Sundry Other Stuff

This is a list of other odds and ends associated with configuring and running a wireless network.

Client Boot Ordering

Given the configuration of a wireless network via a PCMCIA card using IPSEC, there is a need to make some changes in the order in which various daemons are started. Specifically, IPSEC must not start until the wireless link is functioning, which does not happen until the PCMCIA system is running. On systems using chkconfig such as RedHat, this can be done by first running the command chkconfig --del ipsec to remove the existing links and then editing the file /etc/rc.d/init.d/ipsec and changing the line 
# chkconfig: 2345 47 68
to 
# chkconfig: 2345 75 89

Now run the command chkconfig --add ipsec to set the new ordering. Note that the shutdown order is also changed, since the IPSEC link is best not broken until all the network traffic is stopped.

This change will move IPSEC initialisation after the PCMCIA card startup (and allows some time for the link to be established). It also moves IPSEC shutdown to just before network shutdown, and long before PCMCIA cards are stopped.

Client Suspend Processing

The IPSEC channel needs to be restarted when resuming from suspend mode. This is easily done with a slight change to the /etc/sysconfig/apmd file. Specifically, change the line 
RESTORESERVICES="named"
to 
RESTORESERVICES="network ipsec named netfs autofs"

The named entry may not be required if you are not running a nameserver; it was in the file, so I left it in. The additions restart the network, which will include requesting a new DHCP lease if required, and also restarts the IPSEC channel and remote file systems. Other entries may be required if you use other facilities.


Real Security

Version: $Revision: 1.2 $; Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris