ipsec

[sthen]

I have this diff locally so that 'ipsec reload' gets written to the config file. I didn't do it as a pull request because I don't understand why it doesn't already have it..

diff --git ctl.c ctl.c
index 3eec0b8..abff9b6 100644
--- ctl.c
+++ ctl.c
@@ -75,7 +75,7 @@ struct daemons ctl_daemons[] = {
 { "rip",   "RIP",  ctl_rip,    RIPCONF_TEMP,   0600, 0, RT_TABLEID_MAX },
 { "ldp",   "LDP",  ctl_ldp,    LDPCONF_TEMP,   0600, 0, 0 },
 { "relay", "Relay",ctl_relay,  RELAYCONF_TEMP, 0600, 0, RT_TABLEID_MAX },
-{ "ipsec", "IPsec IKEv1",ctl_ipsec,IPSECCONF_TEMP, 0600, 0, RT_TABLEID_MAX },
+{ "ipsec", "IPsec IKEv1",ctl_ipsec,IPSECCONF_TEMP, 0600, 1, RT_TABLEID_MAX },
 { "ike",   "IPsec IKEv2",ctl_ike,  IKECONF_TEMP,   0600, 0, RT_TABLEID_MAX },
 { "rtadv", "rtadvd",ctl_rtadv, RTADVCONF_TEMP, 0600, 0, 0 },
 { "dvmrp", "DVMRP",ctl_dvmrp,  DVMRPCONF_TEMP, 0600, 0, RT_TABLEID_MAX },

I also have this because the current flags given to isakmpd don't work for me. -S is only useful for an sasyncd setup. And -a is fairly specialist (mainly useful with bgpd's ipsec support). But changing them will break sasyncd setups and some bgp setups so I'm not sure what approach to take here, any ideas?

diff --git ctl.c ctl.c
index 3eec0b8..3c91dcc 100644
--- ctl.c
+++ ctl.c
@@ -219,7 +219,7 @@ struct ctl ctl_ldp[] = {
 char *ctl_ipsec_test[] = { IPSECCTL, "-nf", REQTEMP, '\0' };
 struct ctl ctl_ipsec[] = {
    { "enable",     "enable service",
-       { ISAKMPD, "-KSa", NULL }, NULL, DB_X_ENABLE, T_EXEC },
+       { ISAKMPD, "-Kv", NULL }, NULL, DB_X_ENABLE, T_EXEC },
    { "disable",    "disable service",
        { PKILL, table, "isakmpd", NULL }, NULL, DB_X_DISABLE, T_EXEC },
    { "edit",       "edit configuration",   

[yellowman]

isakmpd can't load its config on startup, ipsecctl does this, which is what the 'ipsecctl reload' invokes. can't believe i never noticed this. i'd love to get sample configs that include scenarios with ipsec, pppoe, etc, and i'll put them up on the nsh site...