From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 21 Jan 2019 15:32:08 +0000 (+0000)
Subject: ipsec: Don't allow to select VTI in transport mode
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=7e25093d42e4198cc0f0233e5303fa2175672095

ipsec: Don't allow to select VTI in transport mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/doc/language_issues.de b/doc/language_issues.de
index f39adbec1c..4e86ac0394 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -795,5 +795,6 @@ WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: routing table = unknown string
 WARNING: untranslated string: show tls-auth key = Show tls-auth key
 WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: vpn force mobike = Force using MOBIKE (only IKEv2)
 WARNING: untranslated string: vpn statistics n2n = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index ce1e12d3be..5255ce86d0 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1725,6 +1725,7 @@ WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (on
 WARNING: untranslated string: total hits for log section = Total hits for log section
 WARNING: untranslated string: traffic on = Traffic on
 WARNING: untranslated string: traffics = Utilization-overview
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: tuesday = Tuesday
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
diff --git a/doc/language_issues.es b/doc/language_issues.es
index d1c3887c31..b02a59feea 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1233,6 +1233,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
 WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
 WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
 WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
 WARNING: untranslated string: udp less overhead = UDP (less overhead)
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 8b31f61efe..162a5b8163 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -829,4 +829,5 @@ WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: routing table = unknown string
 WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: vpn statistics n2n = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index ca7a07d64f..654fead177 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -939,6 +939,7 @@ WARNING: untranslated string: subnet mask = Subnet Mask
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
 WARNING: untranslated string: udp less overhead = UDP (less overhead)
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index cc966b6502..0daac39b6d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -983,6 +983,7 @@ WARNING: untranslated string: ta key = TLS-Authentification-Key
 WARNING: untranslated string: tcp more reliable = TCP (more reliable)
 WARNING: untranslated string: ten minutes = 10 Minutes
 WARNING: untranslated string: thirty minutes = 30 Minutes
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
 WARNING: untranslated string: udp less overhead = UDP (less overhead)
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index d1c3887c31..b02a59feea 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1233,6 +1233,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
 WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
 WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
 WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
 WARNING: untranslated string: udp less overhead = UDP (less overhead)
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 3e38020703..bcf5433aec 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1228,6 +1228,7 @@ WARNING: untranslated string: tor traffic limit hard = Traffic limit has been re
 WARNING: untranslated string: tor traffic limit soft = Traffic limit almost reached. Not accepting any new connections.
 WARNING: untranslated string: tor traffic read written = Total traffic (read/written)
 WARNING: untranslated string: tor use exit nodes = Use only these exit nodes (one per line)
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: twelve hours = 12 Hours
 WARNING: untranslated string: two weeks = Two Weeks
 WARNING: untranslated string: udp less overhead = UDP (less overhead)
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 67b43043d6..09b427579d 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -838,6 +838,7 @@ WARNING: untranslated string: ssh login time = Logged in since
 WARNING: untranslated string: ssh no active logins = No active logins
 WARNING: untranslated string: ssh username = Username
 WARNING: untranslated string: subnet mask = Subnet Mask
+WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode
 WARNING: untranslated string: vpn start action add = Wait for connection initiation
 WARNING: untranslated string: vpn statistics n2n = unknown string
 WARNING: untranslated string: vpn wait = WAITING
diff --git a/doc/language_missings b/doc/language_missings
index 0b067578ba..7590f7f697 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -63,6 +63,7 @@
 < teovpn_fragment
 < tor bridge enabled
 < tor errmsg invalid node id
+< transport mode does not support vti
 < updxlrtr used by
 < upload fcdsl.o
 < vpn configuration main
@@ -724,6 +725,7 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< transport mode does not support vti
 < twelve hours
 < two weeks
 < udp less overhead
@@ -826,6 +828,7 @@
 < ipsec settings
 < mtu
 < subnet mask
+< transport mode does not support vti
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1014,6 +1017,7 @@
 < tcp more reliable
 < ten minutes
 < thirty minutes
+< transport mode does not support vti
 < twelve hours
 < two weeks
 < udp less overhead
@@ -1298,6 +1302,7 @@
 < ten minutes
 < teovpn_fragment
 < thirty minutes
+< transport mode does not support vti
 < twelve hours
 < two weeks
 < udp less overhead
@@ -1983,6 +1988,7 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< transport mode does not support vti
 < twelve hours
 < two weeks
 < udp less overhead
@@ -2714,6 +2720,7 @@
 < tor traffic limit soft
 < tor traffic read written
 < tor use exit nodes
+< transport mode does not support vti
 < twelve hours
 < two weeks
 < udp less overhead
@@ -2828,6 +2835,7 @@
 < ssh no active logins
 < ssh username
 < subnet mask
+< transport mode does not support vti
 < vpn start action add
 < vpn wait
 < wlanap neighbor scan
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 70a70a2983..e8ab0d3620 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1458,6 +1458,11 @@ END
 				goto VPNCONF_ERROR;
 			}
 
+			if (($cgiparams{'INTERFACE_MODE'} eq "vti") && ($cgiparams{'MODE'} eq "transport")) {
+				$errormessage = $Lang::tr{'transport mode does not support vti'};
+				goto VPNCONF_ERROR;
+			}
+
 			if (($cgiparams{'INTERFACE_MODE'} ne "") && !&Network::check_subnet($cgiparams{'INTERFACE_ADDRESS'})) {
 				$errormessage = $Lang::tr{'invalid input for interface address'};
 				goto VPNCONF_ERROR;
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 1125199771..de6cd64fb7 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2385,6 +2385,7 @@
 'trafficto' => 'To',
 'transfer limits' => 'Transfer limits',
 'transparent on' => 'Transparent on',
+'transport mode does not support vti' => 'VTI is not support in transport mode',
 'tripwire' => 'Tripwire',
 'tripwire cronjob' => 'tripwire cronjob',
 'tripwire functions' => 'tripwire functions',