only reload racoon.conf?
VANHULLEBUS Yvan
vanhu at netasq.com
Tue Dec 13 00:29:29 PST 2005
On Mon, Dec 12, 2005 at 02:54:51PM -0800, Doug Barton wrote:
> foobar wrote:
> >hy list,
Hi all.
> >is there any possibility to RELOAD the racoon (ipsec-tools) configuration
> >in
> >freebsd 5/6?
> >
> >in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to
> >support a service restart.
>
> Adding this capability is easy in rc.d, I've added a suggested patch, and
> cc'ed the maintainer.
The cool thing to do *will be* to send racoon a sigHUP :-)
> Two things to note. First, I looked at the man page for racoon and it's not
> at all obvious to me how to get it to reload its conf file without
> restarting. IF it will do this by sending a 'kill -HUP <pid>' to the pid of
> the racoon process, then all you have to do is add the extra_commands line
> to the file, and rc.subr will handle the rest. If there is some command
> invocation involved, I've included an example of how to make that work.
Racoon's reload conf feature is for now only present in the HEAD
branch of ipsec-tool's CVS.
We are planning to branch a new version (0.7) "quite soon", which will
so include this feature, then this patch for racoon.sh will be
interesting to apply (we'll review/retest the patch when I'll update
to ipsec-tools 0.7).
There will probably be other things to do (an ehanced racoon.sh which
injects SPD entries, or a good HOWTO for that part :-) outside racoon
itself !
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-isp
mailing list