Hi, It would be convenient to have a way to utilize "kernel mode" when loading policies with setkey from /etc/init.d/racoon instead of the usual "rfc mode". Specifically I would like to be able to pass -k in a sensible manner without having to hand-edit the init script. Kind Regards, Jaco Reproducible: Always
(In reply to Jaco Kroon from comment #0) > Hi, > > It would be convenient to have a way to utilize "kernel mode" when loading > policies with setkey from /etc/init.d/racoon instead of the usual "rfc > mode". Specifically I would like to be able to pass -k in a sensible manner > without having to hand-edit the init script. > > Kind Regards, > Jaco > > Reproducible: Always Can you provide a patch or at least show me how to do this manually.
Just apply this on the init script: --- racoon.o 2014-01-27 10:41:29.000000000 +0200 +++ racoon 2014-01-27 10:41:53.000000000 +0200 @@ -41,7 +41,7 @@ start_pre() { checkconfig || return 1 einfo "Loading ipsec policies from ${SETKEY_CONF}." - /usr/sbin/setkey -f ${SETKEY_CONF} + /usr/sbin/setkey ${SETKEY_OPTS} -f ${SETKEY_CONF} if [ $? -eq 1 ] ; then eerror "Error while loading ipsec policies" fi And this on the conf.d file: --- racoon.o 2014-01-27 10:42:29.000000000 +0200 +++ racoon 2014-01-27 10:43:28.000000000 +0200 @@ -25,3 +25,6 @@ RACOON_RESET_TABLES="true" +# If you need to set custom options to the setkey command when loading rules, use this +# more info in the setkey mangage (example below sets kernel mode instead of RFC mode): +#SETKEY_OPTS="-k"
Thanks! Its in the tree with ipsec-tools-0.8.1-r1. Please test and reopen if something is wrong.
