FS#33202 - [ipsec-tools] ipsec.service does not load policy
Attached to Project:
Community Packages
Opened by Holoduke (Holoduke) - Tuesday, 25 December 2012, 19:44 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 10 January 2013, 09:10 GMT
Opened by Holoduke (Holoduke) - Tuesday, 25 December 2012, 19:44 GMT
Last edited by Sergej Pupykin (sergej) - Thursday, 10 January 2013, 09:10 GMT
|
Details
ipsec.service included in ipsec-tools 0.8.0-5 does not load
the policy. I don't know why but I guess ExecStop gets
executed for some reason, because the service type is
wrong.
This seems to work (Type changed, RemainAfterExit added): [Unit] Description=Load IPSec Security Policy Database After=syslog.target network.target [Service] Type=oneshot RemainAfterExit=true ExecStart=/usr/sbin/setkey -f /etc/ipsec.conf ExecStop=/usr/sbin/setkey -F -P ; /usr/sbin/setkey -F [Install] WantedBy=multi-user.target |
This task depends upon
So, if the type is simple and not oneshot, follow-up VPN services that depend on ipsec.service will be started at the same time and might be up before setkey has finished. Don't know whether that would really cause a problem in practice, but I'd say that oneshot is the correct choice here.