> I generally oppose having too many "hidden" include files that can be
> used to overwrite the basic configuration. They often give us a headache
> when we touch things because eventually we will break some of those
> manual settings. We keep telling ourselves that this is fine because we
> never said that we supported them any way. But that is not really a
> valid point.

I think it is normal also for other projects, to give the user the  
opportunity to configure things manually. The user is able to quickly fix  
problems if they need a special configuration. Otherwise, he would have to  
wait for the project to implement code for his special need which could  
take a lot of time.

Therefore, I think it´s absolutely normal and fine to offer user.confs  
with the limitation that the user.conf might break stuff. Here, the user  
is responsible and I guess the majority is fine with that.



Small patch to add a test around the first include as for the last include:

--- /srv/web/ipfire/cgi-bin/vpnmain.cgi.org     2015-05-19  
17:42:52.944050515 +0200
+++ /srv/web/ipfire/cgi-bin/vpnmain.cgi 2015-05-19 17:43:49.951598841 +0200
@@ -253,8 +253,10 @@
      print CONF "\n";

      # Add user includes to config file
-    print CONF "include /etc/ipsec.user.conf\n";
-    print CONF "\n";
+    if (-e "/etc/ipsec.user.conf") {
+        print CONF "include /etc/ipsec.user.conf\n";
+        print CONF "\n";
+    }

      print SECRETS "include /etc/ipsec.user.secrets\n";



Lars