Add iked to rc/rc.conf, you can enable it on boot with the iked_flags= var.

Also copy the generated RSA key for isakmpd into the iked directory;  this
way we share the same RSA key by default.

ok deraadt@ jsg@

1 files changed, 16 insertions, 2 deletions

diff --git a/etc/rc b/etc/rc
index a085b823560..91ab7c81e9d 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.337 2010/04/25 10:10:51 michele Exp $
+#	$OpenBSD: rc,v 1.338 2010/06/28 20:16:21 reyk Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -372,7 +372,7 @@ if [ X"${named_flags}" != X"NO" ]; then
 fi
 
 if [ ! -f /etc/isakmpd/private/local.key ]; then
-	echo -n "openssl: generating new isakmpd RSA key... "
+	echo -n "openssl: generating new isakmpd/iked RSA key... "
 	if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
 	    > /dev/null 2>&1; then
 		chmod 600 /etc/isakmpd/private/local.key
@@ -384,6 +384,13 @@ if [ ! -f /etc/isakmpd/private/local.key ]; then
 	fi
 fi
 
+if [ ! -f /etc/iked/private/local.key ]; then
+	# Just copy the generated isakmpd key
+	cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
+	chmod 600 /etc/iked/private/local.key
+	cp /etc/isakmpd/local.pub /etc/iked/local.pub
+fi
+
 if [ X"${isakmpd_flags}" != X"NO" ]; then
 	if [ X"${sasyncd_flags}" != X"NO" ]; then
 		isakmpd_flags="-S ${isakmpd_flags}"
@@ -391,6 +398,13 @@ if [ X"${isakmpd_flags}" != X"NO" ]; then
 	echo 'starting isakmpd';	isakmpd ${isakmpd_flags}
 fi
 
+if [ X"${iked_flags}" != X"NO" ]; then
+	if [ X"${sasyncd_flags}" != X"NO" ]; then
+		iked_flags="-S ${iked_flags}"
+	fi
+	echo 'starting iked';		iked ${iked_flags}
+fi
+
 if [ X"${sasyncd_flags}" != X"NO" ]; then
 	echo 'starting sasyncd';	sasyncd ${sasyncd_flags}
 fi