View Single Post
  #8   (View Single Post)  
Old 7th September 2016
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Great! Your car isn't running, because you don't know that you need car keys to start it, and you don't know what the car sounds like when it is running.

First, we need to find out what the car keys look like for your primary car, so we can find and use them in the new car.

Your primary system may still be OpenBSD 5.3. At that release, system daemons were started by a pair of Bourne shell script that set variables, /etc/rc.conf and /etc/rc.conf.local. Your prior system administrator should have set isakmpd flag variables in /etc/rc.conf.local, so inspect the contents of this file first. If if it not there, your prior system administrator would have violated best practices and set the variable in /etc/rc.conf instead.

You are looking for the variable isakmpd_flags. It's contents is your key, as it contains the flags used to start isakmpd. It may be blank, or contain values. Because I used ipsec.conf(5) with isakmpd(8), I used the -K flag. My variable setting was isakmpd_flags=-K.

On a modern OpenBSD system, the rc.conf* files are no longer Bourne shell scripts. Instead, they are files which are parsed programmatically. And for ease of administration, we use the program rcctl to configure our rc.conf.local file, which you can read about in the rcctl(8) man page.

If I were to use isakmpd with the -K flag once more, I would issue these rcctl(8) commands:
Code:
# rcctl enable isakmpd
# rcctl set isakmpd flags -K
The first command would create an isakmpd_flags variable in my rc.conf.local file, telling the rc(8) system to start the daemon on boot, the second command would set the value of the variable to -K, so that the daemon would be started with the -K flag.

I could reboot, or I could issue # rcctl start isakmpd to start the daemon. See the rcctl(8) man page on a modern OpenBSD release for more information.

Second, we need to know if the car is running.

The rcctl(8) program has an "ls" option which can list daemons that are started and stopped: # rcctl ls started

But you can check on any program with the pgrep(1) tool. For example, you could use $ pgrep -lf isakmpd on your primary gateway, then on your backup gateway, and discover where this car is currently running, and what the keys look like.

See the pgrep(1) man page for more information. It did exist in OpenBSD 5.3.
Reply With Quote