Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 12 Dec 2005 17:04:56 -0700
From:      Jeff at NorrisTechs <jeff@norristechs.net>
To:        Doug Barton <dougb@FreeBSD.org>
Cc:        foobar <0xfcfb@gmx.net>, freebsd-isp@freebsd.org, vanhu@netasq.com
Subject:   Re: only reload racoon.conf?
Message-ID:  <439E1028.7080302@norristechs.net>
In-Reply-To: <439DFFBB.7030002@FreeBSD.org>
References:  <20051212135558.6FD6543D68@mx1.FreeBSD.org> <439DFFBB.7030002@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help

Sending a HUP to racoon will drop all tunnels and init again.

------------------------------------------------------------------------

*/Jeff Norris/*
/~ Web Hosting ~ VPN Solutions ~ Network Management ~
Design, deploy, kick ass. /
*N*orris*Techs* dot net
http://www.norristechs.net
*AOL IM or Yahoo IM: _ ntshelper _*



Doug Barton wrote:

> foobar wrote:
>
>> hy list,
>>
>> is there any possibility to RELOAD the racoon (ipsec-tools) 
>> configuration in
>> freebsd 5/6?
>>
>> in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to
>> support a service restart.
>
>
> Adding this capability is easy in rc.d, I've added a suggested patch, 
> and cc'ed the maintainer.
>
> Two things to note. First, I looked at the man page for racoon and 
> it's not at all obvious to me how to get it to reload its conf file 
> without restarting. IF it will do this by sending a 'kill -HUP <pid>' 
> to the pid of the racoon process, then all you have to do is add the 
> extra_commands line to the file, and rc.subr will handle the rest. If 
> there is some command invocation involved, I've included an example of 
> how to make that work.
>
> The other thing to note is that rc.d scripts should never enable 
> themselves by default. If someone can provide the information on how 
> to get racoon to reread it's conf file, and the maintainer approves, 
> I'll be glad to commit this update.
>
> Doug
>
>------------------------------------------------------------------------
>
>--- /usr/ports/security/ipsec-tools/files/racoon.sh.in	Fri Dec  2 03:28:06 2005
>+++ racoon.sh.in	Mon Dec 12 14:52:49 2005
>@@ -1,12 +1,11 @@
> #!/bin/sh
> 
>-# Start or stop racoon
> # $FreeBSD: ports/security/ipsec-tools/files/racoon.sh.in,v 1.1 2005/12/02 11:28:06 lawrance Exp $
> 
> # PROVIDE: racoon
> # REQUIRE: DAEMON
> # BEFORE: LOGIN
>-# KEYWORD: FreeBSD shutdown
>+# KEYWORD: shutdown
> #
> # NOTE for FreeBSD 5.0+:
> # If you want this script to start with the base rc scripts
>@@ -21,7 +20,7 @@
> #
> # DO NOT CHANGE THESE DEFAULT VALUES HERE
> #
>-[ -z "$racoon_enable" ] && racoon_enable="YES"	# Enable racoon
>+#racoon_enable="NO"				# Enable racoon
> #racoon_program="${prefix}/sbin/racoon"		# Location of racoon
> #racoon_flags=""				# Flags to racoon program
> 
>@@ -33,6 +32,14 @@
> pidfile="/var/run/racoon.pid"
> required_files="${prefix}/etc/racoon/racoon.conf"
> stop_postcmd="racoon_poststop"
>+extra_commands=reload
>+
>+# This is only necessary if 'kill -HUP <pid of racoon process>'
>+# is not sufficient to reload the conf file
>+reload_cmd="${name}_reload"
>+racoon_reload () {
>+	# Do something cool here that reloads racoon
>+}
> 
> racoon_poststop() {
> 	/bin/rm -f ${pidfile}
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>freebsd-isp@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?439E1028.7080302>