diff --git a/src/etc/rc b/src/etc/rc
index aeea4fa9..3191c156 100644
--- a/src/etc/rc
+++ b/src/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.279 2006/03/14 22:48:46 deraadt Exp $
+#	$OpenBSD: rc,v 1.280 2006/03/22 15:57:55 hshoexer Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -328,6 +328,15 @@ if [ X"${isakmpd_flags}" != X"NO" ]; then
 	echo 'starting isakmpd';	isakmpd ${isakmpd_flags}
 fi
 
+# $ipsec is imported from /etc/rc.conf;
+# if $ipsec == NO or /etc/ipsec.conf doesn't exist, then
+# ipsecctl isn't run.
+if [ X"${ipsec}" != X"NO" ]; then
+	if [ -f ${ipsec_rules} ]; then
+		ipsecctl -f ${ipsec_rules}
+	fi
+fi
+
 echo -n 'starting initial daemons:'
 
 # $portmap is imported from /etc/rc.conf;
diff --git a/src/etc/rc.conf b/src/etc/rc.conf
index 2f893628..e9ac68a1 100644
--- a/src/etc/rc.conf
+++ b/src/etc/rc.conf
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: rc.conf,v 1.109 2005/11/16 09:19:36 camield Exp $
+#	$OpenBSD: rc.conf,v 1.110 2006/03/22 15:57:56 hshoexer Exp $
 
 # set these to "NO" to turn them off.  otherwise, they're used as flags
 routed_flags=NO		# for normal use: "-q"
@@ -61,6 +61,7 @@ nfs_server=NO		# see sysctl.conf for nfs client configuration
 lockd=NO
 amd=NO
 pf=NO			# Packet filter / NAT
+ipsec=NO		# IPsec
 portmap=NO		# Note: inetd(8) rpc services need portmap too
 inetd=YES		# almost always needed
 check_quotas=YES	# NO may be desirable in some YP environments
@@ -84,6 +85,7 @@ amd_dir=/tmp_mnt		# AMD's mount directory
 amd_master=/etc/amd/master	# AMD 'master' map
 syslogd_flags=			# add more flags, ie. "-u -a /chroot/dev/log"
 pf_rules=/etc/pf.conf		# Packet filter rules file
+ipsec_rules=/etc/ipsec.conf	# IPsec rules file
 pflogd_flags=			# add more flags, ie. "-s 256"
 afsd_flags=			# Flags passed to afsd
 shlib_dirs=			# extra directories for ldconfig, separated