From owner-freebsd-hackers Sat May 13 12:19:10 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 69EC437B963 for ; Sat, 13 May 2000 12:18:43 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id MAA01604; Sat, 13 May 2000 12:18:42 -0700 (PDT) (envelope-from dillon) Date: Sat, 13 May 2000 12:18:42 -0700 (PDT) From: Matthew Dillon Message-Id: <200005131918.MAA01604@apollo.backplane.com> To: freebsd-hackers@FreeBSD.ORG Subject: Proposed /etc/rc.network patch for ipsec Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Simple and straightforward. ipsec must be enabled prior to running any network-related operations since such operations might have to run over the ipsec transport to talk to other hosts. For example, NFS mounts. I will also add a little blurb to the examples directory. -Matt Index: rc.network =================================================================== RCS file: /home/ncvs/src/etc/rc.network,v retrieving revision 1.74.2.1 diff -u -r1.74.2.1 rc.network --- rc.network 2000/03/27 21:39:49 1.74.2.1 +++ rc.network 2000/05/11 07:41:53 @@ -342,6 +342,17 @@ esac echo '.' + case ${ipsec_enable} in + [Yy][Ee][Ss]) + if [ -f ${ipsec_file} ]; then + echo ' ipsec: enabled' + setkey -f ${ipsec_file} + else + echo ' ipsec: file not found' + fi + ;; + esac + echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) Index: defaults/rc.conf =================================================================== RCS file: /home/ncvs/src/etc/defaults/rc.conf,v retrieving revision 1.53.2.3 diff -u -r1.53.2.3 rc.conf --- defaults/rc.conf 2000/04/15 11:02:40 1.53.2.3 +++ defaults/rc.conf 2000/05/11 07:41:31 @@ -156,6 +156,8 @@ defaultrouter="NO" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. +ipsec_enable="NO" # Set to YES to run setkey on ipsec_file +ipsec_file="/etc/ipsec.conf" # Name of config file for setkey router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. router_flags="-q" # Flags for routing daemon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message