Here's a patch that should start ipsecctl in the appropriate place in
/etc/rc during boot. I know this would be very handy for me if it were
in /etc/rc

Jason

Index: rc
================================================== =================
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.277
diff -u -r1.277 rc
--- rc 12 Jan 2006 21:54:15 -0000 1.277
+++ rc 13 Jan 2006 22:31:47 -0000
@@ -326,6 +326,12 @@
echo 'starting isakmpd'; isakmpd ${isakmpd_flags}
fi

+if [ X"${ipsec}" != X"NO" ]; then
+ if [ -f ${ipsec_rules} ]; then
+ ipsecctl -f ${ipsec_rules}
+ fi
+fi
+
echo -n 'starting initial daemons:'

# $portmap is imported from /etc/rc.conf;
Index: rc.conf
================================================== =================
RCS file: /cvs/src/etc/rc.conf,v
retrieving revision 1.109
diff -u -r1.109 rc.conf
--- rc.conf 16 Nov 2005 09:19:36 -0000 1.109
+++ rc.conf 13 Jan 2006 22:31:47 -0000
@@ -61,6 +61,7 @@
lockd=NO
amd=NO
pf=NO # Packet filter / NAT
+ipsec=NO # IPsec
portmap=NO # Note: inetd(8) rpc services need portmap too
inetd=YES # almost always needed
check_quotas=YES # NO may be desirable in some YP environments
@@ -85,6 +86,7 @@
syslogd_flags= # add more flags, ie. "-u -a /chroot/dev/log"
pf_rules=/etc/pf.conf # Packet filter rules file
pflogd_flags= # add more flags, ie. "-s 256"
+ipsec_rules=/etc/ipsec.conf # IPsec rules file
afsd_flags= # Flags passed to afsd
shlib_dirs= # extra directories for ldconfig, separated
# by space