3 # $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
9 # Add these lines to /etc/rc.conf.local or /etc/rc.conf
10 # to enable this service:
12 # iked_enable (bool): Set to NO by default.
13 # Set it to YES to enable iked.
14 # iked_ramdisk (bool): Set to NO by default. See below.
16 # When iked_ramdisk is set to YES, the rc.d script will make sure
17 # all directories exist, but will not generate a key pair if none
18 # exists. The daemon is not started when the key pair no config
19 # files are missing. It is assumed the ramdisk is not populated
20 # completely. When iked_ramdisk is NO, key pairs are created as
21 # needed and thr daemon is started unconditionally.
34 command=%%PREFIX%%/sbin/iked
35 start_precmd=iked_precmd
37 iked_config=%%PREFIX%%/etc/iked.conf
38 iked_rootdir=%%PREFIX%%/etc/iked
39 iked_privkey=${iked_rootdir}/private/local.key
40 iked_pubkey=${iked_rootdir}/local.pub
45 if checkyesno iked_ramdisk; then
46 # Make sure we have our directory hierarchy.
47 for D in ca certs crls export private pubkeys \
48 pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
49 mkdir -p %%PREFIX%%/etc/iked/$D
51 chmod 700 %%PREFIX%%/etc/iked/private
53 # Create a key pair if not already present.
54 if test ! -f $iked_privkey; then
55 /usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
56 /bin/chmod 600 "$iked_privkey"
57 /usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
61 # We must have a private key and a configuration file.
62 # Don't start iked when those are missing.
63 if test ! \( -f $iked_privkey -a -f $iked_config \); then
64 # Be quiet about it; it must be intentional.
projects / openiked-portable / blob