[Bug 234648] security/strongswan: start/stop/reload modern vici-based configurations
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jan 17 13:51:50 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234648
--- Comment #7 from Sam Chen <sc.gear at one.caeon.com> ---
Nice work, Jose. I agree it's a step forward to manage charon under the BSD
rc.d framework. Let me remove my hacked script from Attachments.
Now I think backwards compatibility is important for ipsec config migration.
I've expanded on your earlier rc.d script and added support for enabling both
rc.d/strongswan and rc.d/strongswan_swanctl simultaneously. And added code to
extra_commands for "reload statusall". rc.d/strongswan will start BEFORE
(rclist(8)) rc.d/strongswan_swanctl for reason noted in the code--also changed
the former to pass rclint.
One code digression is mine removes the command_args "-r" to daemon(8).
Upstream's systemd strongswan-swanctl does not auto-restart charon, nor do
almost all BSD ports that use daemon(8). There could be an issue where ipsec
starter.c's 5 sec auto-restart of charon affects BSD daemon(8)'s 1 sec
auto-restart interval.
Also between charon invocation and swanctl run I introduced an up-to 5 sec wait
loop for charon.pid file. A fixed 1 sec wait could be just on the edge for
that overloaded cloud VM.
Please find the revised "Patch set #2" and test output, attached. Thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list