Date: Mon, 12 Dec 2005 17:04:56 -0700 From: Jeff at NorrisTechs <jeff@norristechs.net> To: Doug Barton <dougb@FreeBSD.org> Cc: foobar <0xfcfb@gmx.net>, freebsd-isp@freebsd.org, vanhu@netasq.com Subject: Re: only reload racoon.conf? Message-ID: <439E1028.7080302@norristechs.net> In-Reply-To: <439DFFBB.7030002@FreeBSD.org> References: <20051212135558.6FD6543D68@mx1.FreeBSD.org> <439DFFBB.7030002@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sending a HUP to racoon will drop all tunnels and init again. ------------------------------------------------------------------------ */Jeff Norris/* /~ Web Hosting ~ VPN Solutions ~ Network Management ~ Design, deploy, kick ass. / *N*orris*Techs* dot net http://www.norristechs.net *AOL IM or Yahoo IM: _ ntshelper _* Doug Barton wrote: > foobar wrote: > >> hy list, >> >> is there any possibility to RELOAD the racoon (ipsec-tools) >> configuration in >> freebsd 5/6? >> >> in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to >> support a service restart. > > > Adding this capability is easy in rc.d, I've added a suggested patch, > and cc'ed the maintainer. > > Two things to note. First, I looked at the man page for racoon and > it's not at all obvious to me how to get it to reload its conf file > without restarting. IF it will do this by sending a 'kill -HUP <pid>' > to the pid of the racoon process, then all you have to do is add the > extra_commands line to the file, and rc.subr will handle the rest. If > there is some command invocation involved, I've included an example of > how to make that work. > > The other thing to note is that rc.d scripts should never enable > themselves by default. If someone can provide the information on how > to get racoon to reread it's conf file, and the maintainer approves, > I'll be glad to commit this update. > > Doug > >------------------------------------------------------------------------ > >--- /usr/ports/security/ipsec-tools/files/racoon.sh.in Fri Dec 2 03:28:06 2005 >+++ racoon.sh.in Mon Dec 12 14:52:49 2005 >@@ -1,12 +1,11 @@ > #!/bin/sh > >-# Start or stop racoon > # $FreeBSD: ports/security/ipsec-tools/files/racoon.sh.in,v 1.1 2005/12/02 11:28:06 lawrance Exp $ > > # PROVIDE: racoon > # REQUIRE: DAEMON > # BEFORE: LOGIN >-# KEYWORD: FreeBSD shutdown >+# KEYWORD: shutdown > # > # NOTE for FreeBSD 5.0+: > # If you want this script to start with the base rc scripts >@@ -21,7 +20,7 @@ > # > # DO NOT CHANGE THESE DEFAULT VALUES HERE > # >-[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon >+#racoon_enable="NO" # Enable racoon > #racoon_program="${prefix}/sbin/racoon" # Location of racoon > #racoon_flags="" # Flags to racoon program > >@@ -33,6 +32,14 @@ > pidfile="/var/run/racoon.pid" > required_files="${prefix}/etc/racoon/racoon.conf" > stop_postcmd="racoon_poststop" >+extra_commands=reload >+ >+# This is only necessary if 'kill -HUP <pid of racoon process>' >+# is not sufficient to reload the conf file >+reload_cmd="${name}_reload" >+racoon_reload () { >+ # Do something cool here that reloads racoon >+} > > racoon_poststop() { > /bin/rm -f ${pidfile} > > >------------------------------------------------------------------------ > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?439E1028.7080302>