Turns out the dupmode patch is unnecessary. We can work around that problem
by simply having the phase1_up script check for a previous execution (i.e.,
whether the private VPN address has already been configured on the default
network interface).
I'm uploading a new version of the p1_up_down script which contains this check.
The ipsec-tools maintainers also took issue with the ipcalc-based conversion of
dotted-quad netmask into CIDR notation, and a patch (also uploaded) was applied
to CVS which supplies the phase1 script with a list of split networks directly
in CIDR notation.
Turns out the dupmode patch is unnecessary. We can work around that problem
by simply having the phase1_up script check for a previous execution (i.e.,
whether the private VPN address has already been configured on the default
network interface).
I'm uploading a new version of the p1_up_down script which contains this check.
The ipsec-tools maintainers also took issue with the ipcalc-based conversion of
dotted-quad netmask into CIDR notation, and a patch (also uploaded) was applied
to CVS which supplies the phase1 script with a list of split networks directly
in CIDR notation.