foreach (explode(",", $copy_fields) as $fieldname) { $fieldname = trim($fieldname); if (!empty($pconfig[$fieldname])) { $ph2ent[$fieldname] = $pconfig[$fieldname]; } } // fields with some logic in them $ph2ent['disabled'] = $pconfig['disabled'] ? true : false; if ($ph2ent['mode'] == "tunnel" || $ph2ent['mode'] == "tunnel6") { if (!empty($pconfig['natlocalid_address'])) { $ph2ent['natlocalid'] = pconfig_to_idinfo("natlocal", $pconfig); } $ph2ent['localid'] = pconfig_to_idinfo("local", $pconfig); $ph2ent['remoteid'] = pconfig_to_idinfo("remote", $pconfig); } $ph2ent['encryption-algorithm-option'] = pconfig_to_ealgos($pconfig); if (!empty($pconfig['hash-algorithm-option'])) { $ph2ent['hash-algorithm-option'] = $pconfig['hash-algorithm-option']; } else { unset($ph2ent['hash-algorithm-option']); } if (isset($pconfig['mobile'])) { $ph2ent['mobile'] = true; } // save to config if ($p2index !== null) { $config['ipsec']['phase2'][$p2index] = $ph2ent; } else { $config['ipsec']['phase2'][] = $ph2ent; } write_config();
} } else { if ($pconfig['mode'] == "tunnel6") { if (check_subnetsv6_overlap($interfaceip, 128, $entered_local_network, $entered_local_mask) && check_subnets_overlap($phase1['remote-gateway'], 128, $entered_remote_network, $entered_remote_mask)) { $input_errors[] = gettext("The local and remote networks of a phase 2 entry cannot overlap the outside of the tunnel (interface and remote gateway) configured in its phase 1."); break; } } } } } } } /* For ESP protocol, handle encryption algorithms */ if ($pconfig['proto'] == "esp") { $ealgos = pconfig_to_ealgos($pconfig); if (!count($ealgos)) { $input_errors[] = gettext("At least one encryption algorithm must be selected."); } else { foreach ($ealgos as $ealgo) { if (isset($config['system']['crypto_hardware'])) { if ($config['system']['crypto_hardware'] == "glxsb") { if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") { $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); } } } if (empty($pconfig['halgos'])) { if (!strpos($ealgo['name'], "gcm")) { $input_errors[] = gettext("At least one hashing algorithm needs to be selected."); break;