Date: Tue, 13 Dec 2005 09:29:23 +0100 From: VANHULLEBUS Yvan <vanhu@netasq.com> To: Doug Barton <dougb@FreeBSD.org> Cc: foobar <0xfcfb@gmx.net>, freebsd-isp@freebsd.org Subject: Re: only reload racoon.conf? Message-ID: <20051213082923.GA39836@yvan.netasq.int> In-Reply-To: <439DFFBB.7030002@FreeBSD.org> References: <20051212135558.6FD6543D68@mx1.FreeBSD.org> <439DFFBB.7030002@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 12, 2005 at 02:54:51PM -0800, Doug Barton wrote: > foobar wrote: > >hy list, Hi all. > >is there any possibility to RELOAD the racoon (ipsec-tools) configuration > >in > >freebsd 5/6? > > > >in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to > >support a service restart. > > Adding this capability is easy in rc.d, I've added a suggested patch, and > cc'ed the maintainer. The cool thing to do *will be* to send racoon a sigHUP :-) > Two things to note. First, I looked at the man page for racoon and it's not > at all obvious to me how to get it to reload its conf file without > restarting. IF it will do this by sending a 'kill -HUP <pid>' to the pid of > the racoon process, then all you have to do is add the extra_commands line > to the file, and rc.subr will handle the rest. If there is some command > invocation involved, I've included an example of how to make that work. Racoon's reload conf feature is for now only present in the HEAD branch of ipsec-tool's CVS. We are planning to branch a new version (0.7) "quite soon", which will so include this feature, then this patch for racoon.sh will be interesting to apply (we'll review/retest the patch when I'll update to ipsec-tools 0.7). There will probably be other things to do (an ehanced racoon.sh which injects SPD entries, or a good HOWTO for that part :-) outside racoon itself ! Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051213082923.GA39836>