From 8eae446e8bc061ba852fdf0ce27376f9028bf0d5 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Mon, 29 Aug 2016 20:04:20 +0200 Subject: [PATCH] rework https://github.com/opnsense/core/pull/1160 --- src/etc/inc/ipsec.inc | 12 ++++++------ src/www/vpn_ipsec_phase1.php | 11 +++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index f3320a44a..d6ad6a812 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -37,12 +37,12 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE ); $p1_ealgos = array( - 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), - 'camellia' => array( 'name' => 'Camellia', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), - 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ), - '3des' => array( 'name' => '3DES' ), - 'cast128' => array( 'name' => 'CAST128' ), - 'des' => array( 'name' => 'DES' ) + 'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ), 'iketype' => null ), + 'camellia' => array( 'name' => 'Camellia', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ), 'iketype' => 'ikev2' ), + 'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ), 'iketype' => null ), + '3des' => array( 'name' => '3DES', 'iketype' => null ), + 'cast128' => array( 'name' => 'CAST128', 'iketype' => null ), + 'des' => array( 'name' => 'DES', 'iketype' => null ) ); $p1_authentication_methods = array( diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php index dc58432ac..b967612f1 100644 --- a/src/www/vpn_ipsec_phase1.php +++ b/src/www/vpn_ipsec_phase1.php @@ -200,7 +200,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate")); break; } - + if (empty($pconfig['mobile'])) { $reqdfields[] = "remote-gateway"; $reqdfieldsn[] = gettext("Remote gateway"); @@ -332,9 +332,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!empty($pconfig['ealgo_keylen'])) { $pconfig['encryption-algorithm']['keylen'] = $pconfig['ealgo_keylen']; } - - if (!empty($pconfig['iketype']) && !empty($pconfig['encryption-algorithm']['name']) && $pconfig['iketype'] != 'ikev2' && $pconfig['encryption-algorithm']['name'] == 'camellia') { - $input_errors[] = sprintf(gettext("%s can only be used with IKEv2 type VPNs."), 'Camellia'); + + foreach ($p1_ealgos as $algo => $algodata) { + if (!empty($pconfig['iketype']) && !empty($pconfig['encryption-algorithm']['name']) && !empty($algodata['iketype']) + && $pconfig['iketype'] != $algodata['iketype'] && $pconfig['encryption-algorithm']['name'] == $algo) { + $input_errors[] = sprintf(gettext("%s can only be used with IKEv2 type VPNs."), $algodata['name']); + } } if (count($input_errors) == 0) {