On Wed, Feb 17, 2016 at 1:38 AM, Stuart Henderson <[email protected]>
wrote:
>
> A more generic (but more complicated) approach would be to use ifstated
> to wait until the interface is up before running isakmpd.
Stu,
Thanks a bunch for this suggestion. This turned out to be the ticket! It
works like a champ.
For anyone who may stumble upon this in the mail archive, looking for a
solution, here's what works for me:
First, remove isakmpd_flags=<...> from your /etc/rc.conf.local. We want
ifstated(8) to start isakmpd(8), not rc(8) directly.
Next, add this to your rc.conf.local to start ifstated:
ifstated_flags=""
Finally, create an /etc/ifstated.conf. Mine is simple. It looks for
"status: active" in the ifconfig output, and it pings a router two hops up
from me that should always be online:
init-state pppoe_status
pppoe_check = '( "ifconfig pppoe0 | grep \"status: active\" && ping -q -c 1
-w 2 NNN.NNN.NNN.NNN > /dev/null" every 10)'
# Check to see if we're online.
state pppoe_status {
if $pppoe_check {
set-state pppoe_online
}
if ! $pppoe_check {
set-state pppoe_offline
}
}
state pppoe_online {
init {
run "ifconfig pppoe0 | mail -s 'PPPoE is UP' root@localhost"
run "pkill isakmpd; sleep 2; isakmpd -K; sleep 1; ipsecctl -f
/etc/ipsec.conf"
}
if ! $pppoe_check {
set-state pppoe_offline
}
}
state pppoe_offline {
init {
run "ifconfig pppoe0 | mail -s 'PPPoE is down' root@localhost"
}
if $pppoe_check {
set-state pppoe_online
}
}
