Bugfix 3284: Allow commit to succeed if local-ip is not configured.

Previously, the ipsec setup script would fail the commit if the IPv4
address given in the local-ip parameter was not configured on
one of the ipsec-interfaces at the time that the commit took place.
This causes problems for PPP interfaces that may be configured, but
down for operational reasons.  This change makes the setup script more
liberal.  It will allow the commit to complete, but issue a warning
the address, they can restart ipsec. PPP has logic to restart
ipsec when a link comes up.

1 files changed, 5 insertions, 2 deletions

diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl
index b6cecaa..0f40210 100755
--- a/scripts/vpn-config.pl
+++ b/scripts/vpn-config.pl
@@ -389,8 +389,11 @@ if ($vcVPN->exists('ipsec')) {
 		    # Verified that dealing with a cluster IP.
 		    $clustering_ip = 1;
 		} else {
-		    $error = 1;
-		    print STDERR "VPN configuration error.  Local IP $lip specified for peer \"$peer\" has not been configured in any of the ipsec-interfaces or clustering.\n";
+		    print "Warning: Local IPv4 address $lip specified for peer \"$peer\"\n";
+		    print "is not configured on any of the ipsec-interfaces and is not the\n";
+		    print "clustering address.  IPsec must be re-started after address\n";
+		    print "has been configured.\n";
+		    print "\n";
 		}
 	    }
 	}