Date: Thu, 17 Jan 2019 13:51:47 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 234648] security/strongswan: start/stop/reload modern vici-based configurations Message-ID: <bug-234648-7788-FIigIWgliP@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-234648-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-234648-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234648 --- Comment #7 from Sam Chen <sc.gear@one.caeon.com> --- Nice work, Jose. I agree it's a step forward to manage charon under the BSD rc.d framework. Let me remove my hacked script from Attachments. Now I think backwards compatibility is important for ipsec config migration= .=20 I've expanded on your earlier rc.d script and added support for enabling bo= th rc.d/strongswan and rc.d/strongswan_swanctl simultaneously. And added code= to extra_commands for "reload statusall". rc.d/strongswan will start BEFORE (rclist(8)) rc.d/strongswan_swanctl for reason noted in the code--also chan= ged the former to pass rclint. One code digression is mine removes the command_args "-r" to daemon(8).=20 Upstream's systemd strongswan-swanctl does not auto-restart charon, nor do almost all BSD ports that use daemon(8). There could be an issue where ips= ec starter.c's 5 sec auto-restart of charon affects BSD daemon(8)'s 1 sec auto-restart interval. Also between charon invocation and swanctl run I introduced an up-to 5 sec = wait loop for charon.pid file. A fixed 1 sec wait could be just on the edge for that overloaded cloud VM. Please find the revised "Patch set #2" and test output, attached. Thanks. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234648-7788-FIigIWgliP>