On Mon, 29 Jul 2002 00:22:46 +0900
Hajimu UMEMOTO <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I found that setup of IPsec doesn't work correctly if you are using
> /etc/rc.d/. While NetBSD has setkey in /sbin, FreeBSD has it in
> /usr/sbin. However, the location is hardcoded in /etc/rc.d/ipsec.
> Here is a patch.
Thanks for spotting this. I think the following patch might be better.
Cheers,
Mike.
Index: etc/rc.d/ipsec
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/ipsec,v
retrieving revision 1.2
diff -u -r1.2 ipsec
--- etc/rc.d/ipsec 13 Jun 2002 22:14:36 -0000 1.2
+++ etc/rc.d/ipsec 29 Jul 2002 07:29:26 -0000
@@ -24,6 +24,15 @@
reload_cmd="ipsec_reload"
extra_commands="reload"
+case `${CMD_OSTYPE}` in
+FreeBSD)
+ ipsec_program="/usr/sbin/setkey"
+ ;;
+NetBSD)
+ ipsec_program="/sbin/setkey"
+ ;;
+esac
+
ipsec_prestart()
{
if [ ! -f "$ipsec_file" ]; then
@@ -45,7 +54,7 @@
ipsec_start()
{
echo "Installing ipsec manual keys/policies."
- /sbin/setkey -f $ipsec_file
+ ${ipsec_program} -f $ipsec_file
}
ipsec_stop()
@@ -56,16 +65,16 @@
# it is very questionable to do this during shutdown session, since
# it can hang any of remaining IPv4/v6 session.
#
- /sbin/setkey -F
- /sbin/setkey -FP
+ ${ipsec_program} -F
+ ${ipsec_program} -FP
}
ipsec_reload()
{
echo "Reloading ipsec manual keys/policies."
- /sbin/setkey -F
- /sbin/setkey -FP
- /sbin/setkey -f "$ipsec_file"
+ ${ipsec_program} -F
+ ${ipsec_program} -FP
+ ${ipsec_program} -f "$ipsec_file"
}
load_rc_config $name
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
