From owner-freebsd-questions Tue Jan 2 7:19: 4 2001 From owner-freebsd-questions@FreeBSD.ORG Tue Jan 2 07:19:01 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from linux.ssc.nsu.ru (linux.ssc.nsu.ru [193.124.219.91]) by hub.freebsd.org (Postfix) with SMTP id 9B24137B402 for ; Tue, 2 Jan 2001 07:18:52 -0800 (PST) Received: (qmail 8813 invoked from network); 2 Jan 2001 14:58:36 -0000 Received: from inet.ssc.nsu.ru (62.76.110.12) by hub.freebsd.org with SMTP; 2 Jan 2001 14:58:36 -0000 Received: from localhost (danfe@localhost) by inet.ssc.nsu.ru (8.9.3/8.9.3) with ESMTP id UAA32058 for ; Tue, 2 Jan 2001 20:58:17 +0600 Date: Tue, 2 Jan 2001 20:58:17 +0600 (NOVT) From: Alexey Dokuchaev To: questions@freebsd.org Subject: IPSec setkey - where to put? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! I've decided to use IPSec mechanism to secure the traffic between my two FreeBSD boxes. I've decided to do this manually (thus, not using racoon daemon). And I have two ?s: * Is it OK to set keys only once upon startup? If this is OK, where would be the best place to do this? In rc.local? or rc.security? Or maybe there's already special file reserved for this matter, and I am missing it? * Or, even better, to setup a cron job, and assign different keys, say, every hour? Any comments/suggestions are welcomed and appreciated. Thank you. -- WBR, Alexey P.S. Please be so kind to CC: me directly since I'm not the member of this list. Tnx. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message