3 # $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
9 # Add these lines to /etc/rc.conf.local or /etc/rc.conf
10 # to enable this service:
12 # iked_enable (bool): Set to NO by default.
13 # Set it to YES to enable iked.
14 # iked_ramdisk (bool): Set to NO by default. See below.
16 # When iked_ramdisk is set to YES, the rc.d script will make sure
17 # all directories exist, but will not generate a key pair if none
18 # exists. The daemon is not started when the key pair no config
19 # files are missing. It is assumed the ramdisk is not populated
20 # completely. When iked_ramdisk is NO, key pairs are created as
21 # needed and thr daemon is started unconditionally.
34 command=%%PREFIX%%/sbin/iked
35 start_precmd=iked_precmd
37 iked_config=%%PREFIX%%/etc/iked.conf
38 iked_rootdir=%%PREFIX%%/etc/iked
39 iked_privkey=${iked_rootdir}/private/local.key
40 iked_pubkey=${iked_rootdir}/local.pub
45 if checkyesno iked_ramdisk; then
46 # Make sure we have our directory hierarchy.
47 for D in ca certs crls export private pubkeys \
48 pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
49 mkdir -p %%PREFIX%%/etc/iked/$D
51 chmod 700 %%PREFIX%%/etc/iked/private
53 # Create a key pair if not already present.
54 if test ! -f $iked_privkey; then
55 /usr/bin/openssl genrsa -out $iked_privkey 2048
56 /bin/chmod 600 $iked_privkey
57 /usr/bin/openssl rsa -out $iked_pubkey \
58 -in $iked_privkey -pubout
62 # We must have a private key and a configuration file.
63 # Don't start iked when those are missing.
64 if test ! \( -f $iked_privkey -a -f $iked_config \); then
65 # Be quiet about it; it must be intentional.