Alerts at startup [Suggestion of update]

[cleberb]

Hello,

I suggest the following changes to the _startklips file:

1. Avoid the following output in stdout and syslog when starting:   Ipsec_setup: ipsec0 -> NULL mtu = 0 (0) -> 0

2. Avoid the following output in stdout and syslog when starting:   Ipsec_setup: Error: either" local "is duplicate, or" secondary "is a garbage.   In this case, when using KLIPS, and the virtual interface (ipsecX) is linked to a physical interface that has several IPs (alias) (eg: eth0, eth0:1, eth0:2), this alert is generated. In this case, I need a better assessment on the part of you to make sure it is correct to apply this change.   This change was based on this link: https://lists.libreswan.org/pipermail/swan/2014/000790.html

Code:

# diff -u /usr/local/lib/ipsec/_startklips.bak /usr/local/lib/ipsec/_startklips
--- /usr/local/lib/ipsec/_startklips.bak    2017-07-20 12:25:48.800479858 -0300
+++ /usr/local/lib/ipsec/_startklips    2017-07-20 12:18:01.447666013 -0300
@@ -236,7 +236,7 @@
    if $klips
    then
        # ipsecX might not exist yet
-       ipsec tncfg | grep $virt 
+       ipsec tncfg | grep -q $virt 
        RETVAL=$?
            if [ "$RETVAL" -eq 1 ];
        then
@@ -244,7 +244,7 @@
        fi
        ipsec tncfg --attach --virtual $virt --physical $phys
        # configure all the IPv4/IPv6 addresses (including point-to-point)
-       ip addr show dev $phys \
+       ip addr show dev $phys label $phys \
        | awk '$1 == "inet" || ($1 == "inet6" && !/ dynamic/) {
                cmd = "ip addr add"
                if ($1 == "inet")

[shussain]

Thank you for your feedback and suggestion.

Will add it to the 2.6.52 development branch