local/www/vpn_ipsec_phase2.php b/src/usr/local/www/vpn_ipsec_phase2.php
index 1985743..43a9697 100644
--- a/src/usr/local/www/vpn_ipsec_phase2.php
+++ b/src/usr/local/www/vpn_ipsec_phase2.php
@@ -243,6 +243,10 @@ if ($_POST['save']) {
 	/* Validate enabled phase2's are not duplicates */
 	if (isset($pconfig['mobile'])) {
 		/* User is adding phase 2 for mobile phase1 */
+		if ($pconfig['mode'] == "vti") {
+			$input_errors[] = gettext("VTI is not compatible with mobile IPsec.");
+		}
+
 		foreach ($a_phase2 as $key => $name) {
 			if (isset($name['mobile']) && $name['uniqid'] != $pconfig['uniqid']) {
 				/* check duplicate localids only for mobile clents */
-- 
cgit v1.1