From owner-freebsd-isp@FreeBSD.ORG Tue Dec 13 08:29:29 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EF5B16A41F; Tue, 13 Dec 2005 08:29:29 +0000 (GMT) (envelope-from yvan.vanhullebus@netasq.com) Received: from smtp.netasq.com (netasq.netasq.com [213.30.137.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8976C43D5D; Tue, 13 Dec 2005 08:29:28 +0000 (GMT) (envelope-from yvan.vanhullebus@netasq.com) Received: from [10.2.0.4] (f1000c001440400601.netasq.com [10.0.0.126]) by smtp.netasq.com (Postfix) with ESMTP id 19E93C7497; Tue, 13 Dec 2005 09:26:51 +0100 (CET) Received: by yvan.netasq.int (Postfix, from userid 1000) id 8782D54E0; Tue, 13 Dec 2005 09:29:23 +0100 (CET) Date: Tue, 13 Dec 2005 09:29:23 +0100 From: VANHULLEBUS Yvan To: Doug Barton Message-ID: <20051213082923.GA39836@yvan.netasq.int> References: <20051212135558.6FD6543D68@mx1.FreeBSD.org> <439DFFBB.7030002@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <439DFFBB.7030002@FreeBSD.org> User-Agent: All mail clients suck. This one just sucks less. Cc: foobar <0xfcfb@gmx.net>, freebsd-isp@freebsd.org Subject: Re: only reload racoon.conf? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 08:29:29 -0000 On Mon, Dec 12, 2005 at 02:54:51PM -0800, Doug Barton wrote: > foobar wrote: > >hy list, Hi all. > >is there any possibility to RELOAD the racoon (ipsec-tools) configuration > >in > >freebsd 5/6? > > > >in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to > >support a service restart. > > Adding this capability is easy in rc.d, I've added a suggested patch, and > cc'ed the maintainer. The cool thing to do *will be* to send racoon a sigHUP :-) > Two things to note. First, I looked at the man page for racoon and it's not > at all obvious to me how to get it to reload its conf file without > restarting. IF it will do this by sending a 'kill -HUP ' to the pid of > the racoon process, then all you have to do is add the extra_commands line > to the file, and rc.subr will handle the rest. If there is some command > invocation involved, I've included an example of how to make that work. Racoon's reload conf feature is for now only present in the HEAD branch of ipsec-tool's CVS. We are planning to branch a new version (0.7) "quite soon", which will so include this feature, then this patch for racoon.sh will be interesting to apply (we'll review/retest the patch when I'll update to ipsec-tools 0.7). There will probably be other things to do (an ehanced racoon.sh which injects SPD entries, or a good HOWTO for that part :-) outside racoon itself ! Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com