From owner-freebsd-current@FreeBSD.ORG  Sun Nov 16 02:10:28 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7B83B16A4CE; Sun, 16 Nov 2003 02:10:28 -0800 (PST)
Received: from shop.digma.com.ua (shop.digma.com.ua [217.12.194.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5238843F3F; Sun, 16 Nov 2003 02:10:26 -0800 (PST)
	(envelope-from cub@cub.org.ua)
Received: from cub.org.ua (demani.digma [172.22.5.7])
	by shop.digma.com.ua (8.12.6p2/8.12.6) with ESMTP id hAGAAIba004397;
	Sun, 16 Nov 2003 12:10:18 +0200 (EET)
	(envelope-from cub@cub.org.ua)
Received: from demani.digma ([172.22.5.7] helo=cub.org.ua)
	by cub.org.ua with esmtp (Exim 4.22)
	id 1ALJrB-000E2q-1M; Sun, 16 Nov 2003 12:10:13 +0200
Message-ID: <3FB74D04.1000602@cub.org.ua>
Date: Sun, 16 Nov 2003 12:10:12 +0200
From: Kostyuk Oleg <cub@cub.org.ua>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031022
X-Accept-Language: ru, uk, en-us, en
MIME-Version: 1.0
To: Hajimu UMEMOTO <ume@mahoroba.org>
References: <E1AGIbn-0001Ux-7o@cub.org.ua>	<ygefzgpq508.wl%ume@mahoroba.org>
	<3FB6B4FE.4C1AF03C@mindspring.com> <ygeekw8pvop.wl%ume@mahoroba.org>
In-Reply-To: <ygeekw8pvop.wl%ume@mahoroba.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-spamscan: scanned by cub.org.ua
X-spamscan: Total score 0
cc: FreeBSD-gnats-submit@freebsd.org
cc: ume@mahoroba.org
cc: freebsd-current@freebsd.org
Subject: Re: /etc/rc.d/ipsec starts not in time
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Nov 2003 10:10:28 -0000

Hi

>>It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
>>we cannot protect NFS exported /usr by IPsec.  If there is no
>>objection, I wish to move setkey(8) into /sbin like NetBSD did.
> 
> tlambert2> This type of order inversion is common.
> tlambert2> Can we simply delay exportation until later in the boot process?
> tlambert2> Wouldn't this have the same effect?
> 
> Oops, I should explain the situation clearly.  The client which mounts
> /usr by NFS cannot use IPsec due to lack of setkey(8).

I think, you not exactly understand my problem.

I not export anything, not protect NFS exported /usr and
have ordinary workstation with 40G HD and /usr on it.
Using IPSec - hostorical behavior :), and i live without
problems on 4.x .

But I use NFS exports from others.
And, in case if IPSec used between my mashine and NFS server,
I can't boot smoothly - booting hold up on mounting NFS
until I press Ctrl+C .

Patch, which I send, resolve my problem.
But I not sure - applicable this patch for diskless ?....


I can't recall when problem appear. All life server runs on 4.8.
My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT.
Now - kern.osreldate: 501113.

-- 
With best wishes, DIGMA sysadmin
Oleg Kostyuk aka Cub (OK5-UANIC)
[BSD registered user #BSD050664]