From owner-freebsd-isp@FreeBSD.ORG Tue Dec 13 00:04:26 2005 Return-Path: X-Original-To: freebsd-isp@FreeBSD.org Delivered-To: freebsd-isp@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7041D16A41F; Tue, 13 Dec 2005 00:04:26 +0000 (GMT) (envelope-from jeff@norristechs.net) Received: from scooby.norristechs.net (scooby.norristechs.net [71.36.89.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id B449043D49; Tue, 13 Dec 2005 00:04:25 +0000 (GMT) (envelope-from jeff@norristechs.net) Received: from [127.0.0.1] [71.36.89.205] by scooby.norristechs.net with ESMTP (SMTPD-8.21) id AFFE01B8; Mon, 12 Dec 2005 17:04:14 -0700 Message-ID: <439E1028.7080302@norristechs.net> Date: Mon, 12 Dec 2005 17:04:56 -0700 From: Jeff at NorrisTechs Organization: NorrisTechs.NET.COM User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Barton References: <20051212135558.6FD6543D68@mx1.FreeBSD.org> <439DFFBB.7030002@FreeBSD.org> In-Reply-To: <439DFFBB.7030002@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: foobar <0xfcfb@gmx.net>, freebsd-isp@freebsd.org, vanhu@netasq.com Subject: Re: only reload racoon.conf? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 00:04:26 -0000 Sending a HUP to racoon will drop all tunnels and init again. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Doug Barton wrote: > foobar wrote: > >> hy list, >> >> is there any possibility to RELOAD the racoon (ipsec-tools) >> configuration in >> freebsd 5/6? >> >> in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to >> support a service restart. > > > Adding this capability is easy in rc.d, I've added a suggested patch, > and cc'ed the maintainer. > > Two things to note. First, I looked at the man page for racoon and > it's not at all obvious to me how to get it to reload its conf file > without restarting. IF it will do this by sending a 'kill -HUP ' > to the pid of the racoon process, then all you have to do is add the > extra_commands line to the file, and rc.subr will handle the rest. If > there is some command invocation involved, I've included an example of > how to make that work. > > The other thing to note is that rc.d scripts should never enable > themselves by default. If someone can provide the information on how > to get racoon to reread it's conf file, and the maintainer approves, > I'll be glad to commit this update. > > Doug > >------------------------------------------------------------------------ > >--- /usr/ports/security/ipsec-tools/files/racoon.sh.in Fri Dec 2 03:28:06 2005 >+++ racoon.sh.in Mon Dec 12 14:52:49 2005 >@@ -1,12 +1,11 @@ > #!/bin/sh > >-# Start or stop racoon > # $FreeBSD: ports/security/ipsec-tools/files/racoon.sh.in,v 1.1 2005/12/02 11:28:06 lawrance Exp $ > > # PROVIDE: racoon > # REQUIRE: DAEMON > # BEFORE: LOGIN >-# KEYWORD: FreeBSD shutdown >+# KEYWORD: shutdown > # > # NOTE for FreeBSD 5.0+: > # If you want this script to start with the base rc scripts >@@ -21,7 +20,7 @@ > # > # DO NOT CHANGE THESE DEFAULT VALUES HERE > # >-[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon >+#racoon_enable="NO" # Enable racoon > #racoon_program="${prefix}/sbin/racoon" # Location of racoon > #racoon_flags="" # Flags to racoon program > >@@ -33,6 +32,14 @@ > pidfile="/var/run/racoon.pid" > required_files="${prefix}/etc/racoon/racoon.conf" > stop_postcmd="racoon_poststop" >+extra_commands=reload >+ >+# This is only necessary if 'kill -HUP ' >+# is not sufficient to reload the conf file >+reload_cmd="${name}_reload" >+racoon_reload () { >+ # Do something cool here that reloads racoon >+} > > racoon_poststop() { > /bin/rm -f ${pidfile} > > >------------------------------------------------------------------------ > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >