diff --git a/security/openiked-portable/Makefile b/security/openiked-portable/Makefile
index 4d37a5ebfead..a65090b7ea04 100644
--- a/security/openiked-portable/Makefile
+++ b/security/openiked-portable/Makefile
@@ -1,31 +1,32 @@
 PORTNAME=	openiked
 PORTVERSION=	6.9.0
 CATEGORIES=	security net
 MASTER_SITES=	OPENBSD/OpenIKED
 PKGNAMESUFFIX=	-portable
+PORTREVISION=	1
 
 MAINTAINER=	david@lapinbilly.eu
 COMMENT=	IKEv2 daemon
 
 LICENSE=	ISCL
 
 LIB_DEPENDS=	libevent.so:devel/libevent
 
 CONFLICTS_INSTALL=	openiked-[0-9]*
 USES=			cmake ssl
 
 USE_RC_SUBR=	iked
 USERS=		_iked
 GROUPS=		_iked
 
 .include <bsd.port.pre.mk>
 
 .if ${OSREL:R} < 12 && ${SSL_DEFAULT} == "base"
 BROKEN=	requires OpenSSL 1.1.1, upgrade to FreeBSD 12.x/13.x or add DEFAULT_VERSIONS+=ssl=[openssl|libressl*] to /etc/make.conf
 .endif
 
 post-install:
 	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
 	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
 
 .include <bsd.port.post.mk>
diff --git a/security/openiked-portable/files/iked.in b/security/openiked-portable/files/iked.in
index 850c44287707..79df736b6f79 100644
--- a/security/openiked-portable/files/iked.in
+++ b/security/openiked-portable/files/iked.in
@@ -1,69 +1,70 @@
 #!/bin/sh
 
 # $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
 #
 # PROVIDE: iked
 # REQUIRE: LOGIN
 # KEYWORD: shutdown
 #
 # Add these lines to /etc/rc.conf.local or /etc/rc.conf
 # to enable this service:
 #
 # iked_enable (bool):	Set to NO by default.
 #			Set it to YES to enable iked.
 # iked_ramdisk (bool):	Set to NO by default. See below.
 #
 # When iked_ramdisk is set to YES, the rc.d script will make sure
 # all directories exist, but will not generate a key pair if none
 # exists.  The daemon is not started when the key pair no config
 # files are missing.  It is assumed the ramdisk is not populated
 # completely.  When iked_ramdisk is NO, key pairs are created as
 # needed and thr daemon is started unconditionally.
 
 . /etc/rc.subr
 
 name=iked
 desc="IKEv2 daemon"
 rcvar=iked_enable
 
 load_rc_config $name
 
 : ${iked_enable:=NO}
 : ${iked_ramdisk=NO}
 
 command=%%PREFIX%%/sbin/iked
 start_precmd=iked_precmd
+required_modules="ipsec"
 
 iked_config=%%PREFIX%%/etc/iked.conf
 iked_rootdir=%%PREFIX%%/etc/iked
 iked_privkey=${iked_rootdir}/private/local.key
 iked_pubkey=${iked_rootdir}/local.pub
 
 iked_precmd()
 {
 
 	if checkyesno iked_ramdisk; then
 		# Make sure we have our directory hierarchy.
 		for D in ca certs crls export private pubkeys \
 		    pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
 			mkdir -p %%PREFIX%%/etc/iked/$D
 		done
 		chmod 700 %%PREFIX%%/etc/iked/private
 	else
 		# Create a key pair if not already present.
 		if test ! -f $iked_privkey; then
 			/usr/bin/openssl ecparam -genkey -name prime256v1 -noout -out "$iked_privkey"
 			/bin/chmod 600 "$iked_privkey"
 			/usr/bin/openssl ec -in "$iked_privkey" -pubout -out "$iked_pubkey"
 		fi
 	fi
 
 	# We must have a private key and a configuration file.
 	# Don't start iked when those are missing.
 	if test ! \( -f $iked_privkey -a -f $iked_config \); then
 		# Be quiet about it; it must be intentional.
 		exit 1
 	fi
 }
 
 run_rc_command "$1"