From b7f34d02eb4dc0ac0a1bcd774df7402cc2edeee4 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 15 Nov 2023 20:34:43 +0100
Subject: [PATCH] ipsec: mute ipsec.conf related load errors

PR: https://forum.opnsense.org/index.php?topic=33126.0
---
 src/etc/inc/plugins.inc.d/ipsec.inc | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
index c6dc21d46..e24afa8b3 100644
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -1305,10 +1305,16 @@ function ipsec_configure_do($verbose = false, $interface = '')
 
     service_log('Configuring IPsec VPN...', $verbose);
 
-    /* cleanup legacy ipsec.conf files */
+    /* cleanup legacy ipsec.conf bits but then recreate structure to mute charon complaints */
     mwexec('rm -rf /usr/local/etc/ipsec.d');
-    @unlink('/usr/local/etc/ipsec.conf');
-    @unlink('/usr/local/etc/ipsec.secrets');
+    foreach (['aacerts', 'acerts', 'cacerts', 'certs', 'crls', 'ocspcerts', 'private', 'reqs'] as $dir) {
+        mkdir("/usr/local/etc/ipsec.d/{$dir}", 0664, true);
+    }
+    foreach (['/usr/local/etc/ipsec.conf', '/usr/local/etc/ipsec.secrets'] as $file) {
+        /* unlink AND copy in case the sample files are not available */
+        @unlink($file);
+        @copy("{$file}.sample", $file);
+    }
 
     ipsec_write_strongswan_conf();
     ipsec_write_cas();