Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 May 2000 12:18:42 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   Proposed /etc/rc.network patch for ipsec
Message-ID:  <200005131918.MAA01604@apollo.backplane.com>
next in thread | raw e-mail | index | archive | help 
    Simple and straightforward.

    ipsec must be enabled prior to running any network-related operations
    since such operations might have to run over the ipsec transport to
    talk to other hosts.  For example, NFS mounts.

    I will also add a little blurb to the examples directory.

						-Matt

Index: rc.network
===================================================================
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.74.2.1
diff -u -r1.74.2.1 rc.network
--- rc.network	2000/03/27 21:39:49	1.74.2.1
+++ rc.network	2000/05/11 07:41:53
@@ -342,6 +342,17 @@
 	esac
 	echo '.'
 
+	case ${ipsec_enable} in
+	[Yy][Ee][Ss])
+		if [ -f ${ipsec_file} ]; then
+		    echo ' ipsec: enabled'
+		    setkey -f ${ipsec_file}
+		else
+		    echo ' ipsec: file not found'
+		fi
+		;;
+	esac
+
 	echo -n 'routing daemons:'
 	case ${router_enable} in
 	[Yy][Ee][Ss])
Index: defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.53.2.3
diff -u -r1.53.2.3 rc.conf
--- defaults/rc.conf	2000/04/15 11:02:40	1.53.2.3
+++ defaults/rc.conf	2000/05/11 07:41:31
@@ -156,6 +156,8 @@
 defaultrouter="NO"		# Set to default gateway (or NO).
 static_routes=""		# Set to static route list (or leave empty).
 gateway_enable="NO"		# Set to YES if this host will be a gateway.
+ipsec_enable="NO"		# Set to YES to run setkey on ipsec_file
+ipsec_file="/etc/ipsec.conf"	# Name of config file for setkey
 router_enable="NO"		# Set to YES to enable a routing daemon.
 router="routed"			# Name of routing daemon to use if enabled.
 router_flags="-q"		# Flags for routing daemon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005131918.MAA01604>