Patch file for network rc script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have included a patch for /etc/rc.d/init.d/network to include the ability to start and stop the setkey ipsec system...

1. Add "NETWORKING_IPSEC=yes" to /etc/sysconfig/network and patch -p0 /etc/rc.d/init.d/network with the patch file.
2. Create /etc/ipsec.conf with keys & SAs according to ipsec.conf man page or http://www.ipsec-howto.org/ (I also recommended using libc6's contrib 'xxd' package for key generations, unless you plan on using certs.)
3. Configure persistent static routes for hosts/networks.
4. Set: "net.ipv4.ip_forward=1" in /etc/sysctl.conf if you're using tunnel mode.
5. Restart Networking.


If anyone has any suggestions for the diff file, please let me know...

--
-Matt Blecha-
CEO
ColoradoSmart
(303) 766-8519
mblecha@xxxxxxxxxxxxxxxxx
http://www.coloradosmart.com/

--- network	2004-07-05 15:15:39.875580840 -0600
+++ network-ipsec	2004-07-05 15:16:13.274503432 -0600
@@ -151,6 +151,14 @@
 
 	sysctl -w kernel.hotplug=$oldhotplug > /dev/null 2>&1
 	
+	# IPSEC hook (post IPV4 start)
+	# Added by Matt Blecha
+	if [ "$NETWORKING_IPSEC" = "yes" ]; then
+	if [ -f /etc/ipsec.conf ]; then
+		action $"Setting IPSEC SAs " /sbin/setkey -f /etc/ipsec.conf
+		fi
+	fi
+
 	# Add non interface-specific static-routes.
 	if [ -f /etc/sysconfig/static-routes ]; then
 	   grep "^any" /etc/sysconfig/static-routes | while read ignore args ; do
@@ -227,6 +235,13 @@
 		   action $"Shutting down interface $i: " ./ifdown $i boot
 		fi
 	done
+
+	# IPSEC hook (post IPV4 start)
+	# Added by Matt Blecha
+	if [ "$NETWORKING_IPSEC" = "yes" ]; then
+		action $"Flushing IPSEC SAs " /sbin/setkey -F
+		action $"Flushing IPSEC Interfaces " /sbin/setkey -FP
+	fi
 	
 	# shut down all interfaces (other than loopback)
 	for i in $interfaces ; do

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux