Browse Source

Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var.

Also copy the generated RSA key for isakmpd into the iked directory;  this
way we share the same RSA key by default.
ok deraadt@ jsg@
OPENBSD_4_8
reyk 14 years ago
parent
commit
0f7c26250c
2 changed files with 18 additions and 3 deletions
  1. +16
    -2
      src/etc/rc
  2. +2
    -1
      src/etc/rc.conf

+ 16
- 2
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.337 2010/04/25 10:10:51 michele Exp $
# $OpenBSD: rc,v 1.338 2010/06/28 20:16:21 reyk Exp $
# System startup script run by init on autoboot # System startup script run by init on autoboot
# or after single-user. # or after single-user.
@ -372,7 +372,7 @@ if [ X"${named_flags}" != X"NO" ]; then
fi fi
if [ ! -f /etc/isakmpd/private/local.key ]; then if [ ! -f /etc/isakmpd/private/local.key ]; then
echo -n "openssl: generating new isakmpd RSA key... "
echo -n "openssl: generating new isakmpd/iked RSA key... "
if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
> /dev/null 2>&1; then > /dev/null 2>&1; then
chmod 600 /etc/isakmpd/private/local.key chmod 600 /etc/isakmpd/private/local.key
@ -384,6 +384,13 @@ if [ ! -f /etc/isakmpd/private/local.key ]; then
fi fi
fi fi
if [ ! -f /etc/iked/private/local.key ]; then
# Just copy the generated isakmpd key
cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
chmod 600 /etc/iked/private/local.key
cp /etc/isakmpd/local.pub /etc/iked/local.pub
fi
if [ X"${isakmpd_flags}" != X"NO" ]; then if [ X"${isakmpd_flags}" != X"NO" ]; then
if [ X"${sasyncd_flags}" != X"NO" ]; then if [ X"${sasyncd_flags}" != X"NO" ]; then
isakmpd_flags="-S ${isakmpd_flags}" isakmpd_flags="-S ${isakmpd_flags}"
@ -391,6 +398,13 @@ if [ X"${isakmpd_flags}" != X"NO" ]; then
echo 'starting isakmpd'; isakmpd ${isakmpd_flags} echo 'starting isakmpd'; isakmpd ${isakmpd_flags}
fi fi
if [ X"${iked_flags}" != X"NO" ]; then
if [ X"${sasyncd_flags}" != X"NO" ]; then
iked_flags="-S ${iked_flags}"
fi
echo 'starting iked'; iked ${iked_flags}
fi
if [ X"${sasyncd_flags}" != X"NO" ]; then if [ X"${sasyncd_flags}" != X"NO" ]; then
echo 'starting sasyncd'; sasyncd ${sasyncd_flags} echo 'starting sasyncd'; sasyncd ${sasyncd_flags}
fi fi


+ 2
- 1
src/etc/rc.conf View File

@ -1,6 +1,6 @@
#!/bin/sh - #!/bin/sh -
# #
# $OpenBSD: rc.conf,v 1.136 2010/04/25 10:10:51 michele Exp $
# $OpenBSD: rc.conf,v 1.137 2010/06/28 20:16:21 reyk Exp $
# set these to "NO" to turn them off. otherwise, they're used as flags # set these to "NO" to turn them off. otherwise, they're used as flags
ldpd_flags=NO # for normal use: "" ldpd_flags=NO # for normal use: ""
@ -21,6 +21,7 @@ timed_flags=NO # for normal use: ""
ldattach_flags=NO # for normal use: "[options] linedisc cua-device" ldattach_flags=NO # for normal use: "[options] linedisc cua-device"
ntpd_flags=NO # for normal use: "" ntpd_flags=NO # for normal use: ""
isakmpd_flags=NO # for normal use: "" isakmpd_flags=NO # for normal use: ""
iked_flags=NO # for normal use: ""
sasyncd_flags=NO # for normal use: "" sasyncd_flags=NO # for normal use: ""
mopd_flags=NO # for normal use: "-a" mopd_flags=NO # for normal use: "-a"
apmd_flags=NO # for normal use: "" apmd_flags=NO # for normal use: ""


Loading…
Cancel
Save